urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
204.2.209.170  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cosmeticcriminals.ca/
Effective URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Submission: On May 22 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 68 IPs in 3 countries across 51 domains to perform 245 HTTP transactions. The main IP is 204.2.209.170, located in Dawsonville, United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 80089.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.2.133.237 393259 (YOTTAA-AS-1)
1 14 204.2.209.170 393259 (YOTTAA-AS-1)
2 14 2606:4700:440... 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:4e42:600... 54113 (FASTLY)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2606:4700:440... 13335 (CLOUDFLAR...)
3 151.101.66.133 54113 (FASTLY)
5 35.190.10.96 15169 (GOOGLE)
5 2606:4700:440... 13335 (CLOUDFLAR...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
5 2607:f8b0:400... 15169 (GOOGLE)
3 2600:9000:219... 16509 (AMAZON-02)
2 104.26.13.205 13335 (CLOUDFLAR...)
3 2001:4860:480... 15169 (GOOGLE)
1 2600:9000:250... 16509 (AMAZON-02)
2 3 2607:f8b0:400... 15169 (GOOGLE)
1 2 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
3 2607:f8b0:400... 15169 (GOOGLE)
6 13.249.39.90 16509 (AMAZON-02)
2 44.214.87.142 14618 (AMAZON-AES)
1 2600:9000:247... 16509 (AMAZON-02)
2 2 3.212.194.247 14618 (AMAZON-AES)
2 13.249.39.116 16509 (AMAZON-02)
2 3 68.67.160.132 29990 (ASN-APPNEX)
4 4 3.33.220.150 16509 (AMAZON-02)
1 1 172.253.122.155 15169 (GOOGLE)
1 1 69.173.151.100 26667 (RUBICONPR...)
1 2 172.64.151.101 13335 (CLOUDFLAR...)
1 204.2.133.133 393259 (YOTTAA-AS-1)
1 34.102.147.248 396982 (GOOGLE-CL...)
5 151.101.1.21 54113 (FASTLY)
1 23.4.234.235 16625 (AKAMAI-AS)
1 52.85.132.57 16509 (AMAZON-02)
3 2600:9000:24f... 16509 (AMAZON-02)
2 2a04:4e42:77::84 54113 (FASTLY)
2 2a03:2880:f00... 32934 (FACEBOOK)
2 2a04:4e42:400... 54113 (FASTLY)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
10 23.212.248.20 20940 (AKAMAI-ASN1)
4 2600:9000:226... 16509 (AMAZON-02)
2 34.120.253.250 396982 (GOOGLE-CL...)
3 2606:4700:440... 13335 (CLOUDFLAR...)
4 142.250.31.148 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
5 34.49.124.132 396982 (GOOGLE-CL...)
2 4 142.251.16.149 15169 (GOOGLE)
2 4 142.251.16.148 15169 (GOOGLE)
4 52.200.20.70 14618 (AMAZON-AES)
15 54.84.133.187 14618 (AMAZON-AES)
3 151.101.193.35 54113 (FASTLY)
2 151.101.1.140 54113 (FASTLY)
2 34.98.67.3 396982 (GOOGLE-CL...)
1 34.200.38.209 14618 (AMAZON-AES)
1 34.248.202.189 16509 (AMAZON-02)
2 192.229.210.155 15133 (EDGECAST)
11 34.98.72.95 396982 (GOOGLE-CL...)
8 23.220.136.202 16625 (AKAMAI-AS)
4 2a03:2880:f10... 32934 (FACEBOOK)
2 108.138.64.85 16509 (AMAZON-02)
6 18.67.65.80 16509 (AMAZON-02)
2 2 35.244.154.8 15169 (GOOGLE)
1 34.149.235.45 396982 (GOOGLE-CL...)
1 34.149.145.47 396982 (GOOGLE-CL...)
1 34.120.163.217 396982 (GOOGLE-CL...)
13 192.225.157.157 30286 (THM)
1 2600:1901:0:5... 15169 (GOOGLE)
1 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
2 34.149.130.207 15169 (GOOGLE)
8 34.111.8.32 396982 (GOOGLE-CL...)
1 1 172.253.63.154 15169 (GOOGLE)
245 68
1    204.2.133.237 (United States)

ASN393259 (YOTTAA-AS-1, US)
cosmeticcriminals.ca
14    204.2.209.170 (Dawsonville, United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
14    2606:4700:4400::ac40:9ba6 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.media.amplience.net
2    2607:f8b0:4004:c0b::5d (Washington, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
1    2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
2    2607:f8b0:4004:c0b::5b (Washington, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
2    2606:4700:4400::6812:26d1 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.static.amplience.net
3    151.101.66.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
5    35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com
collector-pxxt4gy2ig.px-cloud.net
5    2606:4700:4400::6812:25a1 (United States)

ASN13335 (CLOUDFLARENET, US)
sdk.iad-05.braze.com
12    2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
5    2607:f8b0:4004:c19::61 (Washington, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2600:9000:2191:9a00:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
2    104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
3    2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2600:9000:2508:6600:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
3    2607:f8b0:4004:c08::63 (Washington, United States)

ASN15169 (GOOGLE, US)
www.google.com
2    2607:f8b0:4004:c1d::9d (Washington, United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
3    2607:f8b0:4004:c08::9c (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
6    13.249.39.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-39-90.iad89.r.cloudfront.net
async-px.dynamicyield.com
2    44.214.87.142 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-214-87-142.compute-1.amazonaws.com
api.cquotient.com
1    2600:9000:2479:a800:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
2    3.212.194.247 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-194-247.compute-1.amazonaws.com
pixel.pointmediatracker.com
2    13.249.39.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-39-116.iad89.r.cloudfront.net
cdn.blisspointmedia.com
3    68.67.160.132 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
ib.adnxs.com
4    3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
1    172.253.122.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f155.1e100.net
cm.g.doubleclick.net
1    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    172.64.151.101 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    204.2.133.133 (United States)

ASN393259 (YOTTAA-AS-1, US)
qoe-1.yottaa.net
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
5    151.101.1.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    23.4.234.235 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-4-234-235.deploy.static.akamaitechnologies.com
static.ordergroove.com
1    52.85.132.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-132-57.iad50.r.cloudfront.net
t.contentsquare.net
3    2600:9000:24f5:3400:13:d6f4:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.usehero.com
2    2a04:4e42:77::84 (United States)

ASN54113 (FASTLY, US)
s.pinimg.com
2    2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
10    23.212.248.20 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-212-248-20.deploy.static.akamaitechnologies.com
analytics.tiktok.com
4    2600:9000:2269:b000:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
2    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
3    2606:4700:4400::ac40:91b7 (United States)

ASN13335 (CLOUDFLARENET, US)
elfcosmetics.a.bigcontent.io
4    142.250.31.148 (United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f148.1e100.net
ad.doubleclick.net
2    2607:f8b0:4004:c21::65 (Washington, United States)

ASN15169 (GOOGLE, US)
analytics.google.com
5    2607:f8b0:4004:c1b::5e (Washington, United States)

ASN15169 (GOOGLE, US)
www.google.ca
5    34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com
sgtm.elfcosmetics.com
4    142.251.16.149 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f149.1e100.net
9231397.fls.doubleclick.net
4    142.251.16.148 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f148.1e100.net
10742279.fls.doubleclick.net
4    52.200.20.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-20-70.compute-1.amazonaws.com
c.contentsquare.net
15    54.84.133.187 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-133-187.compute-1.amazonaws.com
api.usehero.com
3    151.101.193.35 (San Francisco, United States)

ASN54113 (FASTLY, US)
t.paypal.com
2    151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
alb.reddit.com
2    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
tags.rd.linksynergy.com
1    34.200.38.209 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-38-209.compute-1.amazonaws.com
external-api.jebbit.com
1    34.248.202.189 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-202-189.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
2    192.229.210.155 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
11    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
8    23.220.136.202 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-136-202.deploy.static.akamaitechnologies.com
ct.pinterest.com
4    2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    108.138.64.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-64-85.iad12.r.cloudfront.net
cdn-scripts.signifyd.com
6    18.67.65.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-65-80.iad89.r.cloudfront.net
upload.usehero.com
2    35.244.154.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
1    34.149.235.45 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 45.235.149.34.bc.googleusercontent.com
data.cdnbasket.net
1    34.149.145.47 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 47.145.149.34.bc.googleusercontent.com
page.cdnbasket.net
1    34.120.163.217 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 217.163.120.34.bc.googleusercontent.com
view.cdnbasket.net
13    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
ids.cdnwidget.com
1    192.225.158.1 (United States)

ASN30286 (THM, US)
h.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
w2txo5aa3cfvzjhua3cgl2acntof33yupyka5hvw89a550ea7716fdfbsac.d.aa.online-metrix.net
2    34.149.130.207 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
8    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
1    172.253.63.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f154.1e100.net
www.googleadservices.com
Apex Domain
Subdomains		 Transfer
24 usehero.com
cdn.usehero.com — Cisco Umbrella Rank: 63708
api.usehero.com — Cisco Umbrella Rank: 59256
upload.usehero.com — Cisco Umbrella Rank: 97998
343 KB
19 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 80089
sgtm.elfcosmetics.com — Cisco Umbrella Rank: 175866
353 KB
18 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
cm.g.doubleclick.net — Cisco Umbrella Rank: 272
ad.doubleclick.net — Cisco Umbrella Rank: 159
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 303078
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 265357
3 KB
16 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 14154
cdn.static.amplience.net — Cisco Umbrella Rank: 51671
6 MB
15 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8143
imgs.signifyd.com — Cisco Umbrella Rank: 6962
69 KB
12 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 2384
api.bounceexchange.com — Cisco Umbrella Rank: 2673
302 KB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 312
170 KB
10 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 712
270 KB
10 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 8814
st.dynamicyield.com — Cisco Umbrella Rank: 8494
async-px.dynamicyield.com — Cisco Umbrella Rank: 8693
248 KB
8 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 902
4 KB
8 paypal.com
www.paypal.com — Cisco Umbrella Rank: 2954
t.paypal.com — Cisco Umbrella Rank: 3518
125 KB
7 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 2244
758 B
6 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 3447
c.contentsquare.net — Cisco Umbrella Rank: 4542
srm.ba.contentsquare.net — Cisco Umbrella Rank: 17473
k-aeu1.contentsquare.net Failed
74 KB
5 google.ca
www.google.ca — Cisco Umbrella Rank: 10035
316 B
5 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 37156
external-api.jebbit.com — Cisco Umbrella Rank: 37043
61 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
analytics.google.com — Cisco Umbrella Rank: 154
423 B
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
496 KB
5 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 2594
1 KB
5 px-cloud.net
collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 212179
2 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
4 KB
4 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 691
match.adsrvr.org — Cisco Umbrella Rank: 358
2 KB
4 youtube.com
www.youtube.com — Cisco Umbrella Rank: 64
16 KB
4 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 25251 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 10654
1 MB
3 cdnwidget.com
ids.cdnwidget.com — Cisco Umbrella Rank: 3992
pd.cdnwidget.com — Cisco Umbrella Rank: 3940
idr.cdnwidget.com — Cisco Umbrella Rank: 8161
1 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 5153
page.cdnbasket.net — Cisco Umbrella Rank: 5166
view.cdnbasket.net — Cisco Umbrella Rank: 5161
1014 B
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 152476
8 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 345
14 KB
3 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 482
ib.adnxs.com — Cisco Umbrella Rank: 257
3 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
21 KB
2 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 2560
w2txo5aa3cfvzjhua3cgl2acntof33yupyka5hvw89a550ea7716fdfbsac.d.aa.online-metrix.net
438 B
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 456
836 B
2 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2599
16 KB
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 8843
tags.rd.linksynergy.com — Cisco Umbrella Rank: 5535
717 B
2 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1376
735 B
2 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 4545
6 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1160
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
73 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 911
22 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635
2 KB
2 blisspointmedia.com
cdn.blisspointmedia.com — Cisco Umbrella Rank: 6220
1 KB
2 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 4581
858 B
2 cquotient.com
api.cquotient.com — Cisco Umbrella Rank: 42720
516 B
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2924
229 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 126
23 B
1 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 29952
43 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 7849
15 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 404
915 B
1 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 9324
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 533
305 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 776
24 KB
1 cosmeticcriminals.ca
cosmeticcriminals.ca
332 B
245 51
Domain Requested by
15 api.usehero.com cdn.usehero.com
analytics.tiktok.com
14 cdn.media.amplience.net 2 redirects www.elfcosmetics.com
14 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
13 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
12 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
11 assets.bounceexchange.com www.elfcosmetics.com
10 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
8 ct.pinterest.com s.pinimg.com
analytics.tiktok.com
www.elfcosmetics.com
7 events.bouncex.net
6 upload.usehero.com cdn.usehero.com
6 async-px.dynamicyield.com cdn.dynamicyield.com
5 sgtm.elfcosmetics.com www.googletagmanager.com
analytics.tiktok.com
5 www.google.ca
5 www.paypal.com www.elfcosmetics.com
www.paypal.com
analytics.tiktok.com
5 www.googletagmanager.com www.elfcosmetics.com
5 sdk.iad-05.braze.com cdn-fsly.yottaa.net
5 collector-pxxt4gy2ig.px-cloud.net www.elfcosmetics.com
analytics.tiktok.com
4 www.facebook.com
4 c.contentsquare.net t.contentsquare.net
4 10742279.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 9231397.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 ad.doubleclick.net
4 js.jebbit.com www.elfcosmetics.com
4 www.youtube.com www.elfcosmetics.com
3 t.paypal.com
3 elfcosmetics.a.bigcontent.io
3 bat.bing.com www.elfcosmetics.com
3 cdn.usehero.com www.elfcosmetics.com
cdn.usehero.com
3 match.adsrvr.org 3 redirects
3 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
3 www.google.com 2 redirects
3 www.google-analytics.com www.elfcosmetics.com
www.google-analytics.com
3 cdn.dynamicyield.com www.elfcosmetics.com
3 cdn-fsly.yottaa.net www.elfcosmetics.com
2 idsync.rlcdn.com 2 redirects
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 www.paypalobjects.com www.elfcosmetics.com
2 alb.reddit.com
2 analytics.google.com www.googletagmanager.com
2 tag.wknd.ai www.elfcosmetics.com
2 www.redditstatic.com www.elfcosmetics.com
www.redditstatic.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 dsum-sec.casalemedia.com 1 redirects
2 secure.adnxs.com 1 redirects www.googletagmanager.com
2 cdn.blisspointmedia.com
2 pixel.pointmediatracker.com 2 redirects
2 api.cquotient.com cdn-fsly.yottaa.net
2 googleads.g.doubleclick.net 1 redirects www.elfcosmetics.com
2 api.ipify.org cdn-fsly.yottaa.net
2 cdn.static.amplience.net www.elfcosmetics.com
1 www.googleadservices.com 1 redirects
1 idr.cdnwidget.com
1 api.bounceexchange.com www.elfcosmetics.com
1 pd.cdnwidget.com analytics.tiktok.com
1 w2txo5aa3cfvzjhua3cgl2acntof33yupyka5hvw89a550ea7716fdfbsac.d.aa.online-metrix.net
1 h.online-metrix.net imgs.signifyd.com
1 ids.cdnwidget.com analytics.tiktok.com
1 view.cdnbasket.net analytics.tiktok.com
1 page.cdnbasket.net analytics.tiktok.com
1 data.cdnbasket.net analytics.tiktok.com
1 tags.rd.linksynergy.com
1 srm.ba.contentsquare.net t.contentsquare.net
1 external-api.jebbit.com js.jebbit.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 t.contentsquare.net www.elfcosmetics.com
1 static.ordergroove.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 pixel.rubiconproject.com 1 redirects
1 ib.adnxs.com 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 insight.adsrvr.org 1 redirects
1 js.cnnx.link www.googletagmanager.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 st.dynamicyield.com www.elfcosmetics.com
1 code.jquery.com www.elfcosmetics.com
1 cosmeticcriminals.ca 1 redirects
0 k-aeu1.contentsquare.net Failed t.contentsquare.net
245 79
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-25 -
2024-10-25		 a year crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-20 -
2024-08-14		 a year crt.sh
*.google.com
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2023-09-13 -
2024-10-14		 a year crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA		 2023-08-15 -
2024-09-13		 a year crt.sh
sdk.iad-05.braze.com
E1		 2024-04-19 -
2024-07-18		 3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2024-03-01 -
2024-12-31		 10 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M02		 2023-09-03 -
2024-10-01		 a year crt.sh
ipify.org
GTS CA 1P5		 2024-05-19 -
2024-08-17		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.cquotient.com
Amazon RSA 2048 M02		 2024-03-05 -
2025-04-02		 a year crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2023-07-11 -
2024-08-07		 a year crt.sh
tag.rmp.rakuten.com
GTS CA 1D4		 2024-03-31 -
2024-06-29		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2023-08-04 -
2024-08-17		 a year crt.sh
t.contentsquare.net
Amazon RSA 2048 M01		 2023-09-13 -
2024-10-11		 a year crt.sh
*.usehero.com
Amazon RSA 2048 M02		 2023-08-28 -
2024-09-24		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-31 -
2024-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-02-29 -
2024-05-29		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-08 -
2024-07-06		 6 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02		 2024-05-01 -
2024-06-27		 2 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M02		 2024-04-23 -
2025-05-21		 a year crt.sh
tag.wknd.ai
R3		 2024-05-18 -
2024-08-16		 3 months crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2024-04-02 -
2025-05-03		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
sgtm.elfcosmetics.com
WR3		 2024-05-14 -
2024-08-13		 3 months crt.sh
dep.bf.contentsquare.net
Amazon RSA 2048 M03		 2024-02-18 -
2025-03-19		 a year crt.sh
api.usehero.com
Amazon RSA 2048 M03		 2024-01-06 -
2025-02-03		 a year crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-09-21 -
2024-10-21		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-01-15 -
2024-07-13		 6 months crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2024-01-23 -
2025-01-22		 a year crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-11-07 -
2024-12-06		 a year crt.sh
assets.bounceexchange.com
WR3		 2024-05-18 -
2024-08-16		 3 months crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M01		 2023-07-03 -
2024-07-31		 a year crt.sh
data.cdnbasket.net
GTS CA 1D4		 2024-05-04 -
2024-08-02		 3 months crt.sh
page.cdnbasket.net
GTS CA 1D4		 2024-05-11 -
2024-08-09		 3 months crt.sh
view.cdnbasket.net
GTS CA 1D4		 2024-05-15 -
2024-08-13		 3 months crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
ids.cdnwidget.com
R3		 2024-05-11 -
2024-08-09		 3 months crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-03-20 -
2024-10-21		 7 months crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-03-20 -
2024-10-21		 7 months crt.sh
pd.cdnwidget.com
R3		 2024-05-11 -
2024-08-09		 3 months crt.sh
*.wunderkind.co
R3		 2024-04-04 -
2024-07-03		 3 months crt.sh
idr.cdnwidget.com
R3		 2024-05-11 -
2024-08-09		 3 months crt.sh

This page contains 17 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Frame ID: 4A986F5F7133AA51085A738F351A493C
Requests: 199 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: 89050E04F0549F4EAB4D812F8255BB59
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: CC2DFDB24C58BC3EDE297BDEF3273239
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CI779ZS0oYYDFbPDwgQdr5QAjg;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=2136714823;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 5ECFB4415CC8A6C22D220F855E954767
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CIPa-JS0oYYDFdrHwgQdM1UPPg;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1187198223;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 9E2D0A7F4615A44D4403A8D7FB56FD1B
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.0&integrationType=SDK
Frame ID: 34B063DE08A22BBB0B3314A9A5A94AB7
Requests: 1 HTTP requests in this frame

Frame: https://cdn.usehero.com/plugin.5.46.0.js
Frame ID: 35B2F631459E78B4BCB069F0A7F79C96
Requests: 13 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 57A67FF54EDC8112B234FB20DE38E608
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 76868BDF6C852E6945156F00A23790DC
Requests: 1 HTTP requests in this frame

Frame: https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Frame ID: 47297C4BE31D426871434C9B549F3538
Requests: 3 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 8FA58C511112809C3F9A18DFC2EEAF33
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Frame ID: 04433456FE657F2869AED7996480A685
Requests: 11 HTTP requests in this frame

Frame: https://imgs.signifyd.com/M5awmZZEGP-Igw_f?dee9f076ba7df322=c6ldMQ81rwwxe-JqUay8PdGTj-TaifkFEaunfL9vqH0mLfcIQznN-CAbD2MfLveuIOyqECoSNoenBkRw4ip_WGtvzlcAmpn-jXwA_kJU363hzxEudhhrvMhOwQwpQkPCUKnsbXSChv4tko2nNgBeyPE5JDikYYSIQU7NGR8Bq6TMx2zc4BcMP6RPoZXdef9i9_9tVELdvUlB8hLMJA8Ni1vQMh2XBA
Frame ID: D2F917BC39923D2F5E54917B62491C12
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/C-i03DXwvp157F7-?6fbb08e3620e810c=fEcSJOpV18Kv6__BQM3FduxplrY2uzkr_aHYvXBtlpJ6kpar8lfZq91dkIObQCcpdIAbb7YEnluObVUr1ldRQk5JcKW2TyfpegdgB7P10Hsbylo_oEsHgyXmA8OogZMT6_i8h8paObpb4k3S8dFLZEF7eVCChDm86cz4uQlfTsyuX3982JmHHDGs9eFpJts9GVrxPzTPYse13mVPa2ggIauNWJtiXfk
Frame ID: 77F2C5DD0E80DAB720A52872D50C89BA
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/A4RprG_E2Xg8PNXZ?4960819af25efa3a=bkRCHSDYittE9cEWCwgck8sX6KZ622bEStLXLL7ppwthnvPEEfNoPtNPqkanC__r_VtsuOOWoKOg8ra1gEhNxbMLMasS46UBvDhlPw1vQ-KXyGHvIfIsxfpGnpU4td1_nn6Br2BuecCOnqD9_HQt9Uelc06De7SkMGQoFqXruGxTSUq45XerpqfPBzkJaBybsFKuOP235ulIuxrfYs5ntcm4p6e2PvY
Frame ID: 454B2E45136C4821B950FEE1E94921AB
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CKue85m0oYYDFU7EwgQdblkKCw;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1591509944;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 3D904DFCBF524FA3A18B3469991BD53B
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CPir85m0oYYDFa4BrQYdHUAPHQ;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=465513792;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 6701F05E8523EF83732D8F9AEB80483E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

  1. https://cosmeticcriminals.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

245
Requests

94 %
HTTPS

36 %
IPv6

51
Domains

79
Subdomains

68
IPs

3
Countries

10376 kB
Transfer

21424 kB
Size

90
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cosmeticcriminals.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 14
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 33
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=Q1HWMS1-xE_pGfjN_w23njSySJcjxM38FrYWCJLbH9U HTTP 303
  • https://www.elfcosmetics.com/callback?usid=db9b3310-e9ba-46c1-88ae-0422884b8aed&code=z32UqRe2BpJtSCmiK8ykVxhfqySe_Qgw_Fp--Q2-quk
Request Chain 39
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=1737957495.1716386011&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He45k0n81WL3STMXv896608294za200&auid=946854222.1716386011 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=1737957495.1716386011&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He45k0n81WL3STMXv896608294za200&auid=946854222.1716386011
Request Chain 61
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c8d4ebba-f605-48c0-91fa-ce595ecbdec6&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=581043581 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 62
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Request Chain 63
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NTA4YjdkZDktN2JmYi00NDNiLTkwMGMtNjhlNDc5NzFhNjc3&gdpr=0&gdpr_consent=&ttd_tdid=508b7dd9-7bfb-443b-900c-68e47971a677 HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=508b7dd9-7bfb-443b-900c-68e47971a677&google_gid=CAESEPO6GMPlo21WQcl2nVMUw0c&google_cver=1 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=508b7dd9-7bfb-443b-900c-68e47971a677 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=865126135440480772&ttd_tdid=508b7dd9-7bfb-443b-900c-68e47971a677 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=508b7dd9-7bfb-443b-900c-68e47971a677&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=508b7dd9-7bfb-443b-900c-68e47971a677&expiration=1718978013&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=508b7dd9-7bfb-443b-900c-68e47971a677&expiration=1718978013&gdpr=0&gdpr_consent=&C=1
Request Chain 111
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=2136714823;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CI779ZS0oYYDFbPDwgQdr5QAjg;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=2136714823;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 112
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1187198223;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CIPa-JS0oYYDFdrHwgQdM1UPPg;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1187198223;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 172
  • https://idsync.rlcdn.com/458359.gif?partner_uid=1ad34e64-89c0-4acb-bb50-f1f71007cad7 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDFhZDM0ZTY0LTg5YzAtNGFjYi1iYjUwLWYxZjcxMDA3Y2FkNxAAGg0I3_G3sgYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=224f0c713094b3bad39c2727164de2d784636dbbb6a37968819fab3bcb13ec566ac34734d8e453ee
Request Chain 208
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=287953598&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e45g0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=946854222.1716386011&bttype=purchase&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1032983597&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e45g0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=946854222.1716386011&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlv9BnYzfDgNpuanhzOLNBG9P8DVgnk5NDgA&pscrd=IhMI4LO0l7ShhgMVsw5oCB2IcQfWMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1032983597&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e45g0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=946854222.1716386011&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI4LO0l7ShhgMVsw5oCB2IcQfWMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQDaQooLkWhtaqxrielHcFgSTiMUKtJVPv-xf6EjV4tK6qewuCgxOj0-&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlv1yaLT-DBho4nXOk8gIcJBoSImKgrT_h_A&random=625798512 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1032983597&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e45g0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=946854222.1716386011&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI4LO0l7ShhgMVsw5oCB2IcQfWMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQDaQooLkWhtaqxrielHcFgSTiMUKtJVPv-xf6EjV4tK6qewuCgxOj0-&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlv1yaLT-DBho4nXOk8gIcJBoSImKgrT_h_A&random=625798512&ipr=y
Request Chain 233
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c8d4ebba-f605-48c0-91fa-ce595ecbdec6&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=New&gtmcb=2049161049 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 242
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1591509944;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CKue85m0oYYDFU7EwgQdblkKCw;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1591509944;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 243
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=465513792;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CPir85m0oYYDFa4BrQYdHUAPHQ;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=465513792;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

