order.cava.com Open in urlscan Pro
13.32.121.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://order.cava.com/stores
Submission Tags: falconsandbox
Submission: On July 29 via api (July 29th 2022, 4:04:08 pm UTC) from US — Scanned from DE

Summary HTTP 58 Redirects Behaviour Indicators

Summary

This website contacted 32 IPs in 4 countries across 24 domains to perform 58 HTTP transactions. The main IP is 13.32.121.21, located in United States and belongs to AMAZON-02, US. The main domain is order.cava.com. The Cisco Umbrella rank of the primary domain is 266412.
TLS certificate: Issued by Amazon on June 7th 2022. Valid for: a year.

This is the only time order.cava.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	13.32.121.21 13.32.121.21	16509 (AMAZON-02) (AMAZON-02)
1	52.222.206.51 52.222.206.51	16509 (AMAZON-02) (AMAZON-02)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:127	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	159.53.34.127 159.53.34.127	7743 (JPMORGAN-...) (JPMORGAN-AS7743)
2	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
1	199.232.188.157 199.232.188.157	54113 (FASTLY) (FASTLY)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:401... 2a00:1450:4014:80f::2002	15169 (GOOGLE) (GOOGLE)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2 6	2600:9000:225... 2600:9000:225e:7e00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	34.213.121.197 34.213.121.197	16509 (AMAZON-02) (AMAZON-02)
1	52.222.225.250 52.222.225.250	16509 (AMAZON-02) (AMAZON-02)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	23.36.163.246 23.36.163.246	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
4	35.190.43.134 35.190.43.134	15169 (GOOGLE) (GOOGLE)
1	52.16.111.147 52.16.111.147	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:27::... 2620:1ec:27::cafe:1994	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.37.133.72 52.37.133.72	16509 (AMAZON-02) (AMAZON-02)
1	20.96.88.162 20.96.88.162	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
58	32

8 13.32.121.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-21.fra60.r.cloudfront.net

order.cava.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.206.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-51.fra56.r.cloudfront.net

d2wy8f7a9ursnm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:127 (United States)

ASN13335 (CLOUDFLARENET, US)

api.cava.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.53.34.127 (Brooklyn, United States)

ASN7743 (JPMORGAN-AS7743, US)

safetechpageencryption.chasepaymentech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.188.157 (Munich, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4014:80f::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:225e:7e00:6:9280:1080:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.213.121.197 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-213-121-197.us-west-2.compute.amazonaws.com

ads.nextdoor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.225.250 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-225-250.fra56.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.36.163.246 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-246.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.111.147 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-111-147.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:27::cafe:1994 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.37.133.72 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-37-133-72.us-west-2.compute.amazonaws.com

flask.nextdoor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.96.88.162 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

k.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	cava.com order.cava.com — Cisco Umbrella Rank: 266412 api.cava.com — Cisco Umbrella Rank: 179129	2 MB
7	adroll.com 2 redirects s.adroll.com — Cisco Umbrella Rank: 2092 d.adroll.com — Cisco Umbrella Rank: 1475	21 KB
5	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 542 k.clarity.ms — Cisco Umbrella Rank: 5351 c.clarity.ms — Cisco Umbrella Rank: 1008	26 KB
4	snapchat.com tr.snapchat.com — Cisco Umbrella Rank: 921	1 KB
4	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 919	73 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 344 c.bing.com — Cisco Umbrella Rank: 192	13 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	476 B
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	194 KB
2	nextdoor.com ads.nextdoor.com — Cisco Umbrella Rank: 5933 flask.nextdoor.com — Cisco Umbrella Rank: 5480	3 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5701	611 B
2	google.com www.google.com — Cisco Umbrella Rank: 10	611 B
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 56 stats.g.doubleclick.net — Cisco Umbrella Rank: 117	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
2	typekit.net use.typekit.net — Cisco Umbrella Rank: 572 p.typekit.net — Cisco Umbrella Rank: 688	1 KB
1	sc-static.net sc-static.net — Cisco Umbrella Rank: 960	8 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 487	354 B
1	t.co t.co — Cisco Umbrella Rank: 435	337 B
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 3546	821 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 610	15 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 93	78 KB
1	chasepaymentech.com safetechpageencryption.chasepaymentech.com — Cisco Umbrella Rank: 31851	911 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 72	1 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 125	17 KB
1	cloudfront.net d2wy8f7a9ursnm.cloudfront.net	3 KB
58	24

	Domain	Requested by
8	order.cava.com	order.cava.com
6	s.adroll.com	2 redirects www.googletagmanager.com order.cava.com s.adroll.com
4	tr.snapchat.com	sc-static.net order.cava.com
4	analytics.tiktok.com	order.cava.com analytics.tiktok.com
3	bat.bing.com	order.cava.com bat.bing.com
3	www.facebook.com	order.cava.com
3	connect.facebook.net	order.cava.com connect.facebook.net
2	c.clarity.ms	1 redirects
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	www.google.de	order.cava.com
2	www.google.com	order.cava.com
2	www.google-analytics.com	order.cava.com www.google-analytics.com
1	c.bing.com	1 redirects
1	k.clarity.ms	www.clarity.ms
1	flask.nextdoor.com	order.cava.com
1	d.adroll.com	s.adroll.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	sc-static.net	www.googletagmanager.com
1	ads.nextdoor.com	www.googletagmanager.com
1	analytics.twitter.com	order.cava.com
1	t.co	order.cava.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	siteimproveanalytics.com	order.cava.com
1	static.ads-twitter.com	order.cava.com
1	www.googletagmanager.com	order.cava.com
1	safetechpageencryption.chasepaymentech.com	order.cava.com
1	api.cava.com	order.cava.com
1	p.typekit.net	use.typekit.net
1	use.typekit.net	order.cava.com
1	fonts.googleapis.com	order.cava.com
1	www.googleadservices.com	order.cava.com
1	d2wy8f7a9ursnm.cloudfront.net	order.cava.com
58	32

This site contains no links.

Subject Issuer	Validity	Valid
*.cava.com Amazon	`2022-06-07` - `2023-07-06`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-28` - `2023-05-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-05-08` - `2022-08-06`	3 months	crt.sh
safetechpageencryption.chasepaymentech.com Entrust Certification Authority - L1M	`2021-08-17` - `2022-08-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
s.adroll.com Amazon	`2022-07-03` - `2023-08-01`	a year	crt.sh
nextdoor.com Amazon	`2022-05-05` - `2023-06-02`	a year	crt.sh
sc-static.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-27` - `2023-01-27`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-06-10` - `2022-12-10`	6 months	crt.sh
*.tiktok.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-13` - `2023-01-13`	a year	crt.sh
*.snapchat.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
adroll.mgr.consensu.org Amazon	`2021-09-09` - `2022-10-08`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://order.cava.com/stores
Frame ID: 75B40BDF4134C733B64728D693C93BC5
Requests: 56 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=247fc463-f9aa-46d7-af26-5f2e463ede4b&_scsid=bbebe85a-1d56-4a21-a2d4-72f36de0d722&_sclid=41dd1a02-45e2-41af-a410-948fed731723
Frame ID: B983C3F12690B6D5D87F0DA2A0949CF4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CAVA | Order Online

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

BugSnag (Analytics) Expand

Overall confidence: 100%
Detected patterns

/bugsnag.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

58
Requests

93 %
HTTPS

52 %
IPv6

24
Domains

32
Subdomains

32
IPs

4
Countries

2683 kB
Transfer

3701 kB
Size

25
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://s.adroll.com/j/exp/IFFH3LRNVNEK5DGHSDNZYU/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 42

https://s.adroll.com/j/pre/IFFH3LRNVNEK5DGHSDNZYU/DF622QT2ORHCDLKDC3DDPR/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 56

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=0EC3A12B554C4F069C5DC42940FEC185&RedC=c.clarity.ms&MXFR=022261953D836CD50A0770653983628E HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=0EC3A12B554C4F069C5DC42940FEC185&MUID=37EFF64E7A766F3835DFE7BE7BDA6EDA