245 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.com/en_CA/
Redirect Chain
  • https://cosmeticcriminals.ca/
  • https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
920 KB
234 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b44806b1dcf5bd6b5c8a366c6e018bb3d98c460ab14ccf7060497b04f3a077f3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
238352
content-type
text/html; charset=utf-8
date
Wed, 22 May 2024 13:53:27 GMT
etag
W/"c8c47-0N3eikeZwKgLg3ouMALYOva+Z50"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
via
1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront)
x-amz-apigw-id
YLPRYGkciYcEORg=
x-amz-cf-id
yFjNL3tfqSxo31BQp_JbgwWZ6PQ_dSVHJwekBuau7tICa-3UrjPFRg==
x-amz-cf-pop
DFW57-P1
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
822343
x-amzn-remapped-date
Wed, 22 May 2024 13:53:27 GMT
x-amzn-requestid
40a83740-8854-4aa8-868b-15e41eda57f6
x-amzn-trace-id
Root=1-664df8d5-476348712b853d391ee593a7;Parent=726c3bc8e58e997a;Sampled=0;lineage=2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
3221a5fec661/[2443,2341,-] 32D1cc02d1aa/[-,2547.529]
x-yottaa-optimizations
ob/1000000100001000 si/32D1cc02d1aa-1715874284-7916460160 tts/1716231463926 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1198
content-type
text/html; charset=utf-8
date
Wed, 22 May 2024 13:53:24 GMT
location
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658f1d96d931403bb4ae399a rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
25D1cc0285ed/[-,0.134]
x-yottaa-optimizations
ob/0 si/25D1cc0285ed-1716292592-2660446343 tts/1716386004586 ti/0 ai/658f1d96d931403bb4ae399a
init.js
www.elfcosmetics.com/XT4Gy2ig/ 		169 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
3bdee26eaec3fcd8e0ed3d66414450f63e2a3c770dccea8c8512f9599798a9c6

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
content-encoding
gzip
x-yottaa-optimizations
ob/0 si/32D1cc02d1aa-1715874284-7916460176 tts/1716386008256 ti/0 ai/5a0c9b7632f01c35d42101b2
x-guploader-uploadid
ABPtcPo-0ym0dVwzB71cAmnY4oP7IeSJ5tIIvuJUy4P-Xq8nIjLX7NoPyYM7IyJx9iAMoax1u7Y
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
last-modified
Wed, 22 May 2024 13:32:07 GMT
active-cdn
Akamai
etag
"42cda21f55f00dcf5e379d45996a47c4"
vary
Accept-Encoding, Accept-Encoding
x-goog-generation
1716384727747846
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-goog-hash
crc32c=zuYY9A==, md5=Qs2iH1XwDc9eN51FmWpHxA==
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-yottaa-metrics
32D1cc02d1aa/[-,206.962]
x-goog-stored-content-length
172593
x-amz-checksum-crc32c
zuYY9A==
accept-ranges
bytes
expires
Wed, 22 May 2024 13:59:37 GMT
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/ 		0
0
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11163
x-amp-srv
CF
edge-cache-tag
6QGOL8iQ5,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
LP5bY-0NbN
alt-svc
h3=":443"; ma=86400
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
last-modified
Wed, 22 May 2024 10:47:25 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
x-amp-source-width
3199
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4ae9684c39fb-YYZ
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
205 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11164
x-amp-srv
CF
edge-cache-tag
kMq3N7j6s,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
QitStXCTy-
alt-svc
h3=":443"; ma=86400
content-length
209440
x-xss-protection
1; mode=block
x-amp-source-height
340
last-modified
Wed, 22 May 2024 10:47:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
x-amp-source-width
800
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4ae9684639fb-YYZ
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
bxGKZ6lfJ7A
www.youtube.com/embed/ Frame 8905 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:28 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
rZPCKoUReO0
www.youtube.com/embed/ Frame CC2D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy-report-only
base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-j3EiRD6nh-3qpmu1GS9mFw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:28 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11163
x-amp-srv
CF
edge-cache-tag
7Rff9IgA7,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
27Kte03EkG
alt-svc
h3=":443"; ma=86400
content-length
2085695
x-xss-protection
1; mode=block
x-amp-source-height
1484
last-modified
Wed, 22 May 2024 10:47:25 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
x-amp-source-width
3080
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4ae9685039fb-YYZ
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11164
x-amp-srv
CF
edge-cache-tag
h8yrLWf0O,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
vlCqFORosl
alt-svc
h3=":443"; ma=86400
content-length
338113
x-xss-protection
1; mode=block
x-amp-source-height
1062
last-modified
Wed, 22 May 2024 10:47:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
x-amp-source-width
2806
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4ae9685239fb-YYZ
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11164
x-amp-srv
CF
edge-cache-tag
NYRi4Rnbx,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
k3e6V7Pu9B
alt-svc
h3=":443"; ma=86400
content-length
184181
x-xss-protection
1; mode=block
x-amp-source-height
1108
last-modified
Wed, 22 May 2024 10:47:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
x-amp-source-width
1952
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4ae9684e39fb-YYZ
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11164
x-amp-srv
CF
edge-cache-tag
Km51cankb,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
gTzhVvE8EB
alt-svc
h3=":443"; ma=86400
content-length
628288
x-xss-protection
1; mode=block
x-amp-source-height
525
last-modified
Wed, 22 May 2024 10:47:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
x-amp-source-width
3200
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4ae9685339fb-YYZ
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
7801881
x-cache
HIT, HIT
content-length
24036
x-served-by
cache-lga21942-LGA, cache-yyz4521-YYZ
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1716386009.553590,VS0,VE0
etag
W/"28feccc0-11278"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
1313, 3264
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4ca9cff4c3e7fefab522786421cf297a56db58f69a66b067eeda886528a2f7eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Wed, 22 May 2024 13:53:28 GMT
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::6812:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Wed, 22 May 2024 13:53:30 GMT
x-amz-version-id
null
cf-cache-status
HIT
x-amz-request-id
J4JE81MBB0XKESQ7
age
11165
Content-Range
bytes 0-1060947/1060948
Content-Length
1060948
x-amz-id-2
fV+2Y2xKKHgbehTr9rMobkAoiIoEM8DIO8ti7JQ2Sldv6YTIQcvosgwWSuC6KIAOdKv3Ff5hVLQ=
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
server
cloudflare
etag
"dd3676819bd88a250c875a11e38c307d"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
887d4af55cfa3a06-YYZ

Redirect headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11164
x-amp-srv
CF
edge-cache-tag
bCa5bgUvc,l4p5bDg2e,bgWw7nQ29
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
887d4ae9a89139fb-YYZ
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::6812:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Wed, 22 May 2024 13:53:30 GMT
x-amz-version-id
null
cf-cache-status
HIT
x-amz-request-id
J4J8DJPNXW712G9V
age
11165
Content-Range
bytes 0-1262366/1262367
Content-Length
1262367
x-amz-id-2
YBis8yqlbxpbh3+sVUxV1M9qtIJKuojeDjsI49gXs3t5AfZeRxydMB7rjmIIY3ZA4VweVF9ms9Q=
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
server
cloudflare
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
887d4af55cf83a06-YYZ

Redirect headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11164
x-amp-srv
CF
edge-cache-tag
_9zx3Bzxu,l4p5bDg2e,fH6Lo3_5e
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
887d4ae9a89239fb-YYZ
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin
https://www.elfcosmetics.com
Accept-Language
en-CA,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin
https://www.elfcosmetics.com
Accept-Language
en-CA,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/ 		2 MB
620 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b2e0bde8a120edcd0e126c139ff4c62dc420e43a86bb9e22c92044fdda3fc3ef

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
via
1.1 a1b2735f2a7b650b7f10bffd38aa8ffa.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
ATL58-P9
age
585448
x-yottaa-optimizations
ob/1001 si/33118cae0c65-1714478393-2087086794 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
754922
content-length
634413
x-amz-meta-bundle
11255
x-served-by
cache-yyz4523-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1716386009.506638,VS0,VE2
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
33218cae0c74/[69,10,-] 33118cae0c65/[hit]
accept-ranges
bytes
x-amz-cf-id
0U91ngrnTFW4LwCEHS-NCUdqsBRcPEI_hWag9d3e4WfzM6UksaxnfA==
x-cache-hits
1
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/ 		2 MB
487 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/main.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
48da61030dc7ada6d202c7c6229b40b5f7ba9f6b4246af7399de53a26396ad1e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
via
1.1 76d4de5b65bdf749a3f97445d1b9f4d2.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
JFK50-P2
age
539601
x-yottaa-optimizations
ob/1100 si/3811cc023142-1712927894-1435895349 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
754922
content-length
497669
x-amz-meta-bundle
11255
x-served-by
cache-yyz4523-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1716386009.506618,VS0,VE1
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3821cc023166/[27,-,1715842227241] 3811cc023142/[-,289.576]
accept-ranges
bytes
x-amz-cf-id
wt7iTlByW-Dg8BTHdk486X8h0bUNeObXHkJwEldTv-4CLlblMPTuRQ==
x-cache-hits
1
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
800b2f4dd5a634f1a93c5b8b0d7167c8d7b54ad1e1af535fd272e0ff156fd1b3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
via
1.1 66f329715210d11f7f450b703957691a.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
ATL58-P9
age
585440
x-yottaa-optimizations
ob/1100 si/33118cae0c60-1714478393-1378713925 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Miss from cloudfront, HIT
x-amz-meta-deploy
754922
content-length
11876
x-amz-meta-bundle
11255
x-served-by
cache-yyz4523-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1716386009.506597,VS0,VE1
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
33218cae0ca4/[3,-,1715800562449] 33118cae0c60/[-,7.135]
accept-ranges
bytes
x-amz-cf-id
LfDtAvI-Ap6i8nsHz5d87pIrYHNXEyqP342hc_sKKOFb6ubvCgjNlg==
x-cache-hits
0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		536 B
792 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
e46a6ffab7bc120233c8a2e4c32a09c3331f7a905610f8a2b2e20b69be2aeaed

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
536
PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min
cdn.media.amplience.net/i/elfcosmetics/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c75a0f7c4104d907f8419aeb5f87467a90bce54ef633af1e8a05c6c585c9994d
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11164
x-amp-srv
CF
edge-cache-tag
a3MkK2jck,l4p5bDg2e,5-jG4GMEO,WepA0szpz
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
5DdObiByfg
alt-svc
h3=":443"; ma=86400
content-length
74537
x-xss-protection
1; mode=block
x-amp-source-height
1303
last-modified
Wed, 22 May 2024 10:47:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/avif
access-control-allow-origin
*
x-amp-source-width
855
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4aeb39df39fb-YYZ
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min
cdn.media.amplience.net/i/elfcosmetics/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11164
x-amp-srv
CF
edge-cache-tag
lpw8yikTh,l4p5bDg2e,QvpKILV5P,DtzGFM5oJ
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
6Tu-jdw6rx
alt-svc
h3=":443"; ma=86400
content-length
16698
x-xss-protection
1; mode=block
x-amp-source-height
2000
last-modified
Wed, 22 May 2024 10:47:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/webp
access-control-allow-origin
*
x-amp-source-width
2000
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4aeb5a1639fb-YYZ
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min
cdn.media.amplience.net/i/elfcosmetics/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32aaeee96fd5d4ee55d785e181d136b89e21de673bd8b6e89f4731412ba5aba9
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11163
x-amp-srv
CF
edge-cache-tag
Bkp0_PSvc,l4p5bDg2e,h1qKNVnZ0,WepA0szpz
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
VdLFjQtycB
alt-svc
h3=":443"; ma=86400
content-length
52930
x-xss-protection
1; mode=block
x-amp-source-height
1324
last-modified
Wed, 22 May 2024 10:47:25 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/avif
access-control-allow-origin
*
x-amp-source-width
862
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4aeb5a1839fb-YYZ
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min
cdn.media.amplience.net/i/elfcosmetics/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:28 GMT
cf-cache-status
HIT
age
11164
x-amp-srv
CF
edge-cache-tag
8H38jzjNn,l4p5bDg2e,nb-u70u49,DtzGFM5oJ
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
pCMmZhxn1M
alt-svc
h3=":443"; ma=86400
content-length
20738
x-xss-protection
1; mode=block
x-amp-source-height
2400
last-modified
Wed, 22 May 2024 10:47:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/webp
access-control-allow-origin
*
x-amp-source-width
2400
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4aeb5a1939fb-YYZ
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
887d4af408adab42-YYZ
content-encoding
gzip
date
Wed, 22 May 2024 13:53:30 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a2f825beb3b540a044cdb0515177c34497aa2ce92e335bf1498fa42bb5baf88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Dw6K+rTuf8kOuPIEBw1QQA==
age
82260
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6881
x-ms-lease-status
unlocked
last-modified
Mon, 20 May 2024 02:18:27 GMT
server
cloudflare
etag
0x8DC7873228719CE
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
24f1ef92-c01e-0034-3dd0-aaeec1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
887d4af32d24ac39-YYZ
gtm.js
www.googletagmanager.com/ 		515 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d4cb7d9501e14b564d77989dcf780d2fbb0b77cb2e7ef3e8822c9305ab9118d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:30 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
140647
x-xss-protection
0
last-modified
Wed, 22 May 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 May 2024 13:53:30 GMT
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		500 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2191:9a00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
f1b002aaf41acfbfd77839ad434d75c0945b5f03e45d1b5166fd76545840d7c6

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:07 GMT
content-encoding
gzip
via
1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
last-modified
Tue, 21 May 2024 16:54:16 GMT
server
DYCDN
age
24
x-amz-cf-pop
IAD89-C1
x-amz-server-side-encryption
AES256
etag
W/"15cf4a0b59b071160b0e73459883f6d2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
8DDD-QlhcpwO1Ls8AKSjRaoq4hQaX8G0lgYhguC3QL7tj1FP3rHk4A==
api_static.js
cdn.dynamicyield.com/api/8772046/ 		388 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2191:9a00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 06:16:57 GMT
content-encoding
gzip
via
1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
last-modified
Tue, 21 May 2024 16:54:16 GMT
server
DYCDN
age
27394
x-amz-cf-pop
IAD89-C1
etag
W/"64e0187feba0c97d38f8aabb6e6d66cd"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
0BMB7DmrKnRWF3UMORqg2vf77SSNuZ5kaMKCkLToyg9-bV4Zf2CYsA==
/
api.ipify.org/ 		22 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd2fcef7d826875055046e8579e05ba442c532a159c8bc153db83f07be6b475a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:30 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
887d4af2dce8ab06-YYZ
content-length
22
/
api.ipify.org/ 		22 B
74 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd2fcef7d826875055046e8579e05ba442c532a159c8bc153db83f07be6b475a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:30 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
887d4af42e3dab06-YYZ
content-length
22
/
sdk.iad-05.braze.com/api/v3/data/ 		554 B
626 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75c14cf20be90e7d588982194487d8e92e69a34030c2291430e8ed5dbc4e5ba0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/json
Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:30 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
6b7ea75b-b6eb-4c44-a40f-faca648caa7e
x-runtime
0.194476
server
cloudflare
etag
W/"75c14cf20be90e7d588982194487d8e9"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1716386013
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
887d4af5caa4ab42-YYZ
x-ratelimit-remaining
499.0
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=db9b3310-e9ba-46c1-88ae-0422884b8aed&code=z32UqRe2BpJtSCmiK8ykVxhfqySe_Qgw_Fp--Q2-quk
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=db9b3310-e9ba-46c1-88ae-0422884b8aed&code=z32UqRe2BpJtSCmiK8ykVxhfqySe_Qgw_Fp--Q2-quk
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Wed, 22 May 2024 13:53:31 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 b3ac893abff0a2c3dda216fe4cd9157a.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
DFW57-P1
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
199febba-4959-4f97-bb8b-d696c2441039
x-yottaa-optimizations
ob/1000 si/32D1cc02d1aa-1715874284-7916460197 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
YLPSRGARiYcEEBw=
content-length
0
alt-svc
h3=":443"; ma=86400
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-664df8db-4b0400cb732949661974c5a1;Parent=540337dd654d03d9;Sampled=0;lineage=2b75b0e9:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
3221a5fec618/[183,177,-] 32D1cc02d1aa/[-,185.024]
x-amzn-remapped-date
Wed, 22 May 2024 13:53:31 GMT
x-amz-cf-id
cmZebye85WZko7yRRVnu9RscYDp7_zvq-FigVRqkHqmjkDDHLZPsJw==

Redirect headers

date
Wed, 22 May 2024 13:53:30 GMT
x-correlation-id
887d4af77a130347
via
1.1 848ee9f48eafd6caa6bf5371a2f79f28.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/0 si/32D1cc02d1aa-1715874284-7916460195 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
23419, 1960336
x-ratelimit-1m-reset
29172, 29171
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.com/callback?usid=db9b3310-e9ba-46c1-88ae-0422884b8aed&code=z32UqRe2BpJtSCmiK8ykVxhfqySe_Qgw_Fp--Q2-quk
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=Q1HWMS1-xE_pGfjN_w23njSySJcjxM38FrYWCJLbH9U
x-yottaa-metrics
3221a5fec616/[126,121,-] 32D1cc02d1aa/[-,129.454]
cf-ray
887d4af77a130347-ORD
x-amz-cf-id
a1mnWT2iQjCFFHXn5k-pypkL1O1u9vXkVAAGu83TwE_u0bkIyorf7Q==
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:30 GMT
cf-cache-status
HIT
age
11165
x-amp-srv
CF
edge-cache-tag
6QGOL8iQ5,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
LP5bY-0NbN
alt-svc
h3=":443"; ma=86400
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
last-modified
Wed, 22 May 2024 10:47:25 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
x-amp-source-width
3199
access-control-allow-origin
*
content-type
image/jpeg
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4af2fb43b400-YYZ
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:30 GMT
cf-cache-status
HIT
age
11166
x-amp-srv
CF
edge-cache-tag
kMq3N7j6s,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
QitStXCTy-
alt-svc
h3=":443"; ma=86400
content-length
209440
x-xss-protection
1; mode=block
x-amp-source-height
340
last-modified
Wed, 22 May 2024 10:47:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
x-amp-source-width
800
access-control-allow-origin
*
content-type
image/png
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4af2fb44b400-YYZ
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
14017
content-md5
j7e7fSdncC8T3SCV/IpUig==
content-length
1740
x-ms-lease-status
unlocked
last-modified
Mon, 08 Apr 2024 18:41:03 GMT
server
cloudflare
etag
0x8DC57FB71838BE4
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
c3fb1654-801e-0031-68e4-89d890000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
887d4af6196babab-YYZ
expires
Thu, 23 May 2024 13:53:30 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 22 May 2024 13:30:48 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1363
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 22 May 2024 15:30:48 GMT
st
st.dynamicyield.com/ 		151 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=4uk98uynkiny85xwlssb819upt4rkm7k&ref=&scriptVersion=2.32.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2508:6600:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
80c558a0c676fe84979bf46e6e62857e719e2c52be864d44377918feb464aa65

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:31 GMT
content-encoding
gzip
via
1.1 76f3fedc86826a7b266250e33ee41082.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD12-P1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-cache
x-amz-cf-id
lLyPyZWx6PZPO2DOF2lFYzQX9J-rsIpSCX3Cb3IITaOM-RdpGYhPhA==
expires
Wed, 22 May 2024 13:53:30 GMT
landing
googleads.g.doubleclick.net/pagead/
Redirect Chain
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=1737957495.1716386011&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He45k0n81WL3STMXv89...
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=1737957495.1716386011&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He45k0...
42 B
65 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=1737957495.1716386011&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He45k0n81WL3STMXv896608294za200&auid=946854222.1716386011
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Server
2607:f8b0:4004:c1d::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=1737957495.1716386011&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He45k0n81WL3STMXv896608294za200&auid=946854222.1716386011
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		67 B
305 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66707b7434e14fc523f2fc692e4a190958a02598dd3d9c45ec0f65f90091727b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
accept
application/json
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
887d4afa2a50ab33-YYZ
access-control-allow-headers
Content-Type
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		600 B
664 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
cfc329e99b14fe42a2ce9c3070928619acf5234ce29fb593b04b7b7eee8b6891

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 22 May 2024 13:53:30 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
887d4af81d70ab42-YYZ
content-encoding
gzip
date
Wed, 22 May 2024 13:53:30 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
251 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f56808827934f4b9d6c360f13ed81ab0a4525b71083fc34b67f8029fcbc9c7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
Accept-Language
en-CA,en;q=0.9;q=0.9
X-Braze-ContentCardsRequest
true
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:31 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
5e7f96c4-d517-41a6-91cd-b27e766c0770
x-runtime
0.075200
server
cloudflare
etag
W/"2f56808827934f4b9d6c360f13ed81ab"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1716386013
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
887d4af92e86ab42-YYZ
x-ratelimit-remaining
497.0
collect
www.google-analytics.com/j/ 		4 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1208467942&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dp=%2Fen_CA%2Felf-cosmetic-criminals&ul=en-ca&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=470777413&gjid=1008339408&cid=1227192840.1716386011&tid=UA-432816-1&_gid=1914202003.1716386011&_r=1&_slc=1&gtm=45He45k0n81WL3STMXv896608294za200&gcs=G111&gcd=13t3t3t3t5&dma=0&z=2002458857
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1f98296d54562ea71dadcb6a00bd10a889f33eb1f5752bf8c62df13a8a35ca96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:31 GMT
content-encoding
gzip
x-correlation-id
887d4afb394e5c93
cf-cache-status
DYNAMIC
via
1.1 b5141080f2dac9506b5156fa7721b41c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1cc02d1aa-1715874284-7916460201 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
x-ratelimit-1m-remaining
23407, 1959575
x-ratelimit-1m-reset
28543, 28543
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
3221a5fec6ee/[147,144,-] 32D1cc02d1aa/[-,149.627]
cf-ray
887d4afb394e5c93-ORD
x-amz-cf-id
aB2GJxCApnmkset-nFft9QPuCrx-xw_9xPzW_S8HTx9s6elQlA6NMw==
collect
stats.g.doubleclick.net/j/ 		4 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=1227192840.1716386011&jid=470777413&gjid=1008339408&_gid=1914202003.1716386011&_u=YEBAAEAAAAAAACgAI~&z=2027701425
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 22 May 2024 13:53:32 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202306.1.0/ 		404 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XJk1ZZTljtwHFT3qcIJg+w==
age
16301
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99599
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:36 GMT
server
cloudflare
etag
0x8DB82A15D413626
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
ab8cd6f5-901e-005f-7d08-7c8dbf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
887d4afb4da1ac39-YYZ
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.32.0/ 		196 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2191:9a00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
42997132bd0142564014ac4a809356dc0ceb9b7a90eede2b5b48019f1700cc58