58 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request stores Show response
order.cava.com/ 3 KB
4 KB 895ms
802ms Document
text/html 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://order.cava.com/stores
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d963ad8ac1f05a0e1956fc7038b7648dae588bd98f2666958f3dfc3d3087ca9b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=600, no-transform, public
Connection: keep-alive
Content-Length: 3384
Content-Type: text/html; charset=utf-8
Date: Fri, 29 Jul 2022 16:04:01 GMT
ETag: "75d1ff54944c1114d2845be8b72b411f"
Last-Modified: Tue, 19 Jul 2022 09:59:51 GMT
Server: AmazonS3
Via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
X-Amz-Cf-Id: LU7xJXqL4QzYpMkj6H8hMsG-OsNbfHnm-jLuSr-tkJMF8VlSJuSp4w==
X-Amz-Cf-Pop: FRA60-P1
X-Cache: Error from cloudfront

GET
H/1.1 200
OK app.7ccfa7afd2428b426617.css
order.cava.com/ 139 KB
139 KB 430ms
429ms Stylesheet
text/css 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://order.cava.com/app.7ccfa7afd2428b426617.css
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ba6ca723df7e614725498820e695bdb78fc8f5074898725f5b260a23cb481aad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/stores
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Fri, 29 Jul 2022 16:04:02 GMT
Via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
Last-Modified: Tue, 19 Jul 2022 09:59:53 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P1
ETag: "d370291dfdc46ee6d3986bab100553c4"
X-Cache: RefreshHit from cloudfront
Content-Type: text/css; charset=utf-8
Cache-Control: max-age=31536000, no-transform, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 141996
X-Amz-Cf-Id: WsATS55n-h2Yv0-_F_F4_adfO_OOZ-qKAhbatqMXDoL62yqFdZX1BA==

GET
H/1.1 200
OK bugsnag-2.min.js Show response
d2wy8f7a9ursnm.cloudfront.net/ 6 KB
3 KB 126ms
36ms Script
application/javascript 52.222.206.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.206.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-206-51.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Fri, 29 Jul 2022 15:32:54 GMT
Content-Encoding: gzip
Age: 400692
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 2962
Last-Modified: Wed, 10 Aug 2016 00:30:49 GMT
Server: AmazonS3
ETag: "6103bb5e4ec6141e19e1100caafc780c"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 5c79308f72e53cdf81a950b478a7e144.cloudfront.net (CloudFront)
Cache-Control: public, max-age=604800
X-Amz-Cf-Pop: FRA56-P3
Accept-Ranges: bytes
X-Amz-Cf-Id: rzu8uwfIhN_e3fGIJ-XzlgUzlMiZr9kfzPO02vHU8R5_5pnrUTHeCg==

GET
H/1.1 200
OK app.7ccfa7afd2428b426617.js Show response
order.cava.com/ 2 MB
2 MB 494ms
418ms Script
application/javascript 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://order.cava.com/app.7ccfa7afd2428b426617.js
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1cdb975802d4d43b08baeaaab99807f262e327f77649ee965536088efa911c41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/stores
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Fri, 29 Jul 2022 16:04:02 GMT
Via: 1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
Last-Modified: Tue, 19 Jul 2022 09:59:53 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P1
ETag: "6a68391066953acbaaab6c8b9808cefe"
X-Cache: RefreshHit from cloudfront
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=31536000, no-transform, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1887488
X-Amz-Cf-Id: izws7g7ChrZgfIHzZKKaICyn-yzHOgqvVedX4bgVHrWMzl7v7OeTNQ==

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 44 KB
17 KB 133ms
52ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

169654a2040e9f83c46d4cd65600c3dc9db6db042904c22cc97645fb4323c362

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17001
x-xss-protection: 0
server: cafe
etag: 6464440653375776403
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 29 Jul 2022 16:04:01 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1 KB 135ms
46ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Serif

Requested by

Host: order.cava.com
URL: https://order.cava.com/app.7ccfa7afd2428b426617.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a3e0fbb31ea7229f433a1ea02fb9d52c4864862ec41c07a27cadcf990d10c28e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 29 Jul 2022 15:11:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 29 Jul 2022 16:04:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Jul 2022 16:04:01 GMT

GET
H2 200 emb7nel.css
use.typekit.net/ 2 KB
870 B 287ms
162ms Stylesheet
text/css 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/emb7nel.css

Requested by

Host: order.cava.com
URL: https://order.cava.com/app.7ccfa7afd2428b426617.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

affb4822fa0ce3098029af18a7b75fd34f76ddcec2ac33831c8c13848ebd979b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Fri, 29 Jul 2022 16:04:01 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 638

GET
H2 200 p.css
p.typekit.net/ 5 B
181 B 154ms
37ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=emb7nel&ht=tk&f=10881.10882&a=3405817&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/emb7nel.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:01 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

OPTIONS
H2 403 register
api.cava.com/api/device/ Frame 0
0 162ms
45ms Preflight
text/html 2606:4700::6812:127
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cava.com/api/device/register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:127 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://order.cava.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7327168989459b55-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 29 Jul 2022 16:04:02 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 116ms
39ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f4f6e3e53177c08ab6c846bcb9873aac07bc77b76e56c21c45436d7a0c6d245f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26140
x-xss-protection: 0
pragma: public
x-fb-debug: KooWXOjnCETpGOkDLxDjgxbLI2MGWm3o8dy0I7P7Z/9fTns8mSL8oSICJLCNnMZBlSVndcuKZuBNw+WgWHvETA==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Fri, 29 Jul 2022 16:04:01 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK getkey.js Show response
safetechpageencryption.chasepaymentech.com/pie/v1/64750000001815/ 851 B
911 B 1178ms
146ms Script
text/plain 159.53.34.127
JPMORGAN-AS7743

General

Check archive.org

Show headers Download Go to

Full URL: https://safetechpageencryption.chasepaymentech.com/pie/v1/64750000001815/getkey.js
Requested by: Host: order.cava.com
URL: https://order.cava.com/app.7ccfa7afd2428b426617.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.53.34.127 Brooklyn, United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software: /
Resource Hash: 5e67377be7c682ecfa690c0b8d01fdba98b12a541bf798de78811635a450f99e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 29 Jul 2022 16:04:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 548
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 119ms
37ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: order.cava.com
URL: https://order.cava.com/app.7ccfa7afd2428b426617.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 3485
date: Fri, 29 Jul 2022 15:05:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 29 Jul 2022 17:05:57 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 225 KB
78 KB 136ms
54ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5NX9NCP

Requested by

Host: order.cava.com
URL: https://order.cava.com/app.7ccfa7afd2428b426617.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0c27642f131ec180b6ce69e82d3bdb5e31dc77f41e24a1898f8a055cc6f4933b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78943
x-xss-protection: 0
last-modified: Fri, 29 Jul 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Jul 2022 16:04:02 GMT

POST register
api.cava.com/api/device/ 0
0

GET
H/1.1 200
OK 5a1c8b97554f9e6dd3a74bbffd6e5257.svg
order.cava.com/ 4 KB
5 KB 425ms
425ms Image
image/svg+xml 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://order.cava.com/5a1c8b97554f9e6dd3a74bbffd6e5257.svg
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1fbb6c077b4a123bea8f94ccd90c31ab633efc6926b35884830758b52d036419

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/stores
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Fri, 29 Jul 2022 16:04:03 GMT
Via: 1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
Last-Modified: Wed, 04 Jan 2017 19:32:59 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P1
ETag: "5a1c8b97554f9e6dd3a74bbffd6e5257"
X-Cache: RefreshHit from cloudfront
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, no-transform, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4496
X-Amz-Cf-Id: 8_UV4p9hgXY_8iYgTLbatxvMS5EXCRZvLj2Ft4X4QRRmnU54RH_EjQ==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 134ms
39ms Script
application/javascript 199.232.188.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 21:38:45 GMT
etag: "ca88912498e17137955859948f14e272+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15196
x-served-by: cache-iad-kjyo7100163-IAD, cache-muc13958-MUC