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Apr 2024 06:08:58 GMT
content-encoding
gzip
via
1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
last-modified
Tue, 02 Apr 2024 09:13:12 GMT
server
DYCDN
age
3915874
x-amz-cf-pop
IAD89-C1
etag
W/"65b3e284856fb8d657d1f6a3423618c7"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
FPCn4R74FGHgSGe5WNLFwmb3ueeaPqbhxWGGApVaPkmOwOG3uNIRcw==
uia
async-px.dynamicyield.com/ 		0
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1716386011634
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.39.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-90.iad89.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
via
1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
3fCMVXdWn2MyxJ0SuFwwRyRkuP44ke7BpPmZPTy_OH56718HV3iGHg==
expires
0
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-ecda-7202-9bf3-a2ff4acebe55/ 		158 KB
34 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-ecda-7202-9bf3-a2ff4acebe55/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
009342098f06d5ae7b2186f1076fab177d05b5a481ffe1190535fe501c1cae68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
13066
content-md5
5rS6k6LfUu8toMASIT8lMw==
content-length
34672
x-ms-lease-status
unlocked
last-modified
Mon, 08 Apr 2024 18:41:17 GMT
server
cloudflare
etag
0x8DC57FB7A1265A4
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
abd0a229-b01e-0083-53e4-8927e1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
887d4afce8aaabab-YYZ
expires
Thu, 23 May 2024 13:53:31 GMT
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4YzhjYTI4OC1mMWE2LTRmMDktYjI2OS0wNWQyZWViZmRmMDEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmRiOWIzMzEwLWU5YmEtNDZjMS04OGFlLTA0MjI4ODRiOGFlZCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTYzODU5ODEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjeGVnM3dIa1hrcmFSeHJKR3dxWVlsS2tWOjpjaGlkOiAiLCJleHAiOjE3MTYzODc4MTEsImlhdCI6MTcxNjM4NjAxMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTE3OTQwODc4NDQyMTc4MCJ9.5fZB4rNonkoQFVA4QZFA4l0HN77r463SAPCc56q1WXJCJii6w4HCGDmRQBQUJ_ckgC1YJ0nBWjoP1b9Tse6gOw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:31 GMT
via
1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/0 si/32D1cc02d1aa-1715874284-7916460204 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3221a5fec6f1/[153,150,-] 32D1cc02d1aa/[-,156.455]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
887d4afd7915a3d7-ORD
x-dw-request-base-id
HVpW6tv4TWYBAAB_
x-amz-cf-id
4wvQLiFDFKPgA-A5-esJKU73uCEgyzHKjSUOe9gzgKmpgxfHDTh0zg==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.com/api/v1/ 		135 B
883 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4YzhjYTI4OC1mMWE2LTRmMDktYjI2OS0wNWQyZWViZmRmMDEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmRiOWIzMzEwLWU5YmEtNDZjMS04OGFlLTA0MjI4ODRiOGFlZCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTYzODU5ODEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjeGVnM3dIa1hrcmFSeHJKR3dxWVlsS2tWOjpjaGlkOiAiLCJleHAiOjE3MTYzODc4MTEsImlhdCI6MTcxNjM4NjAxMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTE3OTQwODc4NDQyMTc4MCJ9.5fZB4rNonkoQFVA4QZFA4l0HN77r463SAPCc56q1WXJCJii6w4HCGDmRQBQUJ_ckgC1YJ0nBWjoP1b9Tse6gOw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
application/json
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
135
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
e4051243-849f-4993-8361-fbc5305306a1
x-yottaa-optimizations
ob/1000 si/32D1cc02d1aa-1715874284-7916460205 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
YLPSYFjFiYcEoeg=
content-length
119
alt-svc
h3=":443"; ma=86400
etag
W/"87-WFt3zDSdrvttkMP6rAK367Qj/Rw"
x-amzn-trace-id
Root=1-664df8db-6588c209706583ce6a9d8f3c;Parent=1aecd3e5616016e8;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
3221a5fec6f2/[430,426,-] 32D1cc02d1aa/[-,432.516]
x-amzn-remapped-date
Wed, 22 May 2024 13:53:32 GMT
x-amz-cf-id
OYtz9GHwk5mpQn-yK5F0zTK9X9U8nWcyFC7UE2Rj3HMp7Twose4rkA==
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f56808827934f4b9d6c360f13ed81ab0a4525b71083fc34b67f8029fcbc9c7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
Accept-Language
en-CA,en;q=0.9;q=0.9
X-Braze-ContentCardsRequest
true
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:31 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
8e6f4a18-6d3b-4ff5-8eaa-0236f49e24e1
x-runtime
0.054677
server
cloudflare
etag
W/"2f56808827934f4b9d6c360f13ed81ab"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1716386013
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
887d4afd0ac1ab42-YYZ
x-ratelimit-remaining
495.0
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
902 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.136
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
85461719c1f6479769151df8cad3514d6819310afbe893ec9fc124501c5b1697
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
application/json
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
via
1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
x-yottaa-optimizations
ob/1000 si/32D1cc02d1aa-1715874284-7916460207 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.136
x-yottaa-metrics
3221a5fec6f4/[278,276,-] 32D1cc02d1aa/[-,281.034]
cf-ray
887d4afe5c552b10-ORD
x-dw-request-base-id
DRBzZNv4TWYBAAB_
x-amz-cf-id
OUXUJB6ejO09OU-1zU4QdkhMamrMSmkFwsMM8hneDSYemTErg6OAVQ==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
903 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.136
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
85461719c1f6479769151df8cad3514d6819310afbe893ec9fc124501c5b1697
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
application/json
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:33 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
via
1.1 5ea7f8bcbac3004590a821cdd0466e1c.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
x-yottaa-optimizations
ob/1000 si/32D1cc02d1aa-1715874284-7916460210 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.136
x-yottaa-metrics
3221a5fec6f8/[1253,1251,-] 32D1cc02d1aa/[-,1255.442]
cf-ray
887d4b00ed566183-ORD
x-dw-request-base-id
HVqS6t34TWYBAAB_
x-amz-cf-id
V__2bkaWaTkpkXx4YepTRLFmnNgRtIHZLKJCsTwE4BsBuFpYZr9fpQ==
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bcxeg3wHkXkraRxrJGwqYYlKkV/ 		11 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bcxeg3wHkXkraRxrJGwqYYlKkV/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4YzhjYTI4OC1mMWE2LTRmMDktYjI2OS0wNWQyZWViZmRmMDEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmRiOWIzMzEwLWU5YmEtNDZjMS04OGFlLTA0MjI4ODRiOGFlZCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTYzODU5ODEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjeGVnM3dIa1hrcmFSeHJKR3dxWVlsS2tWOjpjaGlkOiAiLCJleHAiOjE3MTYzODc4MTEsImlhdCI6MTcxNjM4NjAxMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTE3OTQwODc4NDQyMTc4MCJ9.5fZB4rNonkoQFVA4QZFA4l0HN77r463SAPCc56q1WXJCJii6w4HCGDmRQBQUJ_ckgC1YJ0nBWjoP1b9Tse6gOw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
sfdc_customization
HOOK
dnt
0
cf-cache-status
DYNAMIC
x-correlation-id
887d4afe7df35c91
x-content-type-options
nosniff
via
1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
x-yottaa-optimizations
ob/1000 si/32D1cc02d1aa-1715874284-7916460208 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=KgL5KJ.XVKxKVakS8nq3BsSccuV3n684.JMhoqbvVuk-1716386011-1.0.1.1-tBdcoh2YvkqlxjnqlUudUwartjU4lEXKx.qiY0eO.WIuDd2yYhw_OVSY15U1ddMDx204kqI9mGK3kK_bek3rT1ILHipQspJMYPhkjWaUEyyAMR2wqSBCAKincguXBM1RKKYmznqH1nXj35dNuQsGVwDoflQzIJ.1r48HJiWERBXGC6enTgr75IViH7z7v_Mk; report-to cf-csp-endpoint
x-cache
Miss from cloudfront
age
0
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
sfdc_load
2
x-yottaa-metrics
3221a5fec6f6/[149,145,-] 32D1cc02d1aa/[-,151.562]
cache-control
max-age=0,no-cache,no-store
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bcxeg3wHkXkraRxrJGwqYYlKkV/baskets?siteId=elf-us
x-ratelimit-limit
99999
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=KgL5KJ.XVKxKVakS8nq3BsSccuV3n684.JMhoqbvVuk-1716386011-1.0.1.1-tBdcoh2YvkqlxjnqlUudUwartjU4lEXKx.qiY0eO.WIuDd2yYhw_OVSY15U1ddMDx204kqI9mGK3kK_bek3rT1ILHipQspJMYPhkjWaUEyyAMR2wqSBCAKincguXBM1RKKYmznqH1nXj35dNuQsGVwDoflQzIJ.1r48HJiWERBXGC6enTgr75IViH7z7v_Mk"}],"group":"cf-csp-endpoint","max_age":86400}
accept-ranges
bytes
cf-ray
887d4afe7df35c91-ORD
x-amz-cf-id
ncpcOOudRWQ98jT-SYotQ7SiIm_ZeSMq40NP-YkTQWQOUpvgBgX4Ew==
x-yottaa-os
200
viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ 		98 B
516 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.214.87.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-214-87-142.compute-1.amazonaws.com
Software
envoy /
Resource Hash
c74ab43927f246e165175e8b68b6835202f214c5f9ea98058b319c53722b12ba
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
x-cq-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://www.elfcosmetics.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
strict-transport-security
max-age=15552000; includeSubdomains
server
envoy
etag
W/"62-eTW1nRFt8lm8gpxgeRfh8XtWhyU"
access-control-allow-methods
GET, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
content-length
98
batch
async-px.dynamicyield.com/ 		0
385 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1716386011834_612359
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.39.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-90.iad89.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
via
1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
99IjkdX7gsMF4bdl8xmPfuyCCPhOrd7n67-QUwhWvvMQTZvv37CrKg==
expires
0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
60c918f0e848e12d41e52d8d9ec305fdf5b0f11e6685fc4ff0aea21216aa045d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 22 May 2024 13:53:31 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2479:a800:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:47:22 GMT
via
1.1 google, 1.1 6f3ebc2cbc39563710a79620f7c154f0.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
IAD61-P3
age
370
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
9j1-q5ng2eIaTW_28ff_oKCwq_Yi-lzMacg96w9bbkEOBUbyFEQqRQ==
pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c8d4ebba-f605-48c0-91fa-ce595ecbdec6&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol
H2
Server
13.249.39.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-116.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

x-amz-version-id
null
date
Wed, 22 May 2024 07:01:03 GMT
via
1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C1
age
24751
etag
"18b3e43abad26bdac6f4cea944777b62"
x-cache
Hit from cloudfront
content-type
image/gif
accept-ranges
bytes
content-length
807
x-amz-cf-id
ZGIAMzqJQFEfJoMD95VzvtkipEg-aIzwn-HTPKEXYlQSCYt5u_gDlg==

Redirect headers

date
Wed, 22 May 2024 13:53:32 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amzn-requestid
c88abef2-241f-46ce-86ee-2a8392b73a1b
x-amzn-trace-id
Root=1-664df8dc-7e5e0a3d54f40e2d4088b7b9;Parent=2840778d5e645853;Sampled=0;lineage=07bbc27a:0
content-type
application/json
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
access-control-allow-origin
*
x-amz-apigw-id
YLPSdHWfoAMEoUQ=
content-length
2
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Protocol
H2
Server
68.67.160.132 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
an-x-request-uuid
c7cdbf32-c5fc-494a-b2a1-e7ee438dd68d
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
166.0.205.136; 166.0.205.136; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
an-x-request-uuid
6f29dc8d-5537-4a41-b0a3-3c58775d5a54
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
cache-control
no-store, no-cache, private
x-proxy-origin
166.0.205.136; 166.0.205.136; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NTA4YjdkZDktN2JmYi00NDNiLTkwMGMtNjhlNDc5NzFhNjc3&gdpr=0&gdpr_consent=&ttd_tdid=508b7dd9-7bfb-443b-900c-68e47...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=508b7dd9-7bfb-443b-900c-68e47971a677&google_gid=CAESEPO6GMPlo21WQcl2nVMUw0c&google_cver=1
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=508b7dd9-7bfb-443b-900c-68e47971a677
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=865126135440480772&ttd_tdid=508b7dd9-7bfb-443b-900c-68e47971a677
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=508b7dd9-7bfb-443b-900c-68e47971a677&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=508b7dd9-7bfb-443b-900c-68e47971a677&expiration=1718978013&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=508b7dd9-7bfb-443b-900c-68e47971a677&expiration=1718978013&gdpr=0&gdpr_consent=&C=1
43 B
734 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=508b7dd9-7bfb-443b-900c-68e47971a677&expiration=1718978013&gdpr=0&gdpr_consent=&C=1
Protocol
H3
Server
172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:34 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8hTdRkkoiMc09C6sE1yKz23x12sZdpZcgmKjytmGqqvL%2Fznmlnpr6mATk%2Frk%2F6PXSd0wT0YDM7fB0Ao4MpVDym9Tcr02Rjc0qBmQWAGW7f9XohT2hDxSeHl2iOjnpboYYJ3gZ%2B8Hdi3%2Bng%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
887d4b0e28e436a9-YYZ
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:34 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l2i5Ub2IsQupr4szRHIkGar05kwMGR122jg9fcsgQxZR%2BkY4Z2KVa9D4I8eJTlWA4YZX%2FPEYZO7DWP%2Bk%2B7uHraq1dSS3fGfApmsipacJ7EVeV5npuC9EkzDvqiKXwZwcQfN3jn74YnGGsA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=39&external_user_id=508b7dd9-7bfb-443b-900c-68e47971a677&expiration=1718978013&gdpr=0&gdpr_consent=&C=1
cache-control
no-cache
cf-ray
887d4b0d686636a9-YYZ
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=291604&uid=680043790262466779&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=b73a5d0b86fb52f645ecbe4804cf19d0&expSes=79466&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-3381743969571573041&cgtgDecisionId=-3381743972034996995&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1716386011871&rri=863957
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.39.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-90.iad89.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
via
1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
iezP1mf9htsTkRLrQqky8teOvQUVyJkbY8tFyWEidJrGL2za2rcqDg==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=428361&uid=680043790262466779&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=b73a5d0b86fb52f645ecbe4804cf19d0&expSes=79466&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-3381743972934399311&cgtgDecisionId=-3381743971937355798&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1716386011873&rri=3803569
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.39.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-90.iad89.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
via
1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
PkC2OJnIl-YwnMDpLSgfmlgdyY5X5bAiwmyA2p_L5VKLHqGgvz62Ug==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=903467&uid=680043790262466779&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=b73a5d0b86fb52f645ecbe4804cf19d0&expSes=79466&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-3381743972684178431&cgtgDecisionId=-3381743971753890792&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1716386011873&rri=3851275
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.39.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-90.iad89.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
via
1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
eLyBAmVCS2oWiQF9cfUpVlf6jqTXuVlZ5zRVgjniGpxjKfEhFM19Xw==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=189429&uid=680043790262466779&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28646951%5D&ses=b73a5d0b86fb52f645ecbe4804cf19d0&expSes=79466&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-3381743971051576534&cgtgDecisionId=-3381743972282697045&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1716386011874&rri=4562944
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.39.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-90.iad89.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
via
1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
rtYoZqg_w7KTdSz9AuuxnAMvef76cq6IXA3tTXe0_rCpfENAOcUBUQ==
expires
0
otFlat.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5mNZducabMgxSDzBo+ZI8w==
age
62678
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:30 GMT
server
cloudflare
etag
0x8DB82A159AF8EA6
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
887d4afe6ab0abab-YYZ
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 		61 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sXFDxCJwbPEMIT/8f5Prwg==
age
71601
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12544
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:33 GMT
server
cloudflare
etag
0x8DB82A15AFF8646
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
99943331-001e-00a9-52a5-21f8f1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
887d4afe6ab2abab-YYZ
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
v0pzgeeelPwcAOki15i3HA==
age
71601
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1766
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:32 GMT
server
cloudflare
etag
0x8DB82A15AB9FB83
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
cd67b2fb-901e-0094-1c03-248eea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
887d4afe6ab4abab-YYZ
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
66519
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
b54dfe3f-901e-004f-6264-2348d7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
887d4afe8adcabab-YYZ
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.2.133.133 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 22 May 2024 13:53:32 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
www-widgetapi.js
www.youtube.com/s/player/018e9916/www-widgetapi.vflset/ 		42 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/018e9916/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
727c77ec19d827a0c2e8e6f289b8031b6d753ff14b219a0e8f15d0a71e6c8bd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:47:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
334
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13955
x-xss-protection
0
last-modified
Mon, 20 May 2024 04:17:48 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 22 May 2025 13:47:58 GMT
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000
last-modified
Wed, 22 May 2024 13:53:32 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
js
www.paypal.com/sdk/ 		420 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5d8f1d59fa24808f74d389f39672c2a46b420efb84b5dcb64069a240d6861e3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-XSOzYDU6r7NwgkHWwlHBkKgjexmAhRHxcsm0tvVNIU1I34Az' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-XSOzYDU6r7NwgkHWwlHBkKgjexmAhRHxcsm0tvVNIU1I34Az' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-XSOzYDU6r7NwgkHWwlHBkKgjexmAhRHxcsm0tvVNIU1I34Az' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-XSOzYDU6r7NwgkHWwlHBkKgjexmAhRHxcsm0tvVNIU1I34Az' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 22 May 2024 13:53:32 GMT
age
4624
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f8131532e25ee
server-timing
"traceparent;desc="00-0000000000000000000f8131532e25ee-cb04d19773d5842b-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
118463
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200163-BUR, cache-yyz4522-YYZ, cache-yyz4522-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f8131532e25ee-91ce608f48c94b23-01
x-timer
S1716386012.303471,VS0,VE4
etag
W/"1cebf-6Hl3OwEl+JEAzhyNkhWCIHCVPGE"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
1, 12, 0
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		146 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.4.234.235 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-4-234-235.deploy.static.akamaitechnologies.com
Software
nginx / Express
Resource Hash
2e8fd8d487b4259dbdc6c529f742806377fae205c8dc7d0f35ac8797bafe5b3b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Wed, 22 May 2024 13:53:32 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"f3bc9cdcf9c97d0ec2f18fd72203201caef8fea5-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
must-revalidate, max-age=900
Connection
keep-alive
Content-Length
43443
Expires
Wed, 22 May 2024 14:08:32 GMT
js
www.googletagmanager.com/gtag/ 		328 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fdc8533ebd8c56c85e3dba28af1cbd74a92ec8d8fabd1c51a991c45b31807522
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
108817
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 May 2024 13:53:32 GMT
js
www.googletagmanager.com/gtag/ 		307 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e2fe7b6c0aa6d18bd767bd154a2081a5353a64310a0ba1a51bfcf3073cba80f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
103487
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 May 2024 13:53:32 GMT
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		301 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.132.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-132-57.iad50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f631dcf6f6366df81d2322d9b200b9d37b3caa12e3e0366c4d94eb6c8b6f7272

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 13:17:26 GMT
content-encoding
br
via
1.1 d439433d975e4e608c1677c8e16e7fe2.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD50-C2
age
0
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
73851
last-modified
Tue, 21 May 2024 13:16:15 GMT
server
AmazonS3
etag
"4936acea3b7bb689a76667ad59844cd0"
vary
Origin
content-type
application/javascript;charset=utf-8
cache-control
max-age=900
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
u-9SlO7lxDwN8htqsTQa_TDgST4VKcj8PBgyWFxOJcZclxAY1nvIxA==
loader.js
cdn.usehero.com/ 		98 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/loader.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f5:3400:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:31:37 GMT
content-encoding
gzip
via
1.1 ef066a0102f66b719933dbbef3bc5968.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P4
age
1316
x-amz-server-side-encryption
AES256
etag
W/"fbf714a58cbac38c0deea519667d9044"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
nb9JmBhxfIosUEsdpyfw813rXR4niG78WAa88B9L3aVHnNXh2MqQOQ==
destination
www.googletagmanager.com/gtag/ 		208 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8bbfb4a3cf8ca875a6ace07af82d87ddb7fc44500da2f84593decc3f08eca694
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76763
x-xss-protection
0
last-modified
Wed, 22 May 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 May 2024 13:53:32 GMT
destination
www.googletagmanager.com/gtag/ 		208 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
625c8b48ae8889f6f83e4d5d6e207bad25d4f76ee4c325835e11fdcbfc821853
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76740
x-xss-protection
0
last-modified
Wed, 22 May 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 May 2024 13:53:32 GMT
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0882be2bb685d64ae46b56574b330fb1afe5dfef39f940d12ca776475248eaa8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
br
x-cdn
fastly
etag
"c292daff66d2a9db8fb67b7807bf3c7b"
x-amz-server-side-encryption
AES256
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
vary
Accept-Encoding, Origin
cache-control
max-age=7200
alt-svc
h3=":443";ma=600
content-length
1881
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 22 May 2024 13:53:32 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=31, rtx=0, c=13, mss=1392, tbw=2784, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
2UU5HwVu4tihpaGPvf9VAX5CkSWiFKwIu7fwnuX+39Kf5icobbUDFODKZ0fFOhmleiErJ/b+7G3fZWJcs8597Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
5ccd2a2d0cfc8f7b36c238c935a36c751eb306a4f23788a0c6c33eec1a5a2071

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Tue, 07 May 2024 17:43:30 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"337f63427080a8d6a60316b759dab390"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
12083
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 22 May 2024 13:53:32 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: CB8002F198CB4035B52ACCB0FAD49113 Ref B: YTO01EDGE0507 Ref C: 2024-05-22T13:53:32Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
events.js
analytics.tiktok.com/i18n/pixel/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BRR4GA0I9JJBU29G8GF0&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e830002b3761c0c2f14971e6c49253ea72dbff2981e9358f0a8a297b64a0ed45

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
90557ece
date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2405221353323C7D25D9A0447527EF7B-3258EF4B2EAC869D-00
x-cache
TCP_MISS from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=2, origin; dur=9
content-length
2207
pragma
no-cache
server
nginx
x-tt-logid
202405221353323C7D25D9A0447527EF7B
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
10,23.220.104.20
x-tt-trace-host
01426287e4445b5ff20f4095011fe5ae83fe9a6f8d7ff6b268929d5c93d224f439d3410be46bfe13fbcf05ec1a1a21667536fd0510beff683e845d6f4c53f76010cc2e06a889636e6aada12d3bf3e20cfda6090521af7ce2aeedbde94efb548224
expires
Wed, 22 May 2024 13:53:32 GMT
viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.214.87.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-214-87-142.compute-1.amazonaws.com
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-cq-client-id
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization, content-type, x-cq-tenant, x-cq-client-id
access-control-allow-methods
POST
access-control-allow-origin
https://www.elfcosmetics.com
content-length
0
date
Wed, 22 May 2024 13:53:32 GMT
server
envoy
strict-transport-security
max-age=15552000; includeSubdomains
x-envoy-upstream-service-time
1
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
53dd52d834e50e9f61767c33ec166d5dd3201105af9fe4da163deee8fd09525c

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
90557ecf
date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2405221353325F04FF4176C7AEC72D52-20E926F1AB027A25-00
x-cache
TCP_MISS from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=2, origin; dur=18
content-length
2143
pragma
no-cache
server
nginx
x-tt-logid
202405221353325F04FF4176C7AEC72D52
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
18,23.220.104.20
x-tt-trace-host
01426287e4445b5ff20f4095011fe5ae83fe9a6f8d7ff6b268929d5c93d224f439f9b915fcef2f14ae738b2d4ff4e563be19fbab15bebaf9743015f1586ba91e1c5cf442144babdafabd958b57f526d1c1a2949022edab872d0962adc7f0babed3
expires
Wed, 22 May 2024 13:53:32 GMT
widget.js
js.jebbit.com/companion/v1/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:b000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cc9709489aeba0f23cc18fd3d1ff6f2087e1381ba6dbe92e98738228d520fd54

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 23:27:52 GMT
x-amz-version-id
j3bLD5VAFZVsHy8WM9iuVjqRLf9F9664
via
1.1 9557da2570df16242f84a67f254d7f30.cloudfront.net (CloudFront)
last-modified
Thu, 02 May 2024 15:04:41 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
51942
etag
"226557253164387c89ed4612b780f10f"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45245
x-amz-cf-id
ShjOQ-Wz2z_pUvq2auu98lGtQJmKB59znKPq7LND3sOGdE8PGcmqvQ==
i.js
tag.wknd.ai/6664/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
5c44c12f6add4835be7e28a598a8c8aee4b678dade79bc57e01b0f4924c235d1