GET
H2 200 siteanalyze_6020290.js Show response
siteimproveanalytics.com/js/ 48 B
821 B 147ms
53ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6020290.js
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d52994b327c797e0d0d410ace642d8cce0c0d3053b558ea94edf00a9ebde07d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1751
cf-ray: 73271689685392c5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 68
x-amz-id-2: xcsRxQJpFr48l9RFgWvbBrt39G4zujyCxm/SaxhmaSPEIIhb6kDsorOVMNys+NyzNNLoGmEEuRk=
last-modified: Thu, 21 Jul 2022 10:38:02 GMT
server: cloudflare
etag: "0dd016e9f015564d85bf6b4135df054a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CnNyJa55QhFtQ90r3H4Nkc%2FbQoxYe%2BSq0DeK1i0LTucVoaEGzM804ot5cQM%2Bw6rOMG0ksaEBbG2GV1INLZXjiRg77yMQgqeJEmb2BHlw57V67SRUiMlBTkKsrTmq7hrfULHX6LR%2FA%2BVEgYqI233aMnVJE9Va2Nc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: P1RRQZ4RQHRJSJVP
cache-control: max-age=86400, no-transform
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/868720658/ 2 KB
2 KB 165ms
64ms Script
text/javascript 2a00:1450:4014:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/868720658/?random=1659110642036&cv=9&fst=1659110642036&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Forder.cava.com%2Fstores&tiba=CAVA%20%7C%20Order%20Online&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4014:80f::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aeff9e365e783428ed76f4eebf4417858b590cd635c4b15ee37cf446da822a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1003
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 2bd1dc2b91930d6fcbf0c281f763ac4e.woff2
order.cava.com/ 43 KB
44 KB 417ms
417ms Font
application/font-woff2 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://order.cava.com/2bd1dc2b91930d6fcbf0c281f763ac4e.woff2
Requested by: Host: order.cava.com
URL: https://order.cava.com/app.7ccfa7afd2428b426617.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 038943028568899d9f97e37747d7cf59bde4a82f16435a5308f48408516d47f5

Request headers

Referer: https://order.cava.com/app.7ccfa7afd2428b426617.css
Origin: https://order.cava.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Fri, 29 Jul 2022 16:04:03 GMT
Via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P1
X-Cache: RefreshHit from cloudfront
Connection: keep-alive
Content-Length: 44068
Last-Modified: Wed, 04 Jan 2017 19:32:58 GMT
Server: AmazonS3
ETag: "2bd1dc2b91930d6fcbf0c281f763ac4e"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, PUT
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, no-transform, public
Accept-Ranges: bytes
X-Amz-Cf-Id: OeDq4cdeAua8qXWmpkeSVwyE8c8-v0RUKialoUU9YCq3SxY4zUwowQ==

GET
H2 200 308432946216559 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 94ms
94ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/308432946216559?v=2.9.66&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2f469eee40b5f0bb3a5823b2cd4d1fd9a92afe4a2ac549dcd458902db6afa507

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: wXcIIBL1PRnlGKv/XmDdf1gD2OWeDDwtZbY2sfqXmUMZrXF7UcAQ6fO1hQON0sqFnOjE2HsQu2pjT4qWdACElg==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 29 Jul 2022 16:04:02 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1659110642128
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 120ms
44ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1053861570&t=pageview&_s=1&dl=https%3A%2F%2Forder.cava.com%2Fstores&dp=%2Fstores&ul=en-us&de=UTF-8&dt=CAVA%20%7C%20Order%20Online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1345331703&gjid=616873364&cid=1122835567.1659110642&tid=UA-20771256-2&_gid=494385199.1659110642&_r=1&_slc=1&z=1683451543

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://order.cava.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 29 Jul 2022 16:04:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://order.cava.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
337 B 229ms
148ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=a19cee89-92df-4af6-a737-243fa919c01f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=386f493a-239d-4410-939b-818854648dbc&tw_document_href=https%3A%2F%2Forder.cava.com%2Fstores&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvp3f&type=javascript&version=2.4.15

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 111
date: Fri, 29 Jul 2022 16:04:01 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 1f08d052aa26dbad8d41b7a96b927c67da6b6aeeb653d52efa23831241031735
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
354 B 244ms
155ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=a19cee89-92df-4af6-a737-243fa919c01f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=386f493a-239d-4410-939b-818854648dbc&tw_document_href=https%3A%2F%2Forder.cava.com%2Fstores&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvp3f&type=javascript&version=2.4.15