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:51:55 GMT
content-encoding
gzip
via
1.1 google
age
98
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5576
server
istio-envoy
etag
432c44380de0b4
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
favicon.ico
www.elfcosmetics.com/ 		34 KB
34 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
via
1.1 c31337642f54c5bd34bb485701d02e8a.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
34494
x-amz-cf-pop
DFW57-P1
age
438
x-amzn-remapped-connection
close
x-amzn-requestid
dc0c8873-8d60-4fa0-bf29-6eb818757de1
x-yottaa-optimizations
ob/0 si/32D1cc02d1aa-1715874284-7916460212 tts/1716231463926 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront
x-amz-apigw-id
YJCXQFhfiYcEpxA=
alt-svc
h3=":443"; ma=86400
x-yottaa-forcecache
true
last-modified
Tue, 21 May 2024 21:50:00 GMT
x-amzn-trace-id
Root=1-664d1761-0cf7be234c2e5e3763d32ebe;Parent=3551230873205ade;Sampled=0;lineage=2b75b0e9:0
etag
W/"86be-18f9d21f740"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
max-age=600, s-maxage=600
x-yottaa-os
200
x-yottaa-metrics
3221a5fec6f9/[49,43,-] 32D1cc02d1aa/[-,51.571]
x-amzn-remapped-date
Tue, 21 May 2024 21:51:29 GMT
x-amz-cf-id
o1dANTPOkSuVitVc-tTWGeDBUABnqHgHTO0DQzlo0WUcscHjYhd-hQ==
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
581b92c84d24f6011e8d74fe6e418e75f7e3259726e20f7af558e8282d4b5f34
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4YzhjYTI4OC1mMWE2LTRmMDktYjI2OS0wNWQyZWViZmRmMDEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmRiOWIzMzEwLWU5YmEtNDZjMS04OGFlLTA0MjI4ODRiOGFlZCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTYzODU5ODEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjeGVnM3dIa1hrcmFSeHJKR3dxWVlsS2tWOjpjaGlkOiAiLCJleHAiOjE3MTYzODc4MTEsImlhdCI6MTcxNjM4NjAxMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTE3OTQwODc4NDQyMTc4MCJ9.5fZB4rNonkoQFVA4QZFA4l0HN77r463SAPCc56q1WXJCJii6w4HCGDmRQBQUJ_ckgC1YJ0nBWjoP1b9Tse6gOw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
application/json
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1cc02d1aa-1715874284-7916460213 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
1099
pragma
no-cache
etag
defb1cd9cc48f595b0b1be6f08ccaf2d999aeafc36a7fe350f7c98daaf413a03
allow
OPTIONS,POST
content-type
application/json;charset=UTF-8
x-dw-resource-state
defb1cd9cc48f595b0b1be6f08ccaf2d999aeafc36a7fe350f7c98daaf413a03
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3221a5fec6fa/[177,175,-] 32D1cc02d1aa/[-,179.909]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
887d4b01ace88728-ORD
x-dw-request-base-id
DRCCZNz4TWYBAAB_
x-amz-cf-id
q9pl7HhEXN64E-2N30ucprJQUYcYBWADWuYFTeoec11_GUCEfKh3YQ==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
72051
x-ms-lease-status
unlocked
last-modified
Mon, 20 May 2024 16:31:17 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
6e5594e7-a01e-0006-2d2e-abb611000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
887d4b014cc2ac39-YYZ
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
538 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
86295
x-ms-lease-status
unlocked
last-modified
Mon, 20 May 2024 16:31:16 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
c0a391e3-801e-0092-5786-abd6df000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
887d4b016dfeabab-YYZ
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
82824
content-length
4036
x-ms-lease-status
unlocked
last-modified
Mon, 20 May 2024 16:31:17 GMT
server
cloudflare
etag
0x8DC78EA45FFB60B
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
f16e9cb1-a01e-0060-4b2e-ab044b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
887d4b017ce1ac39-YYZ
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 22 May 2024 13:53:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
82405
x-ms-lease-status
unlocked
last-modified
Mon, 20 May 2024 16:31:17 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
a3095f4a-901e-00af-67e8-aa63f9000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
887d4b017ce2ac39-YYZ
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
x-amz-version-id
null
cf-cache-status
HIT
age
6453
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
5378
last-modified
Wed, 22 May 2024 12:05:59 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
887d4b04d922aae8-YYZ
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
age
52017
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 21 May 2024 23:26:35 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
887d4b04d91baae8-YYZ
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-drop-1235517%201
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%203x
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
age
37651
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 22 May 2024 03:26:01 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
887d4b04d920aae8-YYZ
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=2136714823;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.31.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f148.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:33 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"16760146355401002254"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0x12fe0ab4527cf6f3","source_keys":["12","13","14","15","16","17","18","19","20","21","628473576","628473577","628473578","628473579","628534472","628534473","628534474","628534475","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","628827972","628827973","628827974","628827975"]},{"key_piece":"0x8e24180d8b10d0a8","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628473576","628473577","628473578","628473579","628534472","628534473","628534474","628534475","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","628827972","628827973","628827974","628827975"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628534472":34,"628534473":34,"628534474":34,"628534475":3345,"628613572":32,"628613573":32,"628613574":32,"628613575":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"628827972":32,"628827973":32,"628827974":32,"628827975":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"9589303136225235764","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"16760146355401002254","filters":[{"14":["8259474"],"source_type":["event"]},{"14":["8259474"],"24":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"16760146355401002254","filters":[{"14":["8259474"],"23":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"0"},{"deduplication_key":"16760146355401002254","filters":[{"14":["8259474"],"25":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"2"},{"deduplication_key":"16760146355401002254","filters":[{"14":["8259474"],"26":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"3"},{"deduplication_key":"16760146355401002254","filters":[{"14":["8259474"],"27":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"4"},{"deduplication_key":"16760146355401002254","filters":[{"14":["8259474"],"28":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"5"},{"deduplication_key":"16760146355401002254","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"16760146355401002254","filters":[{"source_type":["event"]},{"23":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"16760146355401002254","filters":[{"24":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"1"},{"deduplication_key":"16760146355401002254","filters":[{"25":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"2"},{"deduplication_key":"16760146355401002254","filters":[{"26":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"3"},{"deduplication_key":"16760146355401002254","filters":[{"27":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"4"},{"deduplication_key":"16760146355401002254","filters":[{"28":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"5"},{"deduplication_key":"16760146355401002254","filters":[{"29":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"6"},{"deduplication_key":"16760146355401002254","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
102 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je45k0v879088318z8896608294za200zb896608294&_gaz=1&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1227192840.1716386011&ul=en-ca&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1716386012&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2&tfd=8598
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c21::65 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:35 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=1227192840.1716386011&gtm=45je45k0v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=1227192840.1716386011&gtm=45je45k0v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1&frm=0&z=2004846020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1187198223;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.31.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f148.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:33 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"4280089352246528324"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0xbd12fe08628e9963","source_keys":["12","13","14","15","16","17","18","19","20","21","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","628651320","628651321","628651322","628651323","628652116","628652117","628652118","628652119","628801632","628801633","628801634","628801635"]},{"key_piece":"0xa921d27177e04dd7","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","628651320","628651321","628651322","628651323","628652116","628652117","628652118","628652119","628801632","628801633","628801634","628801635"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628504556":32,"628504557":32,"628504558":32,"628504559":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"628651320":65,"628651321":65,"628651322":65,"628651323":6356,"628652116":32,"628652117":32,"628652118":32,"628652119":3177,"628801632":65,"628801633":65,"628801634":65,"628801635":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"9627368448008648921","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"4280089352246528324","filters":[{"14":["12119809"],"source_type":["event"]},{"14":["12119809"],"24":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"4280089352246528324","filters":[{"14":["12119809"],"23":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"0"},{"deduplication_key":"4280089352246528324","filters":[{"14":["12119809"],"25":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"2"},{"deduplication_key":"4280089352246528324","filters":[{"14":["12119809"],"26":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"3"},{"deduplication_key":"4280089352246528324","filters":[{"14":["12119809"],"27":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"4"},{"deduplication_key":"4280089352246528324","filters":[{"14":["12119809"],"28":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"5"},{"deduplication_key":"4280089352246528324","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"4280089352246528324","filters":[{"source_type":["event"]},{"23":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"4280089352246528324","filters":[{"24":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"1"},{"deduplication_key":"4280089352246528324","filters":[{"25":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"2"},{"deduplication_key":"4280089352246528324","filters":[{"26":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"3"},{"deduplication_key":"4280089352246528324","filters":[{"27":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"4"},{"deduplication_key":"4280089352246528324","filters":[{"28":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"5"},{"deduplication_key":"4280089352246528324","filters":[{"29":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"6"},{"deduplication_key":"4280089352246528324","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
sgtm.elfcosmetics.com/g/ 		790 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je45k0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1227192840.1716386011&ecid=1604216748&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=1737957495.1716386011&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=1&sid=1716386012&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=1&tfd=8691&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
100f511e40c18172023834e307e1776ba7dc0f748c4dc656029452da3bbfe454
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:33 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
sgtm.elfcosmetics.com/g/ 		65 B
404 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je45k0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1227192840.1716386011&ecid=1604216748&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=1737957495.1716386011&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=2&sid=1716386012&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=pageview&ep.vendor_id=pinterest&ep.email=&ep.event_id=1716386986070_17163868131169&_et=3&tfd=8702&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:33 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
sgtm.elfcosmetics.com/g/ 		65 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je45k0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1227192840.1716386011&ecid=1604216748&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=1737957495.1716386011&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=3&sid=1716386012&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1716386986070_171638681311611&ep.email=&ep.phone=&_et=2&tfd=8703&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:33 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=1227192840.1716386011&jid=470777413&_u=YEBAAEAAAAAAACgAI~&z=1073045494
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c08::63 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=1227192840.1716386011&jid=470777413&_u=YEBAAEAAAAAAACgAI~&z=1073045494
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CI779ZS0oYYDFbPDwgQdr5QAjg;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined...
9231397.fls.doubleclick.net/ Frame 5ECF
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefin...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CI779ZS0oYYDFbPDwgQdr5QAjg;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-c...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CI779ZS0oYYDFbPDwgQdr5QAjg;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=2136714823;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.149 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
490
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:33 GMT
expires
Wed, 22 May 2024 13:53:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:33 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CI779ZS0oYYDFbPDwgQdr5QAjg;src=9231397;type=retarget;cat=globa0;ord=6344661583364;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=2136714823;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CIPa-JS0oYYDFdrHwgQdM1UPPg;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-cr...
10742279.fls.doubleclick.net/ Frame 9E2D
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CIPa-JS0oYYDFdrHwgQdM1UPPg;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfco...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CIPa-JS0oYYDFdrHwgQdM1UPPg;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1187198223;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.148 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f148.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
431
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:33 GMT
expires
Wed, 22 May 2024 13:53:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:33 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CIPa-JS0oYYDFdrHwgQdM1UPPg;src=10742279;type=elf8j0;cat=glo_flap;ord=1903653139202;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1187198223;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
local
www.paypal.com/credit-presentment/experiments/ Frame 34B0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.0&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
76494
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1524
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Wed, 22 May 2024 13:53:33 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-POhWZKysqug/xRhlu2niHghB48s"
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f122035dbc355
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f122035dbc355-fac6cc6ad8c63111-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f122035dbc355-a87d05c252172557-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
4742, 5151, 0
x-served-by
cache-bur-kbur8200138-BUR, cache-yyz4562-YYZ, cache-yyz4562-YYZ
x-timer
S1716386013.248069,VS0,VE6
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.437&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0b949e59f7ee30237e38771a4452b2d42e2b28e9dc6d7f208b796f99e064fa62
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-c6oB0BxIYPb920ptcm8e9II150WYZGRbdmgXeGW2DRxWeuXF' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-c6oB0BxIYPb920ptcm8e9II150WYZGRbdmgXeGW2DRxWeuXF' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 22 May 2024 13:53:33 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
59704
x-cache
HIT, HIT, MISS
paypal-debug-id
f912583dbd433
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4796
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200060-BUR, cache-yyz4522-YYZ, cache-yyz4522-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f912583dbd433-d683d1242555a669-01
x-timer
S1716386013.999075,VS0,VE4
etag
W/"3691-8C6AsGDkD6id6aUWZJ9dMLFCmK8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
380, 5, 0
pageview
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&dt=541&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6759&ww=1600&wh=1200&sw=1600&sh=1200&uu=89031a36-0902-a6cd-d8c6-bc2a7e32ddf2&sn=1&hd=1716386013&v=14.11.0&pid=1926&pn=1&r=491656
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.20.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-20-70.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:34 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

c_x-pwa-request
true
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:33 GMT
content-encoding
gzip
via
1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1cc02d1aa-1715874284-7916460231 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-yottaa-metrics
3221a5fec6fe/[385,381,-] 32D1cc02d1aa/[-,387.170]
cf-ray
887d4b062aee232e-ORD
x-dw-request-base-id
qbDNjd34TWYBAAB_
x-amz-cf-id
NQLXvY0bkLgFmbp117mPHOxodlZqgfxtPNMQpFIMTuqQMj5Y9hCF4Q==
expires
Thu, 01 Dec 1994 16:00:00 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
60c918f0e848e12d41e52d8d9ec305fdf5b0f11e6685fc4ff0aea21216aa045d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
a8525dbb-5bb6-4d17-9008-17ca4d4ee2bf
https://www.elfcosmetics.com/ 		7 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.elfcosmetics.com/a8525dbb-5bb6-4d17-9008-17ca4d4ee2bf
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc3222296af8f2de63cdf4690986d2ad59ae1f2b97509b29a56640d5fc6cffff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length
7329
Content-Type
application/javascript
main.2bdc3040.js
s.pinimg.com/ct/lib/ 		69 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.2bdc3040.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
32d720cede6dadc60f848ff6670b767292e508c5ec392ef64ffd4fd46982e565

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:33 GMT
content-encoding
br
x-cdn
fastly
etag
"12a8f2d3ddbe2363a4a569b085d70d28"
x-amz-server-side-encryption
AES256
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
vary
Accept-Encoding, Origin
cache-control
max-age=1209600
alt-svc
h3=":443";ma=600
content-length
19942
display
api.usehero.com/webplugin/ 		162 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&state=untouched&outboundFeature=
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
ed7c88c2a02e0391e2feec53bc0f10d44cd167dfb1d769cc2317ee7dc1fc5ef6
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
966a0e74-2049-487d-a50a-8e166147d993
cross-origin-resource-policy
same-origin
x-geo-longitude
-73.58870
pragma
no-cache
referrer-policy
same-origin
etag
W/"a2-+YqKnB/FTSRHzD85ek+pKANv6jE"
x-frame-options
SAMEORIGIN
x-geo-zip
H3H
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
45.50750
x-accuracy
20
expires
0
date
Wed, 22 May 2024 13:53:33 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/Toronto
x-envoy-upstream-service-time
11
content-length
162
x-xss-protection
0
x-request-id
966a0e74-2049-487d-a50a-8e166147d993
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
CA
x-geo-city
Montreal
main.MWNkMWZjOGNjMA.js
analytics.tiktok.com/i18n/pixel/static/ 		411 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
4dee7b7f5bd454fc7b52f623814a23be6e9bc6b191ffb1b14a8202ce10d6813f

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
905592b6
date
Wed, 22 May 2024 13:53:33 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240509131651C2EABC3B368BFDEA9363
x-tt-trace-id
00-240509131651C2EABC3B368BFDEA9363-38B65D4B3AE61D77-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01061299290bcd63b25c8773e80946b5a2e44e3dae5525a122486c3ec9bf248a1ea3386c5196bba459529bc5a0da0a6ee66f158b14815836a8a0a341f847b5c1a9139d139ec9117a194b20f6a67d71886efd2e588138936d8d516d7e39b4b3f08b
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
111320
main.MWNkMWZjOGNjMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		431 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
25c8e105aed1fd7c0e7869d4e5cdc896fc4f74a2e6a24428711da23557cb98d3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
905592b7
date
Wed, 22 May 2024 13:53:33 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240509130701266A4ACB42E794DCB96C
x-tt-trace-id
00-240509130701266A4ACB42E794DCB96C-6268D3D23D03CA66-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01ed61cd00934729c3de3abc156802d66c8fafd5a5e11f4c23d9583c40bdf6a949e669f75097d2ab88b37a5aa80695017d8154143e38245fc16589b286a1536f40d343e36b00c2441f8b55c21eff1b426ebb8924e258d8b398d37b69c42db28fdd
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length
116397
dvar
c.contentsquare.net/ 		0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=14.11.0&pid=1926&pn=1&sn=1&uu=89031a36-0902-a6cd-d8c6-bc2a7e32ddf2&dv=H4sIAAAAAAAAA0WMsQrCUAxFfyVkdnHtpq0VwVEKnUraBgnERF6DWor%2F7hOUjvdwzl1wt%2B%2Bqtjuq96RQukVyhQtPgQVWs9FNBmiFdYTD685J2AaecPPrVgbbHDSUhELc8vorZ3%2FCyYLt%2B1i6KvWesvRgqEUj53bF9wcxTAoRiQAAAA%3D%3D&ct=2&r=798688
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.20.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-20-70.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:34 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
ts
t.paypal.com/ 		42 B
544 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1716386013191&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.35 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0
date
Wed, 22 May 2024 13:53:34 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
765347d071d9c
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200042-BUR, cache-yyz4565-YYZ
pragma
no-cache
correlation-id
765347d071d9c
traceparent
00-0000000000000000000765347d071d9c-c77518b1939f85d0-01
x-timer
S1716386014.218390,VS0,VE111
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 May 2024 13:53:34 GMT
5013978.js
bat.bing.com/p/action/ 		0
119 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Wed, 22 May 2024 13:53:33 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 8496727B86594970AB4AC5ABF9390ADE Ref B: YTO01EDGE0507 Ref C: 2024-05-22T13:53:33Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=4b942fe8-aeb3-466e-bf4b-4081a063d68a&sid=ada5bb50184211efade72d7107055737&vid=ada5d8c0184211ef9cfb8b53b4562bc8&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&r=&lt=7763&evt=pageLoad&sv=1&rn=806177
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 22 May 2024 13:53:33 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: CFA8D306B0FA43FEA58713826D1FC7D6 Ref B: YTO01EDGE0507 Ref C: 2024-05-22T13:53:33Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
t2_16331p_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:33 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
98
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1716386013209&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=3e035cea-3385-4921-9939-56da587f7dee&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_a8bbbcc6&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:34 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
collect
analytics.google.com/g/s/ 		0
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.google.com/g/s/collect?dma=0&gtm=45j91e45g0h1v9125640115z8896608294z99175401888za200zb896608294&_gsid=5D80LRC85Ns9QdXD3inUOqgsx_Su8aLw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c21::65 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:34 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&tid=G-5D80LRC85N&cid=JgNzSHKY%2FqS9XC1GM8mvqQGogPf9Z%2Fu8teg0kX4r%2Bt4%3D.1716386011&gtm=45j91e45g0h1v9125640115z8896608294z99175401888za200zb896608294&aip=1&z=1495005982
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&tid=G-5D80LRC85N&cid=JgNzSHKY%2FqS9XC1GM8mvqQGogPf9Z%2Fu8teg0kX4r%2Bt4%3D.1716386011&gtm=45j91e45g0h1v9125640115z8896608294z99175401888za200zb896608294&aip=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:33 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1638306756445368
connect.facebook.net/signals/config/ 		68 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.156&r=stable&domain=www.elfcosmetics.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b336f926203c1280abc248e9659a8bfc81f33e5827bd8e5a90bd43cbe9958ef4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 22 May 2024 13:53:33 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14133
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=31, rtx=0, c=60, mss=1392, tbw=63341, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
Pfd17bBd5pV4VBq4+RhLi1Ug1PJIy/93caFW3BK6bn9pYLYYp8Vam4UXeQyQevc3TtP0YXPka1J2s+/t22Bsew==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
jsp
ut.rd.linksynergy.com/ 		148 B
414 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
41ccf8e2a37091dc584af09dccfae99c1692485251e95415f9597125ca504d6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/plain; charset=utf-8
date
Wed, 22 May 2024 13:53:34 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
x-samesite
secure
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:b000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
5TtP6A3FvksKClCFN7X6r1PsSCc1hWlP
date
Tue, 21 May 2024 15:04:46 GMT
via
1.1 9557da2570df16242f84a67f254d7f30.cloudfront.net (CloudFront)
last-modified
Thu, 02 May 2024 15:04:41 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
82128
x-amz-server-side-encryption
AES256
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
FbiztvCy4EG0n_j-c5CThAzE98731g2oLD9AriFYwRNEnPoEcY67Rw==
launcher_configs
external-api.jebbit.com/moments/v2/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.38.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-38-209.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
x-dns-prefetch-control
off
content-length
2
x-xss-protection
1; mode=block
pragma
no-cache
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options
noopen
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
expires
0
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=14.11.0&pid=1926&pn=1&sn=1&uu=89031a36-0902-a6cd-d8c6-bc2a7e32ddf2
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.202.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-202-189.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 22 May 2024 13:53:34 GMT
content-length
2
content-type
application/json
cc92afac65c159647585b23ca9
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/cc92afac65c159647585b23ca9
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.209.170 Dawsonville, United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
113d760d9ef42e1d8e87bf10890f85bd1824da95b336e255de203c162dd7b304
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4YzhjYTI4OC1mMWE2LTRmMDktYjI2OS0wNWQyZWViZmRmMDEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmRiOWIzMzEwLWU5YmEtNDZjMS04OGFlLTA0MjI4ODRiOGFlZCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTYzODU5ODEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjeGVnM3dIa1hrcmFSeHJKR3dxWVlsS2tWOjpjaGlkOiAiLCJleHAiOjE3MTYzODc4MTEsImlhdCI6MTcxNjM4NjAxMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTE3OTQwODc4NDQyMTc4MCJ9.5fZB4rNonkoQFVA4QZFA4l0HN77r463SAPCc56q1WXJCJii6w4HCGDmRQBQUJ_ckgC1YJ0nBWjoP1b9Tse6gOw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
application/json
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform
"Win32"

Response headers

x-yottaa-profileid
5a0c9b7632f01c35d4210220
date
Wed, 22 May 2024 13:53:33 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 848ee9f48eafd6caa6bf5371a2f79f28.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1cc02d1aa-1715874284-7916460250 tts/1716231476197 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
1009
etag
9cd0117ca2a53f1ee84b8616bbf96dbce2c01aa0353b04a5db15a3ef1c1b92ca
allow
DELETE,GET,HEAD,OPTIONS,PATCH
content-type
application/json;charset=UTF-8
x-dw-resource-state
9cd0117ca2a53f1ee84b8616bbf96dbce2c01aa0353b04a5db15a3ef1c1b92ca
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-os
200
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/cc92afac65c159647585b23ca9
accept-ranges
bytes
cf-ray
887d4b09b887232e-ORD
x-dw-request-base-id
HVqi6t34TWYBAAB_
x-amz-cf-id
OM3Ymb57meMaO-thvVVeeyLQRH2tWul6tb8AynhAcfJ0y6z6nri1UA==
x-yottaa-metrics
3221a5fec670/[164,162,-] 32D1cc02d1aa/[-,166.760]
plugin.5.46.0.js
cdn.usehero.com/ Frame 35B2 		244 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/plugin.5.46.0.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f5:3400:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:05:21 GMT
content-encoding
gzip
via
1.1 ef066a0102f66b719933dbbef3bc5968.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P4
age
2893
x-amz-server-side-encryption
AES256
etag
W/"e840bbd769b547fed1c31518dde8fa55"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
fzMHHBqxjZh1R2jAJz6-H_OhFqiyKUX5wFv0UPFN9y4yLeoZocTh-g==
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chf/1693) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
38c8f9a70c02c
dc
ccg11-origin-www-1.paypal.com
content-length
16355
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (chf/1693)
traceparent
00-000000000000000000038c8f9a70c02c-4d3ed5f5e186c1fc-01
etag
W/"64f25363-daa8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Wed, 22 May 2024 14:53:34 GMT
runtime_6459738026535cda4232dc813c61447d.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_6459738026535cda4232dc813c61447d.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 08 May 2024 23:16:55 GMT
content-encoding
br
age
1175799
x-guploader-uploadid
ABPtcPqae19qy6N4aK4tURCnC7qqw8UYaMOVl82s7-z3sLI5BpFxXd2WxpAgrW1Z2ZIWysHSpYnbXgAvjA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1316
last-modified
Mon, 06 May 2024 20:35:01 GMT
server
UploadServer
etag
"09512239cb2a22728ca9f8608dfc2181"
x-goog-generation
1715027701560378
x-goog-hash
crc32c=BS9gKg==, md5=CVEiOcsqInKMqfhgjfwhgQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1316
accept-ranges
bytes
content-type
text/javascript
/
ct.pinterest.com/user/ 		321 B
704 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1716386014102&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.136.202 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-136-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:34 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.0a68dc17.1716386014.596f517d
x-envoy-upstream-service-time
1
content-length
186
x-pinterest-rid
1121121098807920
pin-unauth
dWlkPU1qY3hPRFZtWkRrdE56STNOeTAwT1RCa0xXRmlNMkl0TURoa1l6RmxOR1ZoTm1JeA
pragma
no-cache
referrer-policy
origin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
5c8bfc366c53ef4acca5f606987646193351b3ab
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/user/ 		321 B
707 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%2C%22event_id%22%3A%228ecc58fe-fbdb-419b-95e6-647e6b095444%22%7D&tid=2615235625530&cb=1716386014104&dep=5%2CEVENT_TAGS_ABSENT
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.136.202 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-136-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:34 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.0a68dc17.1716386014.596f517c
x-envoy-upstream-service-time
0
content-length
186
x-pinterest-rid
1510846594946132
pin-unauth
dWlkPU5EUTNaREkyTnpJdE5XSXhNaTAwTldReExXRXhNRGt0TlRnek9ESXpaVEV6TkRNNQ
pragma
no-cache
referrer-policy
origin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
5c8bfc366c53ef4acca5f606987646193351b3ab
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/v3/ 		35 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%222bdc3040%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22125%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22125%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22125.0.6422.76%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1716386014106
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.136.202 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-136-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:34 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.0a68dc17.1716386014.596f517b
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=600
content-length
35
x-pinterest-rid
1562988523704863
pragma
no-cache
referrer-policy
origin
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
5c8bfc366c53ef4acca5f606987646193351b3ab
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
chunk.716.df63d46a2a86670d4b68.js
cdn.usehero.com/ Frame 35B2 		841 KB
212 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f5:3400:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:48:18 GMT
content-encoding
gzip
via
1.1 ef066a0102f66b719933dbbef3bc5968.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P4
age
316
x-amz-server-side-encryption
AES256
etag
W/"01e9e2a8624bcf27fee5e0a11db65672"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
w_zPm0mDOJzHsvUKX4eM2E94fmZbBYBw--bGt0CBTS21spRQ_mkNJQ==
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1716386014140&sw=1600&sh=1200&v=2.9.156&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1716386014133.508247669&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1716386013267&coo=false&eid=1716386986070_171638681311611&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=26, rtx=0, c=10, mss=1392, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 22 May 2024 13:53:34 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1716386014140&sw=1600&sh=1200&v=2.9.156&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1716386014133.508247669&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1716386013267&coo=false&eid=1716386986070_171638681311611&tm=1&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa90e50505ca4fe26","source_keys":["1","2"]},{"key_piece":"0x521824ae15b46aad","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Wed, 22 May 2024 13:53:35 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=29, rtx=0, c=10, mss=1392, tbw=3129, tp=-1, tpl=-1, uplat=17, ullat=0
pragma
no-cache
x-fb-debug
xS78kRE4vnCRIrCtYfdkCofqb2PLSPs4oIy88ZCnkZdHjXnTMiwtjvdZQ8MI9i2gCEfl/AdmYUgPrvCfWqdMFQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
identify_93546.js
analytics.tiktok.com/i18n/pixel/static/ 		139 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_93546.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a869fe8cddaf23f1ee50724c35748cefb30c697095b2cf4a231033cb8f43b4ab

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
905597bd
date
Wed, 22 May 2024 13:53:34 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240508171500517C3A6B4249A0328CA3
x-tt-trace-id
00-240508171500517C3A6B4249A0328CA3-1D2E9A7E2A7667C0-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
018a7b2a4156e4c949fd31002e583f4d7d69f34eff71937b22db904b556b3c17679333acee78793c9d2e777f9e4ddf231b247cca43cb58f6ae4a52c174b27c85af2ba72ae3646a49938a915a80b176a4f19a0c804d26a2d466b721c01ecf8fb8bf
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
37024
performance_interaction
analytics.tiktok.com/api/v2/ 		0
703 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/performance_interaction
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
90559851
date
Wed, 22 May 2024 13:53:34 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240522135334F8659D3938408FBCFA2D-63DF52AF65679883-00
x-cache
TCP_MISS from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
server-timing
inner; dur=9, cdn-cache; desc=MISS, edge; dur=17, origin; dur=11
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240522135334F8659D3938408FBCFA2D
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
12,23.220.104.20
x-tt-trace-host
01426287e4445b5ff20f4095011fe5ae83fe9a6f8d7ff6b268929d5c93d224f43934ea0790c874fc757bee6e7bcf2b6138b77d7dc2a8b4e667671a45f3b61119f87d6fa150f4796b6b470635de1a6a32fdbfa0748cda2a632de3306855443a96e7
access-control-allow-headers
Authorization,*
expires
Wed, 22 May 2024 13:53:34 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
705 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
9055987b
date
Wed, 22 May 2024 13:53:34 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2405221353344F945D5DC5F87CBBFCEE-545A07A3957CCA33-00
x-cache
TCP_MISS from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
server-timing
inner; dur=14, cdn-cache; desc=MISS, edge; dur=9, origin; dur=18
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202405221353344F945D5DC5F87CBBFCEE
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
18,23.220.104.20
x-tt-trace-host
01426287e4445b5ff20f4095011fe5ae83fe9a6f8d7ff6b268929d5c93d224f439859a6028b9e55469d801560c6123e3d6699bae3d89365a00ac0431337dec007b0076dea6d251e7f462323f8ce42f32a681d1e8766b49c75d69f1c260cef3d374
access-control-allow-headers
Authorization,*
expires
Wed, 22 May 2024 13:53:34 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
703 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
9055987c
date
Wed, 22 May 2024 13:53:34 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2405221353344336425CB56477BE3B65-0B995BF295230E6B-00
x-cache
TCP_MISS from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
server-timing
inner; dur=36, cdn-cache; desc=MISS, edge; dur=8, origin; dur=40
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202405221353344336425CB56477BE3B65
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
40,23.220.104.20
x-tt-trace-host
01426287e4445b5ff20f4095011fe5ae83fe9a6f8d7ff6b268929d5c93d224f439649c2ecced560d0e006e02da4fd5de7161d4a45be5beb4f8dae4ea7bd3155007721b64e70ecd746baf17ff92b5487d5c825ab02c9a1a1de682075124d714809f
access-control-allow-headers
Authorization,*
expires
Wed, 22 May 2024 13:53:34 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
703 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
9055987d
date
Wed, 22 May 2024 13:53:34 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24052213533442F67F7B8070C1BD85D1-1EB58B63A74F0DD4-00
x-cache
TCP_MISS from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
server-timing
inner; dur=30, cdn-cache; desc=MISS, edge; dur=26, origin; dur=39
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024052213533442F67F7B8070C1BD85D1
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
39,23.220.104.20
x-tt-trace-host
01426287e4445b5ff20f4095011fe5ae83fe9a6f8d7ff6b268929d5c93d224f4397706579f8f24c2281965a5ea3d082bcf04c73ec425a1fe99b7812574a98ec634f0de360cebae61f137b419abaa9ee83b1919defcfa9b29ad17b46780c3e4009e
access-control-allow-headers
Authorization,*
expires
Wed, 22 May 2024 13:53:34 GMT
shopper
api.usehero.com/localisation/ Frame 35B2 		35 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/localisation/shopper?appId=efcf9631-4c6b-4874-9f76-51f71464249a&version=5.46.0
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:34 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-time-zone
America/Toronto
klarna-correlation-id
083b028e-00e4-4b3b-9dd9-54135ef60eb1
x-envoy-upstream-service-time
15
x-geo-longitude
-73.58870
x-request-id
083b028e-00e4-4b3b-9dd9-54135ef60eb1
access-control-max-age
21600
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-country
CA
cache-control
max-age=86400, public
x-geo-city
Montreal
x-geo-latitude
45.50750
x-geo-zip
H3H
access-control-allow-headers
DNT,Accept-Language,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-region-id,x-api-version
x-accuracy
20
settings
api.usehero.com/webplugin/ Frame 35B2 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/settings?appId=efcf9631-4c6b-4874-9f76-51f71464249a
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
532bcb8909320181167f847a492db322b746fe9d010daf0f8a10121b4e22cc97
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding
gzip
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
13911fbb-f443-4497-92d3-fd90f5d9ddbb
cross-origin-resource-policy
same-origin
x-geo-longitude
-73.58870
pragma
no-cache
referrer-policy
same-origin
etag
W/"64f-5vtIf06F9AHeeSALavoGvmhOwKU"
x-frame-options
SAMEORIGIN
x-geo-zip
H3H
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
45.50750
x-accuracy
20
expires
0
date
Wed, 22 May 2024 13:53:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/Toronto
x-envoy-upstream-service-time
15
x-xss-protection
0
x-request-id
13911fbb-f443-4497-92d3-fd90f5d9ddbb
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
CA
x-geo-city
Montreal
act
analytics.tiktok.com/api/v2/pixel/ 		0
706 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.20 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-248-20.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
9055b5a8
date
Wed, 22 May 2024 13:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2405221353354F945D5DC5F87CBBFD83-6298D85E9A174714-00
x-cache
TCP_MISS from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
server-timing
inner; dur=23, cdn-cache; desc=MISS, edge; dur=14, origin; dur=28
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202405221353354F945D5DC5F87CBBFD83
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
28,23.220.104.20
x-tt-trace-host
01426287e4445b5ff20f4095011fe5ae83fe9a6f8d7ff6b268929d5c93d224f439859a6028b9e55469d801560c6123e3d63770bc2aed2e308e4ad107d631bc5e1dda234bdf0699ae096939b34978b4e5b21f6ad476dec731cdc93c94c73b3e8e9f
access-control-allow-headers
Authorization,*
expires
Wed, 22 May 2024 13:53:35 GMT
script-tag.js
cdn-scripts.signifyd.com/api/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.64.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-64-85.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:48:01 GMT
content-encoding
gzip
via
1.1 c625b1bdde545acdeb26c9f6ad3a8c6e.cloudfront.net (CloudFront)
last-modified
Tue, 23 Apr 2024 14:51:40 GMT
server
AmazonS3
x-amz-cf-pop
IAD12-P1
age
335
x-amz-server-side-encryption
AES256
etag
W/"73ca6f23f3e08738233832c7a7a0c30c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
iRqbYza-1J12VVTVbfgKNYcIxWnIA_qQpsEU6xFVl9SQHUkU3rNX2w==
/
ct.pinterest.com/v3/ 		35 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%2C%22event_id%22%3A%228ecc58fe-fbdb-419b-95e6-647e6b095444%22%7D&tid=2615235625530&cb=1716386014601&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%222bdc3040%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22125%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22125%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22125.0.6422.76%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.136.202 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-136-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:34 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
referrer-policy
origin
x-cdn
akamai
akamai-grn
0.0a68dc17.1716386014.596f54c9
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
5c8bfc366c53ef4acca5f606987646193351b3ab
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
content-length
35
x-pinterest-rid
1618738543243290
expires
Sat, 01 Jan 2000 00:00:00 GMT
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 22 May 2024 13:53:34 GMT
expires
0
klarna-correlation-id
63d72733-2803-412a-94a8-b8e49403c1af
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
CA
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
6
x-frame-options
SAMEORIGIN
x-geo-city
Montreal
x-geo-latitude
45.50750
x-geo-longitude
-73.58870
x-geo-zip
H3H
x-permitted-cross-domain-policies
none
x-request-id
63d72733-2803-412a-94a8-b8e49403c1af
x-time-zone
America/Toronto
x-xss-protection
0
metrics
api.usehero.com/ Frame 35B2 		0
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:34 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/Toronto
klarna-correlation-id
c36d6780-7973-4b4f-8fd6-cd1b8b5d650e
x-envoy-upstream-service-time
10
cross-origin-resource-policy
same-origin
x-geo-longitude
-73.58870
x-xss-protection
0
x-request-id
c36d6780-7973-4b4f-8fd6-cd1b8b5d650e
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
H3H
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Montreal
x-geo-latitude
45.50750
x-country
CA
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 22 May 2024 13:53:34 GMT
expires
0
klarna-correlation-id
15114ee0-f33b-4b75-8ac1-47d73ef4aff4
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
CA
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
5
x-frame-options
SAMEORIGIN
x-geo-city
Montreal
x-geo-latitude
45.50750
x-geo-longitude
-73.58870
x-geo-zip
H3H
x-permitted-cross-domain-policies
none
x-request-id
15114ee0-f33b-4b75-8ac1-47d73ef4aff4
x-time-zone
America/Toronto
x-xss-protection
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 22 May 2024 13:53:34 GMT
expires
0
klarna-correlation-id
57b40da2-aeae-41b7-933a-b1ba7a203c8c
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
CA
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
4
x-frame-options
SAMEORIGIN
x-geo-city
Montreal
x-geo-latitude
45.50750
x-geo-longitude
-73.58870
x-geo-zip
H3H
x-permitted-cross-domain-policies
none
x-request-id
57b40da2-aeae-41b7-933a-b1ba7a203c8c
x-time-zone
America/Toronto
x-xss-protection
0
metrics
api.usehero.com/ Frame 35B2 		0
985 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:35 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/Toronto
klarna-correlation-id
26526669-f71c-4b67-86ad-e495c1851c7c
x-envoy-upstream-service-time
8
cross-origin-resource-policy
same-origin
x-geo-longitude
-73.58870
x-xss-protection
0
x-request-id
26526669-f71c-4b67-86ad-e495c1851c7c
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
H3H
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Montreal
x-geo-latitude
45.50750
x-country
CA
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 35B2 		0
985 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:35 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/Toronto
klarna-correlation-id
bd4a0144-f5f7-4aee-af23-526676530aec
x-envoy-upstream-service-time
9
cross-origin-resource-policy
same-origin
x-geo-longitude
-73.58870
x-xss-protection
0
x-request-id
bd4a0144-f5f7-4aee-af23-526676530aec
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
H3H
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Montreal
x-geo-latitude
45.50750
x-country
CA
x-accuracy
20
expires
0
lineup
api.usehero.com/info/ Frame 35B2 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/info/lineup?appId=efcf9631-4c6b-4874-9f76-51f71464249a&id=3VNlAm9GwR
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
68336c6041adea6a7d274947fcac09dd803552f2a4a6112b0c794408b80117c7
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
e07d2d66-8595-4fdc-bb7d-e49590f6517f
cross-origin-resource-policy
same-origin
x-geo-longitude
-73.58870
pragma
no-cache
referrer-policy
same-origin
etag
W/"11c-g+rqqKriy0sVjzjIyMpWiikXTEc"
x-frame-options
SAMEORIGIN
x-geo-zip
H3H
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
public, max-age=120
x-geo-latitude
45.50750
x-accuracy
20
expires
0
date
Wed, 22 May 2024 13:53:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/Toronto
x-envoy-upstream-service-time
9
content-length
284
x-xss-protection
0
x-request-id
e07d2d66-8595-4fdc-bb7d-e49590f6517f
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
CA
x-geo-city
Montreal
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 22 May 2024 13:53:34 GMT
expires
0
klarna-correlation-id
503ad222-310c-400b-8604-fcdc5e53e55d
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
CA
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
5
x-frame-options
SAMEORIGIN
x-geo-city
Montreal
x-geo-latitude
45.50750
x-geo-longitude
-73.58870
x-geo-zip
H3H
x-permitted-cross-domain-policies
none
x-request-id
503ad222-310c-400b-8604-fcdc5e53e55d
x-time-zone
America/Toronto
x-xss-protection
0
metrics
api.usehero.com/ Frame 35B2 		0
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:35 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/Toronto
klarna-correlation-id
273446df-671d-4923-94b5-d29893d066a5
x-envoy-upstream-service-time
8
cross-origin-resource-policy
same-origin
x-geo-longitude
-73.58870
x-xss-protection
0
x-request-id
273446df-671d-4923-94b5-d29893d066a5
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
H3H
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Montreal
x-geo-latitude
45.50750
x-country
CA
x-accuracy
20
expires
0
main-v2_8d03e4c35771169b7c951faff9475370.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		494 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_8d03e4c35771169b7c951faff9475370.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c774dc50ae761c1be378981091306ce24f41f774e32fd41b461562efd2d7a6b7

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 16:21:14 GMT
content-encoding
br
age
77541
x-guploader-uploadid
ABPtcPpZRPzJbgFo1UK-UzbmnRQ6qYzEE51Dq-prmQ0mNhP2b6xcd_t8yX3xT3nx6w24JUCvxy0
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
109729
last-modified
Tue, 21 May 2024 16:21:04 GMT
server
UploadServer
etag
"a16d20385270e196f9ef8efab92fee45"
x-goog-generation
1716308464871712
x-goog-hash
crc32c=N2Ymuw==, md5=oW0gOFJw4Zb57476uS/uRQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
109729
accept-ranges
bytes
content-type
text/javascript
cjs_min_3a843477d8e318f67237a66d0a58c542.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_3a843477d8e318f67237a66d0a58c542.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
6c58f061a49641f54723faab57ad0bdb49a95619e86c90dad9a3ed630ffb3780

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 26 Apr 2024 03:41:51 GMT
content-encoding
gzip
age
2283104
x-guploader-uploadid
ABPtcPreKCkZUlH4amyFrDhyz2-uKKNJ6slxSA4OKNxdIRBcP9ruEAiBR67IyzL7cxQcZIge5_m-WQGhHA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15748
last-modified
Mon, 22 Apr 2024 20:59:52 GMT
server
UploadServer
etag
"1eb885454ea6bef1c9747800702959de"
x-goog-generation
1713819592631797
x-goog-hash
crc32c=Joap5g==, md5=HriFRU6mvvHJdHgAcClZ3g==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000,no-transform
x-goog-stored-content-length
15748
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
upload.usehero.com/avatars/ Frame 35B2 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-80.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 12:01:46 GMT
via
1.1 aa6e16f47d6a0519f52b8dcfca2d841a.cloudfront.net (CloudFront)
last-modified
Tue, 18 Jul 2023 20:33:39 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
6711
x-amz-server-side-encryption
AES256
etag
"dd497646e037b78e9dc7ed0418ad50f0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1340
x-amz-cf-id
QnYDX3PbsQYRXDkIF4zZa1fFVMNhzg5insK0bIFqBguSfbLact5xDg==
BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
upload.usehero.com/avatars/ Frame 35B2 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-80.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 15:03:43 GMT
via
1.1 aa6e16f47d6a0519f52b8dcfca2d841a.cloudfront.net (CloudFront)
last-modified
Tue, 22 Feb 2022 11:23:23 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
82193
etag
"3436467bdbf884d229cc844f2d56d81a"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1279
x-amz-cf-id
Wp67BGQ1uI3xhDLQ8EftA5MtpPiNoMvPPd2lquIJ3PNPdCFId_eHQw==
lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
upload.usehero.com/avatars/ Frame 35B2 		928 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-80.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
64fb011f8aa4f1a4470c3093845f0c2047a21504f823e2ec6f6684d87b81f0f8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 14:34:57 GMT
via
1.1 aa6e16f47d6a0519f52b8dcfca2d841a.cloudfront.net (CloudFront)
last-modified
Sun, 12 Feb 2023 00:23:18 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
83928
x-amz-server-side-encryption
AES256
etag
"278d510e97539c507718c7343b8f3dc7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
928
x-amz-cf-id
BywJOsZ3-pyzOsGVWkTxkY0fGvHtJJJ6fazt761ii3DhXTypb5pGFg==
index.html
www.paypalobjects.com/muse/analytics/ Frame 57A6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chf/16CA) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16754
content-type
text/html
date
Wed, 22 May 2024 13:53:35 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc+gzip"
expires
Wed, 22 May 2024 14:53:35 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
10f850d4c88da
server
ECAcc (chf/16CA)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-000000000000000000010f850d4c88da-a8a6681958eddb81-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=1ad34e64-89c0-4acb-bb50-f1f71007cad7
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDFhZDM0ZTY0LTg5YzAtNGFjYi1iYjUwLWYxZjcxMDA3Y2FkNxAAGg0I3_G3sgYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=224f0c713094b3bad39c2727164de2d784636dbbb6a37968819fab3bcb13ec566ac34734d8e453ee
37 B
303 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=224f0c713094b3bad39c2727164de2d784636dbbb6a37968819fab3bcb13ec566ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

content-type
image/gif
date
Wed, 22 May 2024 13:53:35 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
x-samesite
secure

Redirect headers

date
Wed, 22 May 2024 13:53:35 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=224f0c713094b3bad39c2727164de2d784636dbbb6a37968819fab3bcb13ec566ac34734d8e453ee
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
token_create.js
ct.pinterest.com/static/ct/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.136.202 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-136-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cd56592299c1c670fb97ef28bcb50048508c01879ecb23b71364aecc0483e202
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:35 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.0a68dc17.1716386015.596f5fe0
etag
"19c94b308deaf8fbf050b4fca2fa21b7"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200
content-length
2108
ct.html
ct.pinterest.com/ Frame 7686 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.136.202 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-136-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

akamai-grn
0.0a68dc17.1716386015.596f6354
alt-svc
h3=":443"; ma=600
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Wed, 22 May 2024 13:53:35 GMT
pinterest-version
5c8bfc366c53ef4acca5f606987646193351b3ab
referrer-policy
origin
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-cdn
akamai
x-envoy-upstream-service-time
0
x-pinterest-rid
1076213523907279
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.235.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.235.149.34.bc.googleusercontent.com
Software
/
Resource Hash
10d8b3ff7850f2970b02368006230ce7d0be3d17d869b0cdf66de92305dea88a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:35 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.145.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.145.149.34.bc.googleusercontent.com
Software
/
Resource Hash
ad210e68e4b109c04af983413ec85b9d06ddba8da275bdc38c46c7d472cdd8bf

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:35 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.120.163.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
217.163.120.34.bc.googleusercontent.com
Software
/
Resource Hash
b57a88b62f9a8c3012a99ee68f3bf384e5290a95a57254199bc7f0491bca97d8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:35 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
inbox-v2_02aca5df0e176b8810a86da97ac05424.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_02aca5df0e176b8810a86da97ac05424.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
03dbf9dc05fa84370cbdfb363a10855e9fd035a833cd83b67e14cdb975882bed

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 03:37:05 GMT
content-encoding
br
age
468990
x-guploader-uploadid
ABPtcPohFSuNP7c9hbtvWzXpTBNtNeqCTU9I5bblR6YpQC05RtOauzvSPwR-w43wb19oUC6ukG4bQabJqg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5089
last-modified
Thu, 16 May 2024 18:36:39 GMT
server
UploadServer
etag
"2a4c802d3ec2dfc292cc9bb15ef5f45d"
x-goog-generation
1715884599873439
x-goog-hash
crc32c=PRHjLA==, md5=KkyALT7C38KSzJuxXvX0XQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
5089
accept-ranges
bytes
content-type
text/javascript
onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 26 Apr 2024 03:41:48 GMT
content-encoding
br
age
2283107
x-guploader-uploadid
ABPtcPoNOeD88e7FFO_cduhlDl_oghFmNdemL_qBnZZsxPkXhG1i3E81ZVXTdCvGa8DCV2ndEsNDwtJSuA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5003
last-modified
Tue, 23 Apr 2024 14:37:24 GMT
server
UploadServer
etag
"7ff99b6f1cea743cef749de91009e764"
x-goog-generation
1713883044855037
x-goog-hash
crc32c=qFvE1Q==, md5=f/mbbxzqdDzvdJ3pEAnnZA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
5003
accept-ranges
bytes
content-type
text/javascript
ts
t.paypal.com/ 		42 B
249 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1716386015454&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.35 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0
date
Wed, 22 May 2024 13:53:35 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
bbd23927db544
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200051-BUR, cache-yyz4565-YYZ
pragma
no-cache
correlation-id
bbd23927db544
traceparent
00-0000000000000000000bbd23927db544-07ae77a7f0d63ec5-01
x-timer
S1716386016.746904,VS0,VE107
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 May 2024 13:53:35 GMT
g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
upload.usehero.com/avatars/ Frame 4729 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-80.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 12:01:46 GMT
via
1.1 aa6e16f47d6a0519f52b8dcfca2d841a.cloudfront.net (CloudFront)
last-modified
Tue, 18 Jul 2023 20:33:39 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
6711
x-amz-server-side-encryption
AES256
etag
"dd497646e037b78e9dc7ed0418ad50f0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1340
x-amz-cf-id
QnYDX3PbsQYRXDkIF4zZa1fFVMNhzg5insK0bIFqBguSfbLact5xDg==
BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
upload.usehero.com/avatars/ Frame 4729 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-80.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 15:03:43 GMT
via
1.1 aa6e16f47d6a0519f52b8dcfca2d841a.cloudfront.net (CloudFront)
last-modified
Tue, 22 Feb 2022 11:23:23 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
82193
etag
"3436467bdbf884d229cc844f2d56d81a"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1279
x-amz-cf-id
Wp67BGQ1uI3xhDLQ8EftA5MtpPiNoMvPPd2lquIJ3PNPdCFId_eHQw==
lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
upload.usehero.com/avatars/ Frame 4729 		928 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-80.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
64fb011f8aa4f1a4470c3093845f0c2047a21504f823e2ec6f6684d87b81f0f8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 14:34:57 GMT
via
1.1 aa6e16f47d6a0519f52b8dcfca2d841a.cloudfront.net (CloudFront)
last-modified
Sun, 12 Feb 2023 00:23:18 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
83928
x-amz-server-side-encryption
AES256
etag
"278d510e97539c507718c7343b8f3dc7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
928
x-amz-cf-id
BywJOsZ3-pyzOsGVWkTxkY0fGvHtJJJ6fazt761ii3DhXTypb5pGFg==
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.64.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-64-85.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:27:19 GMT
content-encoding
gzip
via
1.1 c625b1bdde545acdeb26c9f6ad3a8c6e.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
IAD12-P1
age
1577
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
gok3I6iwmc6M8AUOJmkTtfZEd_Y8C-BIexZD9YXBoR7TuieXIEtJyA==
jquery-3.7.1.min.js
assets.bounceexchange.com/assets/bounce/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.7.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 08 May 2024 23:09:24 GMT
content-encoding
br
age
1176251
x-guploader-uploadid
ABPtcPp92gHmeersAAX6IdTwFi5U3mUDTMxR3gwwru6a4ZlUXdcLSKts1MG2aP2Gcqy56cRidJE
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31015
last-modified
Mon, 06 May 2024 20:34:30 GMT
server
UploadServer
etag
W/"2c872dbe60f4ba70fb85356113d8b35e"
vary
Accept-Encoding
x-goog-generation
1715027670000061
x-goog-hash
crc32c=fsBEgw==, md5=LIctvmD0unD7hTVhE9izXg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
87533
accept-ranges
none
content-type
text/javascript; charset=UTF-8
bo2yoh081lho8db7.js
imgs.signifyd.com/ 		96 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/bo2yoh081lho8db7.js?cw51r7b6flwpsy20=w2txo5aa&keo412yoggr1we2p=L2VuX0NBL2NjOTJhZmFjNjVjMTU5NjQ3NTg1YjIzY2E5
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
ea6c414e1566aba014f96f95a1acbc5d55ad8424e572cc7cc624d7184347f33e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 22 May 2024 13:53:36 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 8FA5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
age
2283108
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Fri, 26 Apr 2024 03:41:48 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Tue, 23 Apr 2024 14:37:03 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1713883023838131
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
ABPtcPpftw8opILy2B5l4TCwxFKC0PyXwez2LtWERhJOXWuK-FLxU8PEwiDoyPqpBQqyYGs5-iI
ts
t.paypal.com/ 		42 B
249 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfo&cust=RAYSGCAAKRC7S&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=77&identifier_used=IP&e=im&t=1716386016369&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.35 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0
date
Wed, 22 May 2024 13:53:36 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
9897bf8be0053
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200049-BUR, cache-yyz4565-YYZ
pragma
no-cache
correlation-id
9897bf8be0053
traceparent
00-00000000000000000009897bf8be0053-423a8bede962b61f-01
x-timer
S1716386016.390134,VS0,VE102
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 May 2024 13:53:36 GMT
eDXhs3SygX2NTFrg
imgs.signifyd.com/ Frame 0443 		278 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/bo2yoh081lho8db7.js?cw51r7b6flwpsy20=w2txo5aa&keo412yoggr1we2p=L2VuX0NBL2NjOTJhZmFjNjVjMTU5NjQ3NTg1YjIzY2E5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
707af7d463d8fc71a9b652a774b84946dbc70e8f308fe2aeb0a11e5fbae37752
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 22 May 2024 13:53:36 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
89a550ea7716fdfb
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sBWfY-YW51SOtkIs
imgs.signifyd.com/ Frame 0443 		81 B
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/sBWfY-YW51SOtkIs?3ec94f7adb3809b8=AtCqhG8VB0N1yscx38vZoLFw4oxA2oZZOr2gdqiEA1CXXdyyeQrnlRHW5DJfUA0snueK_kGhQaKew4S15sSHCjLQE9aIodeQv9uG0vedoPdSW0SHFskoK2E4ieFhKFoZmOmHR3pgTULM1T66gIUf0G9Ovq_rgTskPlpgY_nKJl0RFoyHAQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:36 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
FetAWFZj6BI_kxWP
imgs.signifyd.com/ Frame 0443 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/FetAWFZj6BI_kxWP?e3076b1e3f19eff3=l_V2LV8mqScLoLDPxOh_kLGEI9aBxzPfMMiZZL8zrVjat0JDSkAwp_3tlmm5ed7eKtiZOFB0sFe8pawNZIaCri15MWDeHvIAdiCs8W_SkY0VEH-ZF2qu2fCY8JQ69htQsrY3OfIwaLbokgeb464Ur4zDAPIrlfC-G9hTKXf5AtIoFpHN7A
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:36 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
c
ids.cdnwidget.com/ 		441 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=233195157&GCS2=MTcyLjE3LjAuMTUsMTAuMTMuMC4xNiwyNjA0OmFhYTpiYmI6Y2NjOjoxMDBl&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22bqzeIY6qthk3JY8%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A4%2C%22IDStageStart%22%3A4%2C%22netComplete%22%3A162%2C%22obsReqpage%22%3A445%2C%22obsReqview%22%3A460%2C%22obsReqdata%22%3A461%2C%22IDStagePrefire%22%3A461%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-7%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%228555647694248180805%22%2C%22visitid%22%3A%221716386016284393%22%7D
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
d4645f5705d10b6a8862e981a6d94b5fef46d4bd6d513bc902e9c1dc693c9350

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:37 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
441
clear.png
imgs.signifyd.com/fp/ Frame 0443 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
*/*, w2txo5aa/89a550ea7716fdfbl2vux0nbl2njotjhzmfjnjvjmtu5njq3ntg1yjizy2e5
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 22 May 2024 13:53:37 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 22 May 2024 13:53:37 GMT
Server
Apache
Etag
9c5e6fdf0e194f9d849c56226c0f2516
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Mon, 21 May 2029 13:53:37 GMT
M5awmZZEGP-Igw_f
imgs.signifyd.com/ Frame D2F9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/M5awmZZEGP-Igw_f?dee9f076ba7df322=c6ldMQ81rwwxe-JqUay8PdGTj-TaifkFEaunfL9vqH0mLfcIQznN-CAbD2MfLveuIOyqECoSNoenBkRw4ip_WGtvzlcAmpn-jXwA_kJU363hzxEudhhrvMhOwQwpQkPCUKnsbXSChv4tko2nNgBeyPE5JDikYYSIQU7NGR8Bq6TMx2zc4BcMP6RPoZXdef9i9_9tVELdvUlB8hLMJA8Ni1vQMh2XBA
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 22 May 2024 13:53:37 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
Ar_V-jC2N2MuTAhU
imgs.signifyd.com/ Frame 0443 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/Ar_V-jC2N2MuTAhU?5e30158c0c803642=gmli3T1Rh-qRLcKXBFqopS734UkOfBhR3tQKpLXs4G9FxYYFUF0t8n5hSI7DHELPk5j60bY2GJisjSOowNAhY9Nqh2-IYIHMnh50GGlJDgH1FX_mT5GsCUY5elxMCuh7zzk2C8ZwnJctbg6fM1oELoEaPE4lmtald6kzFA&jb=3b34246c7b6137323a363e3a3a36396a6c6a363e6f3361686a3161666b6e38336b3260656d686e
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:36 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
C-i03DXwvp157F7-
h.online-metrix.net/ Frame 77F2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/C-i03DXwvp157F7-?6fbb08e3620e810c=fEcSJOpV18Kv6__BQM3FduxplrY2uzkr_aHYvXBtlpJ6kpar8lfZq91dkIObQCcpdIAbb7YEnluObVUr1ldRQk5JcKW2TyfpegdgB7P10Hsbylo_oEsHgyXmA8OogZMT6_i8h8paObpb4k3S8dFLZEF7eVCChDm86cz4uQlfTsyuX3982JmHHDGs9eFpJts9GVrxPzTPYse13mVPa2ggIauNWJtiXfk
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 22 May 2024 13:53:37 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
A4RprG_E2Xg8PNXZ
imgs.signifyd.com/ Frame 454B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/A4RprG_E2Xg8PNXZ?4960819af25efa3a=bkRCHSDYittE9cEWCwgck8sX6KZ622bEStLXLL7ppwthnvPEEfNoPtNPqkanC__r_VtsuOOWoKOg8ra1gEhNxbMLMasS46UBvDhlPw1vQ-KXyGHvIfIsxfpGnpU4td1_nn6Br2BuecCOnqD9_HQt9Uelc06De7SkMGQoFqXruGxTSUq45XerpqfPBzkJaBybsFKuOP235ulIuxrfYs5ntcm4p6e2PvY
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 22 May 2024 13:53:37 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
Ar_V-jC2N2MuTAhU
imgs.signifyd.com/ Frame 0443 		0
219 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/Ar_V-jC2N2MuTAhU?5e30158c0c803642=gmli3T1Rh-qRLcKXBFqopS734UkOfBhR3tQKpLXs4G9FxYYFUF0t8n5hSI7DHELPk5j60bY2GJisjSOowNAhY9Nqh2-IYIHMnh50GGlJDgH1FX_mT5GsCUY5elxMCuh7zzk2C8ZwnJctbg6fM1oELoEaPE4lmtald6kzFA&ja=3a3231392e26693f2536323a2c7a373e3a2e64373b3c323a703132303a2c6164373134303872393838322673707b3f3538783f322e667a78373126393c3832263b38323a243136303a2631303a302e313e3a38263930303024333430382c3b303832263f3a2c3f382c657637383d643f396433313e3365346866303031683e3c6a6633383f6032616e3369362e6f64373826796b6e35303e2c666a3760747470792f33432f3244253a4c7f7d7f2c656c6e616d7365657e6b6b712469656d2f3a4c6d6c55494b27384e656c6627696f71676576696b276b78616f696e696e7126786c37372e7262376f383a3a6e6e633f3f3f33333b663465686f383b333367623c6b31333a3b30642e6a6a3d30383c316d3069393a396c6d336e663c323c3b686d3331303d3e353b3b313a652e607b653555696e6c6d75732d323a3339246079683d496078676f6f2f38323b3a35266a7965753f5d696c64677d7b2c6271627535416a72676d6f24666a69373e382c666e653f322c646f7e783d30267e70643f4b6d67726169692f3a44566166616d757e65782465637e62783d3e383a3b663b6938606f6b3032653c6963373c3032383a6b6c3b3d373430396466343d3832333c336e3c6f616b3a3e6c61333e6b64686c3732333b39313b3c6124647a37607e7c7273253b4327324e2538447f757d246f6c6c6b657b6f6f7e63617926636f6d2f384667645f41412d384e6f64642d6367716f657c69692f6b706367636e6b64792e72377a66776d616e5f66666b736a2f35476669667b6f29726c756f6b6c5f7f6964666775795567656e616b5772666b7367782d3545666b6673672b706e756f63665569666f626d5d63637a6f68637c273f4f6c61667b6f2972667f6d6b64577175696961746b676527354d6c69667b67217064776569665f796a6761617d6b766f2d3f4d646b6679672b786c756763645f706f616e70646b716f7a2735456e636e736d217a6e7d6563645576666b55786e6b736f702f3d456661667965237a6c77676164576e6d74616c7e7027354d666b6e7b672b7a66756d616457717c6d5574636d7765722f3f45646b6c7165297a647f6f6b6e5f626374612d354f64696e796f2c6766576935756f686d6e5d6d62474c2f383033243027323822477a6d6c474c2d3032455b2538323a2c3a2f3830496078676f637f672b5d6d62474c2f38304546534e253a3a4d592d30303126322732382845726d6c4d462f323a4d592d303a4d4651462d323045592f32323b2e32253a3a4b627a6d6d697d6f2b576d62416b7c556f6841697e2d3838556f684d4e4b46474c4555636e717e616c636d6e576b7a7061797b2731422d323a47505655686665646c55656b64676b7a2f3b4225323a4f585655636e6978556b656676726f642731422d323a4750565569656c657a556a776c6c6f705560616c66556c6c6d6b7427334a2f3a3a4d5a545f6c677274605f696e696f7a2f39422f3a3a4d5a5e556c6e6569745f62666f6e662f3340253a3a4d525c5d667269655d646d707e6a2d31482f38304f505e57726566736565665f6f666c79657655636e61657a2d394a2732304d5a565f7b686b666d70557e6f787e7d786d5d66656e27394a2532304f52545d7e657a747d786d556b6d6d707a677173616f645d6a727e692f33482d383847525e55766f707475726f55636d677070657b796165665d72677c6127334a2538324d5a5e557e65727c7f7a67556c636e7e6d725f616463736d7e726d7061692d394a2732304d5a565f7c6572767d706f556769787a657a5d69666b6f7a57746f5f6f6e67672f3340253a3a4d525c5d73524f4027334a253832474759556f6c6f656f6676556364666f705f7569647e253148253030474f5b556e606f5f7a676c646d72556f6172676b7a25394a2f3a32454f595d797c616e646b78645d6e6570697e6b7c637e6773253b402732384f4f5157766f727e75786d556e6e656b7e27394a253230454f535d7e657a747d786d556e6e6f617c5d6e6966656b702d31482f3830454d5957766f727e77786d5f6861666c5f64666f63742d394a2f3a324f455b5d766570747f706d5d626b6666556e6667637e55666b646d617225394825303a4f4753577c6d787c67785f69707061715f65606267697e2f33482d3838554f484d4e556b6f6c6f785562776c666772576c6465697625334a2730305f454845445d69656770786d797b676e557e67727c757265556b7376692531422d38385d4d40474c57616d6d78726f717b676e557e65727c7f7a67556f7e612f3b4225323a5d45404d4c5d63676778786d7173656c5d766570747f706d5d6f7e69312f3b482d303a5d4f404d445f636f677a726779736764577e6d727c777265577131746b2539402d303a5d4f424d44556b6d677a7867797b65645f7e6f78767f72675f7b397c69577172676a2731422d323a554d404d4655646f6a7f6f5d786f64666f7a65725f6364666d2f3340253a3a5f4f4a454c5f6c6760756f5f796a69666f787925394a2f3a325d4f484546576465707e625f766f7876757a6f2d394a2732305f474047445f6e70697555687f666c6d787b2739482f303a5f45424746556c6d79655d6367647c6f707625334a2730305f454845445d677f667463576e7a637d2f39402f3a305745484d4c5d7a6f6e796f656655656d646539342467645f623f30346c3969383e69323f33683e32676b6c383436336b64366b3760356b3c38326a3a61643d3733362e776d6e7e3f43647e65662d38384b646924247d6f6c723d4364746766253030417861792d30304f78676c47442538324d6c6d6364652c6b696c3f3b&jb=393732266471374f6778636666612f3a4c3d2c3a2f3832225f696e64657d732738304c542d38383b382c30253b4027323857636c3e362f3948253838723e36232f38324b78706c655d6f6249637427324e3f3b3d263136253a322a4b4054474e2d30492f38306661616d27383a4d6769636f2925383a436a786f6f652d384e3b3a372e3026322c302d323a5169646b786325384e3f3b3524393c
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 22 May 2024 13:53:37 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Type
text/javascript;charset=UTF-8
P-WkoYe7riQ8gS_f
w2txo5aa3cfvzjhua3cgl2acntof33yupyka5hvw89a550ea7716fdfbsac.d.aa.online-metrix.net/ Frame 0443 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aa3cfvzjhua3cgl2acntof33yupyka5hvw89a550ea7716fdfbsac.d.aa.online-metrix.net/P-WkoYe7riQ8gS_f?3fec324c209d6ba0=yYEmC-swIRJMmP5lb7sY8SpswJ9wbumfR1yf7W_59OJ-LJcokXvBXfKLE2CuZ_cj1FEnhZ3NssM6USG0QWkKRvy6UZiwfOnHg8a9vAq5082PZlQsZkDM2j_gFUt9WtqVCKSY0sQNZ_qnLypU_601nOQkxqBsjHU3DV7EqtXfFOl4a_E
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:37 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
e2wfFjornNUi9rEB
imgs.signifyd.com/ Frame 0443 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/e2wfFjornNUi9rEB?947f93becbdaca7d=d9R9aD21iGD-3sVe31tWpmZyj3M_gwkhek9hqh7X7n8LQFD05tGHkx71xfnV-WdvGNA2DKfAN7hROuuWWW6HxWuo6MYGNEUR4Gzre2ij_c0F4oppNotLnTOW3yA7t2iY0fNG1H1_cPHdSVSjbSrQIhtJk2IggokFCCiRSdUhnMCynuG9mjsgbQi__6qM3W2Qkm40ZzqBGpfh9a5DgM0djofdaRxFsg&jac=1&je=3036242665656e6a352a392f38433b2d384b312f38493b38396562616b3a3033326634376d68313a6e3239656b31613931636f666a343b3a6b643f386b6e356e683f616f3d656136383a34303b6160666b3d393c3b6129
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 22 May 2024 13:53:37 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
Content-Type
text/javascript;charset=UTF-8
sUMA_UXmxdo4ac6f
imgs.signifyd.com/ Frame 0443 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/sUMA_UXmxdo4ac6f?799977b0918ba65b=D2wj1MakiNy1gTDaiiWwO-JYmlrjV5XYKMg7Q3Fp7tQEe5de4RZqN9jASuG7OmZdv-raKZipmsElqL3FfO2marpLrCyB_cH6HeSK0gfuyAmLs-GhC7nafokF8hMCFOdPVKoHCCgEFGY3Er-y4ohCmhctScOMurmrc7rPIVNlyAQ1Hdmu_2eayOsOVXqwKGw0Ei6c49X2ZJ68LpRC3OlaLe98Nk3ajw&jf=3c3334267b696e5d7a6c6e377e6478573a63776e5f7930443b7936686b785a6f2c736b64576e697e6d3f3137393431383e303b342e71636e557473786f35756f683067696c7361267963645d61657b3d3b3a3d333b323133383432373a6132343c3a696f39643a3a3a39323c3a32306b30363438696f33663a333231383d38393c303030383630333f3532673a633e3d6c3339386f6a646f6c3a343e6c633438326f66333e383234313e696b3c3561643167603569653a346b37396c3a33336c6f3a643b3a32666b6a653331696f6634683633376e3a6b3a316761316931673138303f3b39353f3a3c633369696d313b3a38373c3d3439613e6c62303e3064636c3a3d3a393b267361665d736167373138363f3a38323a383938606f696b636f3e6230323d3f643b3a383264383c3e6c383161366c616338316139326c373c6868666e3c383b373b3a69353e6b353162693863313f3834303a38393a386734383b363a6630316c646a636e6833303e6b3f6b346e6f3330333f6332336c68333b38656466393b696f3b6462646e3061396c396b616b353f683c333c6d392e71636c783f3a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:37 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=96
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
lookup
pd.cdnwidget.com/ 		74 B
239 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=2gpEFlhIlhHYbfWHoz6pcosqY2z&bxwid=6664&bxdid=8555647694248180805&visitID=1716386016284393&enableUID2=false
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:37 GMT
via
1.1 google
server
istio-envoy
content-type
application/json
access-control-allow-origin
*
x-envoy-upstream-service-time
62
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74
Ar_V-jC2N2MuTAhU
imgs.signifyd.com/ Frame 0443 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/Ar_V-jC2N2MuTAhU?5e30158c0c803642=gmli3T1Rh-qRLcKXBFqopS734UkOfBhR3tQKpLXs4G9FxYYFUF0t8n5hSI7DHELPk5j60bY2GJisjSOowNAhY9Nqh2-IYIHMnh50GGlJDgH1FX_mT5GsCUY5elxMCuh7zzk2C8ZwnJctbg6fM1oELoEaPE4lmtald6kzFA&jac=1&je=393334362e267a6f356c652c68617e7b7e35273d482f303864657665662f32302f334331263a382f3a4125323a7176617c7579273a302f394b25383a696063786d636c6d2d3232253d4e26637f646a3d6b6b3f68316736653e3a33636b6169346e306b3d6931333a333b34393e3c603f6b333137333c62366e3866643c323e3a383138666d3664303b66696630363f332c65723b376b3339693e673a3d3965383b6e30353d6631666c68386e303a3761313a3634693868676b31693968267f696235273d482f303869726368637e65617e7570652d383a2f3b4325323a7a3a362d3238273a412f383862637c646d71792f38302f3b412532383c3427383227324b2f3a386a70616e6c7127323a2539432d37482f3d422f3a386a706b646e27383a2533412f383245656f656c6d2f3a3a4b6a726f656727323a2538412d30387c6f72796165662738382f314b2d323231383f2530382535442d384b2f3f4025323a60706166642f303a27394b2f323846657c27394b4b2f487a616e642f383227384327323a7c6d787b6b6f6e2d3030253b412f303a3a2f3838253d4c2f3a412f3d4827383a627261646e2530382531412d383a4960706f6d61776f253a322f304b2738387c65787b63676c2f38382739492532323b383527383227374c2f3d4e2d3043253a306475646c5c677a716365644c637b7e2d30382f39432f3d422537482f32306872636e6c2f3a382d3141253a30456f676766672d303a49627265656f2d30382f38412f3a3276657879696d642530322d39492f3a3031323d2c322e3e34383026353c2f38322f3f4e2d30492f3d402f3a3262726b64642738322733492f3a384b6a726f656b776d2d3238273a412f3838766f7a79616d642f38302f3b412532383b323724302c363c383a243f3425323a2735442d3249273f402f3838627869646c2738382f314b2d32324e657e2e432f3244427a6b666e2d3032253a4127323a766f707b6b65642f32382d3949273838383624382e302e3a2f32302f3746253d4e2d384b273232656d606964652f303a27394b6c61667b6f2d30492f3830676764656c2f383227394127323a2f3a382d3043253a30726c69746c6d7a6f2f38382539492f3a305d636431382d3232253849253038706e617c6c6778655465727b6b6d6e2d3238273b432f3838313a263a26322f383827384b2532327d6577343e2530322d39496c696e73652d3546267d61663f2d35482f3832687a6b6666792f38302f3b412535482f37402f3230627a6b666e2d3032253b4327323a47656d6f6e6f2f3830496078676f6f2f38302f3a432532387c657079696d6e2d383a2f3b4325323a3330352d3238273f462f3849253d4a2f3a3068786b6c6e2d323225394b2530384e6d742d39494b25407261666627323a2538412d30387c6f72796165662738382f314b2d3232382f3832273d4427324b2f3f482d3032627a636c642d3238273b432f383843627a65656b7f672f30382d3243253838766778736b6f662f3a382d3141253a3033323d2538302d354e2f3f442f3a492d30386765606364652532382f33436c616e736d2f3a492d30327064637666677267273a302f394b25383a5d616c39382f30382d3744
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:37 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=95
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
sgtm.elfcosmetics.com/g/ 		954 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je45k0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1227192840.1716386011&ecid=1604216748&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=1737957495.1716386011&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&sid=1716386012&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&_s=4&tfd=13716&richsstsse
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
114486d314cae565053bc57566ab2af53b4f75a55a6ee60a13097e23e1fbf8d5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 22 May 2024 13:53:38 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
init1.js
api.bounceexchange.com/bounce/ 		108 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=1099&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHZ8A2AZgA4SAGIwwgVk2AC8QoAWAJmswHcApgCMcqYAID6qACZQS8jpgBOAnCAA2cNBgI1qAD3w9eKmAKUqlUbAEN161AgDmEuEvVQAFsGAAHHACkZACCAVwAYmHhfDEAdALqMEggOAC2AmhIOLHJqVECCBIAwqERCTAAtMlpGahIVUqoqY52OJgAbqiiwBLJIADWqAJQAYQAQmFc6r6TQaVc3n6BXAwhYQwR6xExfPGJ1emZ2blb4QXFpRtniVUph3UNTS3qy1xhRZNKs2tcb7+jABFsCABkMRuNJtIZN95hQGPCSBxCCQAJzcDgUfAUajYhizLgfX6daQwoikSg0UhcCgcMgosjvSbtGGjCa-dQgJxOATSKQIGEwVoCRm-ATtcwSDlcnl8gVCkVcJA2JQ9ACOwAAnjDqAqcHAhM0fDKMN1hf8QoKXmbCVNOdzeY4pNICmgYEMSebgpacNbJkqVXKrQr-T12nY4Ga3hb5YQAQrpE5wqglDhgAAZEA2D1R4LAJQRhWeZXSACScc9ky4Tl8AFFwko0wB1OmEAByOHwNlQ4WkAA0IEIEPgkKlWwAJfE2tQwYBllm-Ku18LqTwlldjgCaQhgjbHIBYJF81VVG64LEnkKcLIhvy6AAUVJ0QHAcEUX6B0l9Pd7fbecABlfUcCQRohHMQMfQVLoABUBH0YBAJEEDUDAr8cx-YMbCQTxJGAV45jJcgqFoehCA4QFAQ6ZUcAAbSle0+QAXVgIUqJTGixQleiZUcZifzY2iQwkdUNWY3gw3YvUDTEcReRNMQBD41iJNo7iHUKGQXVQN0eSUq0BJokM9J9AyhLDTRFJY-SVJo3wbG5CRNV8Sz+PaZ0YDou0eI050EFdd1jIEDp3MM5VQ3DFzWL6QZcJBSVlW5KyTKEXwoF4DJUpogAiEMsoAGhymxxCcEAlA1fKcpwpB+mfYAKs8EB0gq3wlBAaQ4BQCqfWVbCssYzBfDw6xcl8BwbGQSQYHUezrHaItrCLJQHVkRc6wbZsUTbDsux7ftB2HUcx0wacehkKBVuXVd1y3Hc9wPI8UhPM8gA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
f35ddb60cf73bc2e8c41528bbe2c04773015999036657c5837521f78eed4943d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:38 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 22 May 2024 13:53:38 GMT
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
23
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
graph
idr.cdnwidget.com/ 		0
135 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2gpEFrLW397Ns1aiFdXQbn1cmNH&deviceID=2gpEFlhIlhHYbfWHoz6pcosqY2z&bxdid=8555647694248180805&bxvid=1716386016284393&bxwid=6664&gm=true&apikey=2^HIykD&loadID=bqzeIY6qthk3JY8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Wed, 22 May 2024 13:53:38 GMT
via
1.1 google
x-envoy-upstream-service-time
0
server
istio-envoy
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
Ar_V-jC2N2MuTAhU
imgs.signifyd.com/ Frame 0443 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/Ar_V-jC2N2MuTAhU?5e30158c0c803642=gmli3T1Rh-qRLcKXBFqopS734UkOfBhR3tQKpLXs4G9FxYYFUF0t8n5hSI7DHELPk5j60bY2GJisjSOowNAhY9Nqh2-IYIHMnh50GGlJDgH1FX_mT5GsCUY5elxMCuh7zzk2C8ZwnJctbg6fM1oELoEaPE4lmtald6kzFA&jac=1&je=3f3024267f69633f393538243b372438243937263b3a2c3b3b2e302e3b3c26756f693f313e3c263a26303035263331362e77633435303c3a3e3a6b696b326068683061696b3a3a313a3a65
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/eDXhs3SygX2NTFrg?438a985594a078c8=krwZAm3ic8F1hDwmyf_wILlB6Iluo-J9Ylz-L1_P6Eg0dZyXDSXPPIX1jAQsiHJcczjDToqgnNZPJS54ESc4-QocQBGR_SmnscDE0zwZ1HTx-qbbwRzoppZ3pNAfJj-J_AU6xKNPp-7QDpeAvh4MQAXL3rAd6xK29nJe8lsWgHZpugY2Arp9Z2RRd5YD1AEs-WS__hQPGqO60Umbxhimo9UjUsI&jb=3d3b242662736577355563646e6f7d7b2c627165375d6b646c6f77732f3830333b2668736a7f354960706f6d6d2468736a3d496a7a6d676f2f323a39383d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Wed, 22 May 2024 13:53:37 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=94
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
/
www.google.ca/pagead/1p-conversion/698270988/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=287953598&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e45g0v9125640115...
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1032983597&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1032983597&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e45g0v9125640115z88966...
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1032983597&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e45g0v9125640115z889660...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-conversion/698270988/?random=1032983597&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e45g0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=946854222.1716386011&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI4LO0l7ShhgMVsw5oCB2IcQfWMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQDaQooLkWhtaqxrielHcFgSTiMUKtJVPv-xf6EjV4tK6qewuCgxOj0-&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlv1yaLT-DBho4nXOk8gIcJBoSImKgrT_h_A&random=625798512&ipr=y
Protocol
H3
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.ca/pagead/1p-conversion/698270988/?random=1032983597&fst=1716386018047&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e45g0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=946854222.1716386011&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI4LO0l7ShhgMVsw5oCB2IcQfWMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQDaQooLkWhtaqxrielHcFgSTiMUKtJVPv-xf6EjV4tK6qewuCgxOj0-&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlv1yaLT-DBho4nXOk8gIcJBoSImKgrT_h_A&random=625798512&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 26 Apr 2024 03:41:45 GMT
content-encoding
gzip
age
2283113
x-guploader-uploadid
ABPtcPo1nug7bgMvYPzpSZy5NN2YhLgeEBehCC9nvS0Wlbz2PscwDgKrZdKWRi2r2OkidNQBksnI8rqGAg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6053
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
server
UploadServer
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
vary
Accept-Encoding
x-goog-generation
1670951542233151
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
6053
accept-ranges
bytes
content-type
text/css
visit
events.bouncex.net/track.gif/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJaiYZIrYAZRQAMxQkECd6V3dVADJQCBgkBHLkdqQcZvAoaAo+HjRTdARYJFIcNMhIU2ECuWMaejpVugEtxgRScviCMBzIEHiwRgOsjdosAH1glYK6XfKAWgOjhBP49+qsnhQpDAfVa0HaYAIpFgJwImF0OEkqmYzBBA3BkOhIFhAE8EToUS0BvF4JBssAqiAUDZLGAcJQXNpqKQCGgMLxbjwaNR5I9qJUgbludRQtRqAhgMhbszWQh2ZzRTyufzEFyQlz4lVILcAI6QbGq5Zc1gK4VcsCwGz-Oay26w1qCxWi5UO02i6VsjmYDm8LAncogWUG3nO1Wu6gapCQINKwEqk0i8Oa27kqEOw1O2MuhNjDC3PWmNPBzOqlwAEVRMAOBAiAbpDK5vBAvGjooAHPQOxoXKoAJzqajqVuSVvMEf0UMJ0DNhXLSQuRFyVtI4eI+jqFyttWi4DR+tlrfUXhoWggJBgSABAgoafc5aQJCwXIJtJVXgASVLLdFowAorQkAEnByD2LgiGAkgoCAtC8AAGgAijYmCSPEWQiD4E5mgQ5SQB+X7UL+tCkGkb5ET4ACaNjlJwPjEKopgfNqZHUEQGGikeu6MuAAAK7SgAQ8DBCS2TIEGIZhuAJQWmA8TVDYIkzsYYkJuAYgILokCSTY0myfJt6KcWYYavEaQIHmix6XOC5Lswc4uC4mj7mG5TAFGCmWaoi7LpuYYoAQQbGgmpCmF+szzIsdSPGstDXFsAg7HsHzHKc5yXNcdwPGlezvIcSU-DJID-JgsasdQKDmTyAVcsApg7m5B43o6h4lUgX4lfELlBu5nk2d5CYQA1yyvJIB5oDJQaqL1XJXAplVuh1bnzh51nDgeGpZGMIBoJg5WGvWooDvQqgDpoCn0oywC1Xps1MvNFmLd1K2OQmA5HdQrgcVVl0VQepC3TyXXLZuT1ci9oqLh925fcs12-a5d1WV59KfvuZaNPAyDjNg0A2JkQjIDg6SZDkaOIKgGBYxKZ5YpgeKFCwLAkxj5MwBYKCQOUBBIFkOAqPwQhSCi6Nk760A+qA8RfNiBY4D6YARKSpiNMS57CUg0AvtJsKU5Aso4CiGAENABywNgSDYgcPoE8YjQG0b-Gm+bBA+nIVsiDbCCG8bDtFTkBMoEVvAoO7hvtGg1M4HBwTB2CCBh7CPsIBHj5yfE0fxFAuKEKbCCAtHpiHJAgIW4nPhyD4aewicmC+sXOAiNbWRO4nKICLY9pNjgqhd+oFYdwDXmruuraNGLpwIB37aduuvb9oOw6jsw9CNDm4oBgIfeNIg2qPpgEsdyi8ThL6Jw5OeKDrQi92A9QfZK0f2AoKYICUxAsI4IXaByCPq8SzLjSQGkU87IxiRmxLcFWwtbiNjAFSSwvAcDOn-kQAgOB+woghJMX+rcbCNExrgIWm8sJag7vhUwf4iIkTSORSi1FaL0UOIxZijQXxIDlPA0hf4AJARAmBCCUFYIISQihNCQA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:38 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pageview
events.bouncex.net/track.gif/ 		42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVarNgFpufAUNWoYvGJJDpCAMlCRYCRB2SFcXXlBDaQAI3QRCmYgHYAQtSroXGCQACbSev5kClRsBoQQkVSy-tAQqNKBwRBhEVRUUf6xhgl51Ml5HI640gCOuACekRT+AAyJ5VSEyM66+NnSXJKEMLgl+c15RfHt-pmh4TIwIVKCbHAhTdFTY2X+lai4m4VxO0l7VdIO6Mg7EzEnM3mmENINwLdbD6VeACIm4NA4EhuFwANZwYYALwgmC8AEYqP8zEDLCBJIMhAYcPgiAVaPRGPAWOw1PxBMJRHYJDJ5BJ2KoeGTNBxtLp9IYkYCLCDwS9bFwMo5IJhtpzzMCuGC4K96u9MKRgBznuLLJLedIoTCAKxUAAsLSMYmAll4wEwBqNiFwHDY5sNdmN1jNFodiDAwGdRl4XGWdvgEGcw1GS0wADZw7qjLAgyG4fDQ6QAByhlpwxNw0Na3VeRNGZawDgQEOJrWl0PZ0MATl1evTiZa9a1YqBsaM8RqN0khdbHHQcEk+B07lwIFNmDjGaTKbTVErud7-ZHwBgUDSw0GmBHYFIecBhcwISMuGwMFQYVAB3qGtsqAB0hCMEILjcIRFJyPkK4mBrBsIXDQ+7+s4RgAgOmDWGkbZcGw1QhlQ7oAKI0Og2AAJIoQAEgAms4bAAOoYVwkKhsAag1FhVCQkY2CODkr7wcASGoAAMnhpCVl4AByhBwiAMA0CEAAaACKziSHCHC8JxGFAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:38 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
id_sync
events.bouncex.net/track.gif/ 		42 B
174 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2gpEFlhIlhHYbfWHoz6pcosqY2z&source=web&agent=cjs&deviceid=8555647694248180805&visitid=1716386018165478&websiteid=6664&pageviewid=undefined&sequenceid=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:38 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
6aa18944a3ad2c224d37dafb46afa35f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/6aa18944a3ad2c224d37dafb46afa35f.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 26 Apr 2024 03:59:58 GMT
age
2282020
x-guploader-uploadid
ABPtcPr1fuBaO12bi4KAOyRw2n47ZjK0unKFqtOKMgy9dbDo7VrBQq6dgxxBN3ZX3vcGdiIun_g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
93895
last-modified
Mon, 08 Apr 2024 16:27:35 GMT
server
UploadServer
etag
"6aa18944a3ad2c224d37dafb46afa35f"
x-goog-generation
1712593655184176
x-goog-hash
crc32c=H/B1bQ==, md5=aqGJRKOtLCJNN9r7Rq+jXw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
93895
accept-ranges
bytes
content-type
image/jpeg
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 26 Apr 2024 03:59:58 GMT
age
2282020
x-guploader-uploadid
ABPtcPq7k17sbJ3wSxDmwIj1vAJFKeVlMMgN4V-Ykwnj-7_Wj8RrMF76Q1pscz7543goVc6Uigvtwya6Yw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 08 May 2024 23:04:29 GMT
age
1176549
x-guploader-uploadid
ABPtcPpGav8KRXbW5wEzd8VGm9lbhInTEqMLAZTEQLoubEjYrIdqjMo6-WIzubhRY1eGjiye0h_24iMyTA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2419
last-modified
Thu, 01 Apr 2021 03:01:32 GMT
server
UploadServer
etag
"16f45df19355361dc1c101036c0035b0"
x-goog-generation
1617246092060079
x-goog-hash
crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
2419
accept-ranges
bytes
content-type
image/png
eligible
events.bouncex.net/track.gif/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7HIBsAZgAcygAyKFCgCxk4AR3llSIPgDtOAfQjAoOMqJ4AHAhBBWHOAEz6yn5+qgrmLKjImDgILFZRAB5kBCCYNjgAVlBkPEzA0VpkAO6YSBCcmL7K1YaMUOW+iioa2nLqKgCs+grqFAwQUb7qHSPK3coAnPoB7epacx1kHqmMmEWN5pjGcGmDwP4uRBBpnJwQfFCcBO7ySmqaOpqqfofHNgRuEPTY9UxWOFcQKo+owojhgGROOIIKhgLYPKhOABPWyXJioFKYWzAaAEBBETD7QgkcicABeTBw00KUCYeDsvj8IDcAFEAGJEcQASU5AAkAJoIPAAdV5TDJyjcyCYUGM-L8ZLI4gIsPs+yZrLZqAAMsLVBMFAA5KByTxs4AADQAiggrHJkDxDbygA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:38 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pop
events.bouncex.net/track.gif/ 		42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBhAQRLPH12PjoMARTbdylWvDS5azVgDkuVAI4YAjIWiRswSPGJp4TDACYALADZTpgMwB2QgGdq+aKwBG1NO4AehSFJaDAArJ0JsEBYMAAZCAHdcDyd4WFxjDEss80JEeBSEE3V7dUtbAA5LGPVy0oBWc3tywhY89wzyuq7LRssATnMLWvKYkbrCPVI83HiMzSdcFSpZdpNbLQAbeFlYHFwnWB1gDRKyyurK20tN7dpIYCQCFKFD4nXW+HcMJkJYAAt4PgmAB9PT4WD0YEHED4QK4YFMfKQDwbXAmABmkA2C1+AC8QBhBnEXOjYMCMqZiMAAKIAMQ2fwAkgyABIATQ86IA6iyQLjLMBKE4VGzTLjCH9IEDySZKTTafgADJc2x9ewKJzqfS0pgADWEHjQ6mg2AULKAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:38 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
eligible
events.bouncex.net/track.gif/ 		42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7HIBsAZgAcygAyKFCgCxk4AR3llSIPgDtOAfQjAoOMqJ4AHAhBBWHOAEz6yn5+GuYsqMiYOAgsVpEAHmQEIJg2OABWUGQ8TMBRWmQA7phIEJyYvspVhoxQZb6KKhracuoqAKz6CuoUDBCRvurtw8pdygCc+gFt6lqz7WQeKYyYhQ3mmMZwqQPAOIbIRBCpnJwQfFCcBO7ySmqaOprDLkcnBG4Q9Nh1TFY4VyBVL1GJEcMAyJxxBBUMBbB5UJwAJ62S5MVDJTC2YDQAgIIiYPaEEjkTgALyY+z8BSgTDwdl8fhAbgAogAxIjiACSHIAEgBNBB4ADqPKYpOUbmQTCgxj5flJZHEBBh9j2jJZrNQABkhapxgoAHJQOSeVnAAAaAEUEFY5MgeAaeUA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:38 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
60c918f0e848e12d41e52d8d9ec305fdf5b0f11e6685fc4ff0aea21216aa045d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 22 May 2024 13:53:39 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
metrics
api.usehero.com/ Frame 35B2 		0
985 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:41 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/Toronto
klarna-correlation-id
2b8b9c30-3392-4fc2-ba36-0900eccb623f
x-envoy-upstream-service-time
9
cross-origin-resource-policy
same-origin
x-geo-longitude
-73.58870
x-xss-protection
0
x-request-id
2b8b9c30-3392-4fc2-ba36-0900eccb623f
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
H3H
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Montreal
x-geo-latitude
45.50750
x-country
CA
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 22 May 2024 13:53:40 GMT
expires
0
klarna-correlation-id
8e3085e3-67f3-467f-8f4d-8d1ae5d05a97
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
CA
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
6
x-frame-options
SAMEORIGIN
x-geo-city
Montreal
x-geo-latitude
45.50750
x-geo-longitude
-73.58870
x-geo-zip
H3H
x-permitted-cross-domain-policies
none
x-request-id
8e3085e3-67f3-467f-8f4d-8d1ae5d05a97
x-time-zone
America/Toronto
x-xss-protection
0
log
www.paypal.com/credit-presentment/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/log?disableSetCookie=true&features=disable-set-cookie
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Wed, 22 May 2024 13:53:43 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f943462e19fca
server-timing
"traceparent;desc="00-0000000000000000000f943462e19fca-98adf0f76c2dfc47-01"";content-encoding;desc="",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200047-BUR, cache-yyz4522-YYZ, cache-yyz4522-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f943462e19fca-e3f5b2e2a30946cb-01
x-timer
S1716386024.510368,VS0,VE137
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
log
www.paypal.com/credit-presentment/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/log?disableSetCookie=true&features=disable-set-cookie
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Server-Timing
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Wed, 22 May 2024 13:53:43 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f863135ee3539
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f863135ee3539-4d2e191080644b8a-01"";content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f863135ee3539-ca8d96d52a1b433d-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-bur-kbur8200143-BUR, cache-yyz4522-YYZ, cache-yyz4522-YYZ
x-timer
S1716386023.291368,VS0,VE139
px
secure.adnxs.com/ 		0
0
widget.js
js.jebbit.com/companion/v1/ 		44 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:b000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cc9709489aeba0f23cc18fd3d1ff6f2087e1381ba6dbe92e98738228d520fd54

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 23:27:52 GMT
x-amz-version-id
j3bLD5VAFZVsHy8WM9iuVjqRLf9F9664
via
1.1 9557da2570df16242f84a67f254d7f30.cloudfront.net (CloudFront)
last-modified
Thu, 02 May 2024 15:04:41 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
51942
etag
"226557253164387c89ed4612b780f10f"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45245
x-amz-cf-id
ShjOQ-Wz2z_pUvq2auu98lGtQJmKB59znKPq7LND3sOGdE8PGcmqvQ==
i.js
tag.wknd.ai/6664/ 		17 KB
43 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
5c44c12f6add4835be7e28a598a8c8aee4b678dade79bc57e01b0f4924c235d1

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:32 GMT
content-encoding
gzip
via
1.1 google
age
11
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5576
server
istio-envoy
etag
432c44380de0b4
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
events
c.contentsquare.net/v2/ 		0
319 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://c.contentsquare.net/v2/events?uu=89031a36-0902-a6cd-d8c6-bc2a7e32ddf2&sn=1&hd=1716386013&v=14.11.0&pid=1926&pn=1&str=2739&di=3624&dc=6612&fl=6625&sr=18&mdh=6759&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.20.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-20-70.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:43 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
recording
k-aeu1.contentsquare.net/v2/ 		0
0
collect
sgtm.elfcosmetics.com/g/ 		342 B
364 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je45k0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1227192840.1716386011&ecid=1604216748&ul=en-ca&sr=1600x1200&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EAAC&sst.rnd=1737957495.1716386011&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=5&dt=&sid=1716386012&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&en=page_view&ep.page_type=content&ep.page_environment=production&ep.page_country=CA&ep.page_language=EN&_et=10707&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=CA&up.user_loyalty_status=false&tfd=19450&richsstsse
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
25dea9844d4e37846a357d1cb95bc1ecaff6ef2eaa54adcf6619acf3b99337ee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:43 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
sgtm.elfcosmetics.com/g/ 		0
0
eligible
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7HIBsAZgAcygAyKFCgCxk4AR3llSIPgDtOAfQjAoOMqJ4AHAhBBWHOAEz6AKzKAYZQLKjImDgILFZRAB5kBCCYNjgAVlBkPEzA0VpkAO6YSBCcmL7K1YaMUOW+iioa2nLqKoH6CuoUDBBRvuqBw8pdygCc+gHt6lqzgWQeqYyYRY3mmMZwaQPAOAvIRBBpnJwQfFCcBO7ySmqaWn6q+nKqLkcnBG4Q9Nj1TFYcFcQG98owojhgGROOIIKhgLYPKhOABPWyXJioFKYWzAaAEBBETB7QgkcicABeTBwU0K4Twdl8fhAbgAogAxIjiACSXIAEgBNBB4ADqfKYFOUbmQTCgxgFfgpZHEBHh9j2zLZ7NQABkRapxgoAHJQOSednAAAaAEUEFY5MgeEa+UA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:43 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1208467942&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dp=%2Fen_CA%2Felf-cosmetic-criminals&ul=en-ca&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=1227192840.1716386011&tid=UA-432816-1&_gid=1914202003.1716386011&gtm=45He45k0n81WL3STMXv896608294za200&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=CA&gcs=G111&gcd=13v3v3v3u5&dma=0&npa=1&z=71141948
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 04:43:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
33024
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c8d4ebba-f605-48c0-91fa-ce595ecbdec6&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=Ne...
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol
H2
Server
13.249.39.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-116.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

x-amz-version-id
null
date
Wed, 22 May 2024 07:01:03 GMT
via
1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C1
age
24751
etag
"18b3e43abad26bdac6f4cea944777b62"
x-cache
Hit from cloudfront
content-type
image/gif
accept-ranges
bytes
content-length
807
x-amz-cf-id
ZGIAMzqJQFEfJoMD95VzvtkipEg-aIzwn-HTPKEXYlQSCYt5u_gDlg==

Redirect headers

date
Wed, 22 May 2024 13:53:43 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amzn-requestid
16b5f94c-5c77-49b5-bb48-9c71b49b271a
x-amzn-trace-id
Root=1-664df8e7-173c98850d11f9a26db039ce;Parent=02feb165e8ff2203;Sampled=0;lineage=07bbc27a:0
content-type
application/json
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
access-control-allow-origin
*
x-amz-apigw-id
YLPUPFq9oAMEgrA=
content-length
2
/
www.facebook.com/tr/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1716386023438&sw=1600&sh=1200&v=2.9.156&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1716386014133.508247669&ic=gtm&ler=empty&cdl=API_unavailable&it=1716386013267&coo=false&eid=1716386986070_171638681311639&tm=1&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=120, rtx=0, c=26, mss=1232, tbw=10730, tp=19, tpl=0, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 22 May 2024 13:53:43 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1716386023438&sw=1600&sh=1200&v=2.9.156&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1716386014133.508247669&ic=gtm&ler=empty&cdl=API_unavailable&it=1716386013267&coo=false&eid=1716386986070_171638681311639&tm=1&rqm=FGET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa90e50505ca4fe26","source_keys":["1","2"]},{"key_piece":"0x521824ae15b46aad","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Wed, 22 May 2024 13:53:43 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=120, rtx=0, c=26, mss=1232, tbw=11098, tp=22, tpl=0, uplat=18, ullat=0
pragma
no-cache
x-fb-debug
DW7hdLWFK+gYWiF4DAtU5gscPQP1uiIsrgNtG67OjuGtt1Z+T5Xzbxu4K1MYMgfzPyLlmzzUQItsSq9Jvrghhg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
rp.gif
alb.reddit.com/ 		42 B
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1716386023441&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=3e035cea-3385-4921-9939-56da587f7dee&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_a8bbbcc6&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 13:53:43 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
pageview
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&pvt=a&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6761&ww=1600&wh=1200&sw=1600&sh=1200&uu=89031a36-0902-a6cd-d8c6-bc2a7e32ddf2&sn=1&hd=1716386023&v=14.11.0&pid=1926&pn=2&r=657956
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.20.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-20-70.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:43 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1591509944;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.31.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f148.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:43 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"4794987651948593722"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0x12fe0ab4527cf6f3","source_keys":["12","13","14","15","16","17","18","19","20","21","628473576","628473577","628473578","628473579","628534472","628534473","628534474","628534475","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","628827972","628827973","628827974","628827975"]},{"key_piece":"0x8e24180d8b10d0a8","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628473576","628473577","628473578","628473579","628534472","628534473","628534474","628534475","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","628827972","628827973","628827974","628827975"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628534472":34,"628534473":34,"628534474":34,"628534475":3345,"628613572":32,"628613573":32,"628613574":32,"628613575":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"628827972":32,"628827973":32,"628827974":32,"628827975":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"8674482315978575789","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"4794987651948593722","filters":[{"14":["8259474"],"source_type":["event"]},{"14":["8259474"],"24":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"4794987651948593722","filters":[{"14":["8259474"],"23":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"0"},{"deduplication_key":"4794987651948593722","filters":[{"14":["8259474"],"25":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"2"},{"deduplication_key":"4794987651948593722","filters":[{"14":["8259474"],"26":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"3"},{"deduplication_key":"4794987651948593722","filters":[{"14":["8259474"],"27":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"4"},{"deduplication_key":"4794987651948593722","filters":[{"14":["8259474"],"28":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"5"},{"deduplication_key":"4794987651948593722","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"4794987651948593722","filters":[{"source_type":["event"]},{"23":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"4794987651948593722","filters":[{"24":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"1"},{"deduplication_key":"4794987651948593722","filters":[{"25":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"2"},{"deduplication_key":"4794987651948593722","filters":[{"26":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"3"},{"deduplication_key":"4794987651948593722","filters":[{"27":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"4"},{"deduplication_key":"4794987651948593722","filters":[{"28":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"5"},{"deduplication_key":"4794987651948593722","filters":[{"29":["8259474"],"source_type":["navigation"]}],"priority":"0","trigger_data":"6"},{"deduplication_key":"4794987651948593722","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=465513792;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.31.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f148.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:43 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"1482054138181731987"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0xbd12fe08628e9963","source_keys":["12","13","14","15","16","17","18","19","20","21","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","628651320","628651321","628651322","628651323","628652116","628652117","628652118","628652119","628801632","628801633","628801634","628801635"]},{"key_piece":"0xa921d27177e04dd7","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","628651320","628651321","628651322","628651323","628652116","628652117","628652118","628652119","628801632","628801633","628801634","628801635"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628504556":32,"628504557":32,"628504558":32,"628504559":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"628651320":65,"628651321":65,"628651322":65,"628651323":6356,"628652116":32,"628652117":32,"628652118":32,"628652119":3177,"628801632":65,"628801633":65,"628801634":65,"628801635":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"13688325329344683738","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"1482054138181731987","filters":[{"14":["12119809"],"source_type":["event"]},{"14":["12119809"],"24":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"1482054138181731987","filters":[{"14":["12119809"],"23":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"0"},{"deduplication_key":"1482054138181731987","filters":[{"14":["12119809"],"25":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"2"},{"deduplication_key":"1482054138181731987","filters":[{"14":["12119809"],"26":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"3"},{"deduplication_key":"1482054138181731987","filters":[{"14":["12119809"],"27":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"4"},{"deduplication_key":"1482054138181731987","filters":[{"14":["12119809"],"28":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"5"},{"deduplication_key":"1482054138181731987","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"1482054138181731987","filters":[{"source_type":["event"]},{"23":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"1482054138181731987","filters":[{"24":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"1"},{"deduplication_key":"1482054138181731987","filters":[{"25":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"2"},{"deduplication_key":"1482054138181731987","filters":[{"26":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"3"},{"deduplication_key":"1482054138181731987","filters":[{"27":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"4"},{"deduplication_key":"1482054138181731987","filters":[{"28":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"5"},{"deduplication_key":"1482054138181731987","filters":[{"29":["12119809"],"source_type":["navigation"]}],"priority":"0","trigger_data":"6"},{"deduplication_key":"1482054138181731987","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
display
api.usehero.com/webplugin/ 		102 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&state=untouched&outboundFeature=&visitorId=c139b6cf-fc13-4c0a-a34c-af51c2006953
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.133.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-133-187.compute-1.amazonaws.com
Software
/
Resource Hash
d193ca08b7345207607286ad104ecaa69147848b2333b934a778ce46f45361d8
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
3c69a44d-7522-4c50-8e8a-c68251bd97f0
cross-origin-resource-policy
same-origin
x-geo-longitude
-73.58870
pragma
no-cache
referrer-policy
same-origin
etag
W/"66-8p508o8eSxKmjJceOnq/QQzusa4"
x-frame-options
SAMEORIGIN
x-geo-zip
H3H
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
45.50750
x-accuracy
20
expires
0
date
Wed, 22 May 2024 13:53:43 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/Toronto
x-envoy-upstream-service-time
11
content-length
102
x-xss-protection
0
x-request-id
3c69a44d-7522-4c50-8e8a-c68251bd97f0
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
CA
x-geo-city
Montreal
/
ct.pinterest.com/user/ 		35 B
64 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%2C%22event_id%22%3A%22c3551ece-411e-4759-803d-1698ce788aea%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22pin_unauth%22%3A%22dWlkPU1qY3hPRFZtWkRrdE56STNOeTAwT1RCa0xXRmlNMkl0TURoa1l6RmxOR1ZoTm1JeA%22%7D&cb=1716386023563&dep=4%2CTAGS_RECEIVED&stc=true
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.220.136.202 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-136-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

quic-version
0x00000001
date
Wed, 22 May 2024 13:53:43 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.0968dc17.1716386023.93d200e3
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=600
content-length
35
x-pinterest-rid
3509882285877590
pin-unauth
dWlkPVlUVm1aVFF3WXpJdE5UY3laUzAwT0RWakxXRTJZemt0TVRFNVltTmlZalUzWkRJeQ
pragma
no-cache
referrer-policy
origin
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
5c8bfc366c53ef4acca5f606987646193351b3ab
expires
Sat, 01 Jan 2000 00:00:00 GMT
activityi;dc_pre=CKue85m0oYYDFU7EwgQdblkKCw;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined...
9231397.fls.doubleclick.net/ Frame 3D90
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefin...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CKue85m0oYYDFU7EwgQdblkKCw;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-c...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CKue85m0oYYDFU7EwgQdblkKCw;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1591509944;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.149 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
490
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:43 GMT
expires
Wed, 22 May 2024 13:53:43 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:43 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CKue85m0oYYDFU7EwgQdblkKCw;src=9231397;type=retarget;cat=globa0;ord=6817875116330;npa=1;auiddc=946854222.1716386011;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1591509944;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CPir85m0oYYDFa4BrQYdHUAPHQ;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-cr...
10742279.fls.doubleclick.net/ Frame 6701
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CPir85m0oYYDFa4BrQYdHUAPHQ;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfco...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CPir85m0oYYDFa4BrQYdHUAPHQ;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=465513792;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.148 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f148.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
428
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:43 GMT
expires
Wed, 22 May 2024 13:53:43 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 May 2024 13:53:43 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CPir85m0oYYDFa4BrQYdHUAPHQ;src=10742279;type=elf8j0;cat=glo_flap;ord=7924670963777;npa=1;auiddc=946854222.1716386011;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=465513792;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45k0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
ct.pinterest.com/v3/ 		35 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%2C%22event_id%22%3A%22c3551ece-411e-4759-803d-1698ce788aea%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22pin_unauth%22%3A%22dWlkPU1qY3hPRFZtWkRrdE56STNOeTAwT1RCa0xXRmlNMkl0TURoa1l6RmxOR1ZoTm1JeA%22%7D&cb=1716386023618&dep=4%2CTAGS_RECEIVED&stc=true&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%222bdc3040%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22125%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22125%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22125.0.6422.76%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.220.136.202 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-136-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

quic-version
0x00000001
date
Wed, 22 May 2024 13:53:43 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.0968dc17.1716386023.93d201a0
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=600
content-length
35
x-pinterest-rid
1696864958672893
pragma
no-cache
referrer-policy
origin
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
5c8bfc366c53ef4acca5f606987646193351b3ab
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
widget.css
js.jebbit.com/companion/v1/ 		15 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:b000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
5TtP6A3FvksKClCFN7X6r1PsSCc1hWlP
date
Tue, 21 May 2024 15:04:46 GMT
via
1.1 9557da2570df16242f84a67f254d7f30.cloudfront.net (CloudFront)
last-modified
Thu, 02 May 2024 15:04:41 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
age
82128
x-amz-server-side-encryption
AES256
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
FbiztvCy4EG0n_j-c5CThAzE98731g2oLD9AriFYwRNEnPoEcY67Rw==
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&tid=G-5D80LRC85N&cid=JgNzSHKY%2FqS9XC1GM8mvqQGogPf9Z%2Fu8teg0kX4r%2Bt4%3D.1716386011&gtm=45j91e45g0v9125640115z8896608294z99175401888za200zb896608294&aip=1&z=548419113
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 22 May 2024 13:53:43 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/
Domain
secure.adnxs.com
URL
https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
Domain
k-aeu1.contentsquare.net
URL
https://k-aeu1.contentsquare.net/v2/recording?rt=5&v=14.11.0&pid=1926&pn=1&sn=1&uu=89031a36-0902-a6cd-d8c6-bc2a7e32ddf2&hlm=true&ct=0
Domain
sgtm.elfcosmetics.com
URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je45k0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1227192840.1716386011&ecid=1604216748&ul=en-ca&sr=1600x1200&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=1737957495.1716386011&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=6&dt=&sid=1716386012&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&en=page_view&ep.page_type=content&ep.page_environment=production&ep.page_country=CA&ep.page_language=EN&ep.vendor_id=facebook&ep.event_id=1716386986070_171638681311639&ep.email=&ep.phone=&_et=2&tfd=19461&richsstsse

Verdicts & Comments Add Verdict or Comment

204 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host string| _pxAppId object| PXXT4Gy2ig object| PX undefined| _XT4Gy2ighandler function| $ function| jQuery object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ function| _ object| regeneratorRuntime function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive boolean| __HYDRATING__ object| dataLayer function| getDataLayerEvent boolean| rakutenDataLayer object| DataLayer object| viewedProductIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otSPAPathChange boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom object| OneTrustStub object| DYO function| DYID object| contextManager object| DYJSON object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| GoogleAnalyticsObject function| ga number| gtmPageLoadId object| _uxa object| DYExps object| gaplugins object| gaGlobal object| gaData string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| DYWork function| $dy object| DYCS function| create_UUID function| createCookie object| HeroWebPluginSettings string| HeroObject function| hero function| pintrk function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer number| j object| Optanon object| OneTrust boolean| otLastAcceptAllValue object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter function| ___rmuid object| ___RMCMPW object| og object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions boolean| OG_OFFERS_TEST_MODE_ENABLE object| OG object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs object| CS_CONF function| csSymbol object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| CSCurrentScript object| UXAnalytics function| DataLayerHelper function| UET function| UET_init function| UET_push object| paypalDDL string| PaypalOffersObject function| ppq object| ueto_f03b68fbb2 object| uetq function| redditNormalizeEmail object| bouncex object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| Hero object| tagConfig object| webpackChunksmart_tag object| __post_robot_10_0_44__ object| PAYPAL object| cti110221 object| bxgraph function| a0_0x3eec function| a0_0x20c7 object| sigScriptLoader object| SIG_SCRIPT_DEBUG function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie object| threatmetrix function| tmx_run_page_fingerprinting function| tmx_post_session_params_fixed boolean| tmx_profiling_started function| close_bouncex_ad

90 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: me4FpM-nMkI
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 4Enl1LhiseA
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJDQRIEGgAgUQ%3D%3D
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%2261defdc4-4180-c07f-085b-c250f3dbf774%22%2C%22e%22%3A1716387809774%2C%22c%22%3A1716386009774%2C%22l%22%3A1716386009774%7D
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%22cb9a7e60-1825-fc40-342a-35cfaac70f0d%22%2C%22c%22%3A1716386009776%2C%22l%22%3A1716386009776%7D
.elfcosmetics.com/ Name: pxcts
Value: ab03738e-1842-11ef-944e-e351d0f6c162
.elfcosmetics.com/ Name: _pxvid
Value: ab035e8f-1842-11ef-944d-f7493e8cc96a
.elfcosmetics.com/ Name: _dyjsession
Value: 4uk98uynkiny85xwlssb819upt4rkm7k
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fen_ca%2Felf-cosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: 4uk98uynkiny85xwlssb819upt4rkm7k
.elfcosmetics.com/ Name: _dy_c_exps
Value:
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.946854222.1716386011
.elfcosmetics.com/ Name: _px3
Value: f3a1ff694c5058715e9697b47010a5d0ebdb5601760816cb4cce37bf1fbb96b7:bNu8rJHPvx/dOKGCPNxDS+pKY35zDlHBewX7SxXfpRCQvb0woA21Cx5qnw88CgIr8cUpq0MqJkdmD4AEtpuAng==:1000:p7r2DTsOfSkYq0yBgMx+xA1d0x/V9cUX1pvOTz4SgkHKzXB4OF4nYALdvu5EQ6T41/mxZmPVmYh27X3AReVUcSOfQO4NOdLsZjU1mofX2Q94w/ziFM9nJDRfQF66sGwz+tNDRARCDcks/tSTjdZNWwbsqDesXKlXz7AW2R7xiMHZSTIzIDbES31Jv+3ScptOuHBr1Lnj5le9GpVofX19uB0m3JdYXdfIgBWzVpcVAbg=
.elfcosmetics.com/ Name: _gid
Value: GA1.2.1914202003.1716386011
.elfcosmetics.com/ Name: _gat_UA-432816-1
Value: 1
.dynamicyield.com/ Name: DYID
Value: 680043790262466779
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: _dyid
Value: 680043790262466779
.elfcosmetics.com/ Name: _dycst
Value: dk.w.c.ws.fst.
.elfcosmetics.com/ Name: _dy_geo
Value: CA.NA.CA_QC.CA_QC_Montreal
.elfcosmetics.com/ Name: _dy_df_geo
Value: Canada..Montreal
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
.elfcosmetics.com/ Name: _dy_soct
Value: 647796.1248068.1716386011.4uk98uynkiny85xwlssb819upt4rkm7k*836603.1652212.1716386011*837245.1654610.1716386011*861617.1750272.1716386011
www.elfcosmetics.com/ Name: scapi
Value: prd:db9b3310-e9ba-46c1-88ae-0422884b8aed:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4YzhjYTI4OC1mMWE2LTRmMDktYjI2OS0wNWQyZWViZmRmMDEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmRiOWIzMzEwLWU5YmEtNDZjMS04OGFlLTA0MjI4ODRiOGFlZCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTYzODU5ODEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjeGVnM3dIa1hrcmFSeHJKR3dxWVlsS2tWOjpjaGlkOiAiLCJleHAiOjE3MTYzODc4MTEsImlhdCI6MTcxNjM4NjAxMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTE3OTQwODc4NDQyMTc4MCJ9.5fZB4rNonkoQFVA4QZFA4l0HN77r463SAPCc56q1WXJCJii6w4HCGDmRQBQUJ_ckgC1YJ0nBWjoP1b9Tse6gOw
www.elfcosmetics.com/ Name: FPC
Value: c8d4ebba-f605-48c0-91fa-ce595ecbdec6
www.elfcosmetics.com/ Name: dwsid
Value: aysYLJfp6bEdbQuYyiE0HnZEXvchKV2fMo1xwzgEeV7xL-3CLDThR__if9NG7CN8H4nea8WokPvY9V4oEAmmLA==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: bcxeg3wHkXkraRxrJGwqYYlKkV
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Wed+May+22+2024+06%3A53%3A32+GMT-0700+(Pacific+Daylight+Saving+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=a5d30700-dbf7-41f9-9e80-78a5d029df6f&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1%2C5%3A1
.adsrvr.org/ Name: TDID
Value: 508b7dd9-7bfb-443b-900c-68e47971a677
.adnxs.com/ Name: XANDR_PANID
Value: W0D6ipOchWVqETNaEdWrbkRjYqzjZDLCwDa3kYyWfyz_Fo1mNgZriXpahBm3AG-rh0EocEkn5_tsax_SxKyz-6UcYn_bjn9gpf1QP6QqadA.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 865126135440480772
.pointmediatracker.com/ Name: c
Value: dc730281-8123-4970-b25f-237813a70f9a
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1716386012.1.0.1716386012.60.0.0
.elfcosmetics.com/ Name: _ga
Value: GA1.1.1227192840.1716386011
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2GVJsg]`w!]tbP6j2F-XstGt!@E0'%+DT%
.elfcosmetics.com/ Name: _ga_5D80LRC85N
Value: GS1.1.1716386012.1.1.1716386012.0.0.1604216748
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.doubleclick.net/ Name: IDE
Value: AHWqTUmmGNiHvIfKdJ0RrTVT1G7JBn-ytE_GFwtDQ9rRyjT5ug0M4TGr5Upu1m4ZWOQ
.tiktok.com/ Name: _ttp
Value: 2gpEFDsPvHV9LNY5oPC5JYgzAR9
.elfcosmetics.com/ Name: _cs_c
Value: 0
.elfcosmetics.com/ Name: _cs_id
Value: 89031a36-0902-a6cd-d8c6-bc2a7e32ddf2.1716386013.1.1716386013.1716386013.1558384338.1750550013062.1
.elfcosmetics.com/ Name: FPID
Value: FPID2.2.JgNzSHKY%2FqS9XC1GM8mvqQGogPf9Z%2Fu8teg0kX4r%2Bt4%3D.1716386011
.elfcosmetics.com/ Name: FPGSID
Value: 1.1716386013.1716386013.G-5D80LRC85N.s9QdXD3inUOqgsx_Su8aLw
.elfcosmetics.com/ Name: _uetsid
Value: ada5bb50184211efade72d7107055737
.elfcosmetics.com/ Name: _uetvid
Value: ada5d8c0184211ef9cfb8b53b4562bc8
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1716386013207.3e035cea-3385-4921-9939-56da587f7dee
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.doubleclick.net/ Name: ar_debug
Value: 1
www.elfcosmetics.com/ Name: esw.currency
Value: CAD
www.elfcosmetics.com/ Name: sid
Value: ggwIg609m3Q-lcwt65ROFZ9jTlgb_S9aEXU
www.elfcosmetics.com/ Name: _dyid_server
Value: 680043790262466779
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: true
www.elfcosmetics.com/ Name: esw.location
Value: CA
www.elfcosmetics.com/ Name: currentLocale
Value: en_CA
www.elfcosmetics.com/ Name: esw.sessionid
Value: bcxeg3wHkXkraRxrJGwqYYlKkV
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_CA
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.elfcosmetics.com/ Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a
Value: author=client&expires=1747922013700&visitor=c139b6cf-fc13-4c0a-a34c-af51c2006953
.rubiconproject.com/ Name: khaos
Value: LWHVX08E-I-IKJ0
.rubiconproject.com/ Name: audit
Value: 1|VCDLmWW2RR5RrtXCbPFBaazDSN/mcB6i6Dt9dXZfCnebyR+hvQt5L3Jqvy5G67Fhc5uNIMgXAP+M1KxoLazIt9i2Wk5FrGos0XY24Ec+XLuIdl/7EJ5hdks/C+A3WaG5/QLQvwa7UT8HZXY8eK/z+Diw8oqEf81UJ2BxkTD4SS1bOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.adsrvr.org/ Name: TDCPM
Value: CAESFQoGZ29vZ2xlEgsIxPuCoZOc_TwQBRIXCghhcHBuZXh1cxILCIzvgKOTnP08EAUSFgoHcnViaWNvbhILCKKSgaOTnP08EAUSFQoGY2FzYWxlEgsI6I2GqZOc_TwQBRgFIAMoATILCMK7ycapnP08EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.bing.com/ Name: MUID
Value: 2BEC7D120134686A2CE96995009E696A
.bat.bing.com/ Name: MR
Value: 0
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.1716387814110
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1716386014133.508247669
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: cmfdpa_Jd4_ejvo1K7duhBRwBjx
.linksynergy.com/ Name: rmuid
Value: 1ad34e64-89c0-4acb-bb50-f1f71007cad7
.casalemedia.com/ Name: CMID
Value: Zk343tHM6MYAAB65AIz7wQAA
.casalemedia.com/ Name: CMPS
Value: 3446
.casalemedia.com/ Name: CMPRO
Value: 3446
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPU1qY3hPRFZtWkRrdE56STNOeTAwT1RCa0xXRmlNMkl0TURoa1l6RmxOR1ZoTm1JeA
.pinterest.com/ Name: ar_debug
Value: 1
www.elfcosmetics.com/ Name: hero-user-id
Value: null
.ct.pinterest.com/ Name: _pinterest_ct_ua
Value: "TWc9PSZvcVhmRVBzeW9jUklnSkg5N1RaOHNmOTlwK2J5cUFWMElTcEs5dFdQZ0c5bDNlQUYzOVlqTGJTM0xtRkk1VEgxSWRMMTY0NjRwNzhPQ3N4VTlvL29zMjkvOE9SZ1N2U3AwdVRTUUZkWlhqYz0md0toendJY0hNWWdxbXpiY2dtaWNOYXZwTVhzPQ=="
.undertone.com/ Name: UTID
Value: cb5ee4f5dcd54b83968a19541f5f372a
.undertone.com/ Name: UTID_ENC
Value: c1fvxzphv7mhibafzwin8wrhm
.rlcdn.com/ Name: rlas3
Value: AKDgcuX7bhJZrDDa0YRVPfmnszJHTe0tEl5ISBXxRLU=
.rlcdn.com/ Name: pxrc
Value: CN/xt7IGEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-05-22T13:53:35Z
imgs.signifyd.com/ Name: thx_guid
Value: 42065cda06da80d680992a72e7ca4a68
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2gpEFrLW397Ns1aiFdXQbn1cmNH","deviceID":"2gpEFlhIlhHYbfWHoz6pcosqY2z","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJncEVGckxXMzk3TnMxYWlGZFhRYm4xY21OSCIsImRldmljZUlEIjoiMmdwRUZsaElsaEhZYmZXSG96NnBjb3NxWTJ6IiwiaXYiOiIiLCJ2IjoiIn0%3D
.elfcosmetics.com/ Name: FPLC
Value: BFC47RVQPPR8vN7Ql2Sv8fBTW0WRlNHq2Difiuo8J2C1tOtMNClT4PTIhxWXdhebu%2FibYVNztCWLayfwKxy9kzBVut3mMcbXVTDO%2Fudvni%2BF5XGx%2FZfSAdRWVD2SFg%3D%3D
.elfcosmetics.com/ Name: _scid
Value: 07634e4b-488b-4590-6382-bbb958baa981
.bounceexchange.com/ Name: bounceClientVisit6664c
Value: %7B%22vid%22%3A1716386018165478%2C%22did%22%3A%228555647694248180805%22%7D
www.elfcosmetics.com/ Name: bounceClientVisit6664v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgJVqAWgbNWHaQCc2TNvwCGYFCAA0IBTBA6QbFIIDm9QSgooUbevxjUN13SfMQrNuw6cuKAL5AA

142 Console Messages

Source Level URL
Text
javascript error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_(Line 1)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_(Line 1)
Message:
Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_(Line 1)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_(Line 1)
Message:
Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_(Line 1)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11255/vendor.js?yocs=1u_1y_(Line 1)
Message:
Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://cdn.usehero.com/plugin.5.46.0.js
Message:
<link rel=preload> has an invalid `href` value
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ad.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
api.cquotient.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.blisspointmedia.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.usehero.com
cm.g.doubleclick.net
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
cosmeticcriminals.ca
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
k-aeu1.contentsquare.net
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
qoe-1.yottaa.net
s.pinimg.com
sdk.iad-05.braze.com
secure.adnxs.com
sgtm.elfcosmetics.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
upload.usehero.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aa3cfvzjhua3cgl2acntof33yupyka5hvw89a550ea7716fdfbsac.d.aa.online-metrix.net
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
cdn-fsly.yottaa.net
k-aeu1.contentsquare.net
secure.adnxs.com
sgtm.elfcosmetics.com
104.26.13.205
108.138.64.85
13.249.39.116
13.249.39.90
142.250.31.148
142.251.16.148
142.251.16.149
151.101.1.140
151.101.1.21
151.101.193.35
151.101.66.133
172.253.122.155
172.253.63.154
172.64.151.101
18.67.65.80
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
2001:4860:4802:38::178
204.2.133.133
204.2.133.237
204.2.209.170
23.212.248.20
23.220.136.202
23.4.234.235
2600:1901:0:56e0::
2600:9000:2191:9a00:a:b89d:a6c0:93a1
2600:9000:2269:b000:a:7914:b00:93a1
2600:9000:2479:a800:11:85b0:d600:93a1
2600:9000:24f5:3400:13:d6f4:3240:93a1
2600:9000:2508:6600:15:ad21:c740:93a1
2606:4700:4400::6812:25a1
2606:4700:4400::6812:26d1
2606:4700:4400::ac40:91b7
2606:4700:4400::ac40:9b77
2606:4700:4400::ac40:9ba6
2606:4700::6813:b234
2607:f8b0:4004:c08::63
2607:f8b0:4004:c08::9c
2607:f8b0:4004:c0b::5b
2607:f8b0:4004:c0b::5d
2607:f8b0:4004:c19::61
2607:f8b0:4004:c1b::5e
2607:f8b0:4004:c1d::9d
2607:f8b0:4004:c21::65
2620:1ec:c11::237
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
2a04:4e42:400::396
2a04:4e42:600::649
2a04:4e42:77::84
3.212.194.247
3.33.220.150
34.102.147.248
34.111.8.32
34.120.163.217
34.120.253.250
34.149.130.207
34.149.145.47
34.149.235.45
34.200.38.209
34.248.202.189
34.49.124.132
34.98.67.3
34.98.72.95
35.190.10.96
35.244.154.8
44.214.87.142
52.200.20.70
52.85.132.57
54.84.133.187
68.67.160.132
69.173.151.100
009342098f06d5ae7b2186f1076fab177d05b5a481ffe1190535fe501c1cae68
03dbf9dc05fa84370cbdfb363a10855e9fd035a833cd83b67e14cdb975882bed
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f
0882be2bb685d64ae46b56574b330fb1afe5dfef39f940d12ca776475248eaa8
0b949e59f7ee30237e38771a4452b2d42e2b28e9dc6d7f208b796f99e064fa62
100f511e40c18172023834e307e1776ba7dc0f748c4dc656029452da3bbfe454
10d8b3ff7850f2970b02368006230ce7d0be3d17d869b0cdf66de92305dea88a
113d760d9ef42e1d8e87bf10890f85bd1824da95b336e255de203c162dd7b304
114486d314cae565053bc57566ab2af53b4f75a55a6ee60a13097e23e1fbf8d5
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
1f98296d54562ea71dadcb6a00bd10a889f33eb1f5752bf8c62df13a8a35ca96
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
25c8e105aed1fd7c0e7869d4e5cdc896fc4f74a2e6a24428711da23557cb98d3
25dea9844d4e37846a357d1cb95bc1ecaff6ef2eaa54adcf6619acf3b99337ee
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2e8fd8d487b4259dbdc6c529f742806377fae205c8dc7d0f35ac8797bafe5b3b
2f56808827934f4b9d6c360f13ed81ab0a4525b71083fc34b67f8029fcbc9c7b
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
32aaeee96fd5d4ee55d785e181d136b89e21de673bd8b6e89f4731412ba5aba9
32d720cede6dadc60f848ff6670b767292e508c5ec392ef64ffd4fd46982e565
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
3bdee26eaec3fcd8e0ed3d66414450f63e2a3c770dccea8c8512f9599798a9c6
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
41ccf8e2a37091dc584af09dccfae99c1692485251e95415f9597125ca504d6d
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed
42997132bd0142564014ac4a809356dc0ceb9b7a90eede2b5b48019f1700cc58
48da61030dc7ada6d202c7c6229b40b5f7ba9f6b4246af7399de53a26396ad1e
498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4ca9cff4c3e7fefab522786421cf297a56db58f69a66b067eeda886528a2f7eb
4dee7b7f5bd454fc7b52f623814a23be6e9bc6b191ffb1b14a8202ce10d6813f
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
532bcb8909320181167f847a492db322b746fe9d010daf0f8a10121b4e22cc97
53dd52d834e50e9f61767c33ec166d5dd3201105af9fe4da163deee8fd09525c
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4
581b92c84d24f6011e8d74fe6e418e75f7e3259726e20f7af558e8282d4b5f34
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df
5c44c12f6add4835be7e28a598a8c8aee4b678dade79bc57e01b0f4924c235d1
5ccd2a2d0cfc8f7b36c238c935a36c751eb306a4f23788a0c6c33eec1a5a2071
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
60c918f0e848e12d41e52d8d9ec305fdf5b0f11e6685fc4ff0aea21216aa045d
625c8b48ae8889f6f83e4d5d6e207bad25d4f76ee4c325835e11fdcbfc821853
64fb011f8aa4f1a4470c3093845f0c2047a21504f823e2ec6f6684d87b81f0f8
66707b7434e14fc523f2fc692e4a190958a02598dd3d9c45ec0f65f90091727b
68336c6041adea6a7d274947fcac09dd803552f2a4a6112b0c794408b80117c7
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a2f825beb3b540a044cdb0515177c34497aa2ce92e335bf1498fa42bb5baf88
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6c58f061a49641f54723faab57ad0bdb49a95619e86c90dad9a3ed630ffb3780
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678
707af7d463d8fc71a9b652a774b84946dbc70e8f308fe2aeb0a11e5fbae37752
727c77ec19d827a0c2e8e6f289b8031b6d753ff14b219a0e8f15d0a71e6c8bd2
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
75c14cf20be90e7d588982194487d8e92e69a34030c2291430e8ed5dbc4e5ba0
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
800b2f4dd5a634f1a93c5b8b0d7167c8d7b54ad1e1af535fd272e0ff156fd1b3
80c558a0c676fe84979bf46e6e62857e719e2c52be864d44377918feb464aa65
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85461719c1f6479769151df8cad3514d6819310afbe893ec9fc124501c5b1697
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8bbfb4a3cf8ca875a6ace07af82d87ddb7fc44500da2f84593decc3f08eca694
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a5d8f1d59fa24808f74d389f39672c2a46b420efb84b5dcb64069a240d6861e3
a869fe8cddaf23f1ee50724c35748cefb30c697095b2cf4a231033cb8f43b4ab
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
ad210e68e4b109c04af983413ec85b9d06ddba8da275bdc38c46c7d472cdd8bf
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2e0bde8a120edcd0e126c139ff4c62dc420e43a86bb9e22c92044fdda3fc3ef
b336f926203c1280abc248e9659a8bfc81f33e5827bd8e5a90bd43cbe9958ef4
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b44806b1dcf5bd6b5c8a366c6e018bb3d98c460ab14ccf7060497b04f3a077f3
b57a88b62f9a8c3012a99ee68f3bf384e5290a95a57254199bc7f0491bca97d8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc3222296af8f2de63cdf4690986d2ad59ae1f2b97509b29a56640d5fc6cffff
c74ab43927f246e165175e8b68b6835202f214c5f9ea98058b319c53722b12ba
c75a0f7c4104d907f8419aeb5f87467a90bce54ef633af1e8a05c6c585c9994d
c774dc50ae761c1be378981091306ce24f41f774e32fd41b461562efd2d7a6b7
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc9709489aeba0f23cc18fd3d1ff6f2087e1381ba6dbe92e98738228d520fd54
cd56592299c1c670fb97ef28bcb50048508c01879ecb23b71364aecc0483e202
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
cfc329e99b14fe42a2ce9c3070928619acf5234ce29fb593b04b7b7eee8b6891
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d193ca08b7345207607286ad104ecaa69147848b2333b934a778ce46f45361d8
d4645f5705d10b6a8862e981a6d94b5fef46d4bd6d513bc902e9c1dc693c9350
d4cb7d9501e14b564d77989dcf780d2fbb0b77cb2e7ef3e8822c9305ab9118d2
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
dd2fcef7d826875055046e8579e05ba442c532a159c8bc153db83f07be6b475a
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e2fe7b6c0aa6d18bd767bd154a2081a5353a64310a0ba1a51bfcf3073cba80f8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46a6ffab7bc120233c8a2e4c32a09c3331f7a905610f8a2b2e20b69be2aeaed
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
e830002b3761c0c2f14971e6c49253ea72dbff2981e9358f0a8a297b64a0ed45
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ea6c414e1566aba014f96f95a1acbc5d55ad8424e572cc7cc624d7184347f33e
ed7c88c2a02e0391e2feec53bc0f10d44cd167dfb1d769cc2317ee7dc1fc5ef6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14
f1b002aaf41acfbfd77839ad434d75c0945b5f03e45d1b5166fd76545840d7c6
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55
f35ddb60cf73bc2e8c41528bbe2c04773015999036657c5837521f78eed4943d
f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799
f631dcf6f6366df81d2322d9b200b9d37b3caa12e3e0366c4d94eb6c8b6f7272
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fdc8533ebd8c56c85e3dba28af1cbd74a92ec8d8fabd1c51a991c45b31807522
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616