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 118
date: Fri, 29 Jul 2022 16:04:01 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: de716d6e4f07dd821fe4b3d0a55e0404746ee354b9972f4e5aa2526502dccefe
content-length: 43

GET
H/1.1 200
OK 8f7bac378918c86553ea74331a592cb0.jpg
order.cava.com/ 95 KB
95 KB 498ms
420ms Image
image/jpeg 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://order.cava.com/8f7bac378918c86553ea74331a592cb0.jpg
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8e423383d3be2a40b83db6f40a7af5bbbd02be428dfb73ef5d22fe2ae676b641

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/stores
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Fri, 29 Jul 2022 16:04:03 GMT
Via: 1.1 b3fce8903671f8346e7a6a138d2d4610.cloudfront.net (CloudFront)
Last-Modified: Wed, 04 Jan 2017 19:33:01 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P1
ETag: "8f7bac378918c86553ea74331a592cb0"
X-Cache: RefreshHit from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=315360000, no-transform, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 96967
X-Amz-Cf-Id: z9aMl6-cwXlFwJChl0FF5LCYDaiIQpdlCW7VicE6HyBHX-wLXYtOSg==

GET
H/1.1 200
OK b4004a65c860322e1261dd69da960bfc.woff2
order.cava.com/ 44 KB
45 KB 506ms
431ms Font
application/font-woff2 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://order.cava.com/b4004a65c860322e1261dd69da960bfc.woff2
Requested by: Host: order.cava.com
URL: https://order.cava.com/app.7ccfa7afd2428b426617.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 897b09bbba043a4bbe2de18cb38fc13edd2a1286554a4e78fe68dd3bda78c96c

Request headers

Referer: https://order.cava.com/app.7ccfa7afd2428b426617.css
Origin: https://order.cava.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Fri, 29 Jul 2022 16:04:03 GMT
Via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P1
X-Cache: RefreshHit from cloudfront
Connection: keep-alive
Content-Length: 45104
Last-Modified: Wed, 04 Jan 2017 19:33:05 GMT
Server: AmazonS3
ETag: "b4004a65c860322e1261dd69da960bfc"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, PUT
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, no-transform, public
Accept-Ranges: bytes
X-Amz-Cf-Id: qQBGbBkq5zwbMzrIh2bQGdXnJ7OENRVXlE-C6kOmWOWKL-M_HfT2xQ==

GET
H/1.1 200
OK d8c7e4512645f895048e57d62a823a08.woff2
order.cava.com/ 29 KB
29 KB 505ms
427ms Font
application/font-woff2 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://order.cava.com/d8c7e4512645f895048e57d62a823a08.woff2
Requested by: Host: order.cava.com
URL: https://order.cava.com/app.7ccfa7afd2428b426617.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fe74bca1db05ee86384c38d7ccbe3ea90b2f60fb928c1ce2d7f17e92d75f9ca5

Request headers

Referer: https://order.cava.com/app.7ccfa7afd2428b426617.css
Origin: https://order.cava.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Fri, 29 Jul 2022 16:04:03 GMT
Via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P1
X-Cache: RefreshHit from cloudfront
Connection: keep-alive
Content-Length: 29520
Last-Modified: Wed, 04 Jan 2017 19:33:07 GMT
Server: AmazonS3
ETag: "d8c7e4512645f895048e57d62a823a08"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, PUT
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, no-transform, public
Accept-Ranges: bytes
X-Amz-Cf-Id: nYR_94aDIhEHVDqWw291hZb5ae7yBmwhqPKGCGLQfehymZyuYXc3Nw==

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 114ms
38ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=308432946216559&ev=PageView&dl=https%3A%2F%2Forder.cava.com%2Fstores&rl=&if=false&ts=1659110642213&sw=1600&sh=1200&v=2.9.66&r=stable&ec=0&o=30&fbp=fb.1.1659110642212.707850769&it=1659110642054&coo=false&rqm=GET

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Fri, 29 Jul 2022 16:04:02 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/868720658/ 42 B
548 B 134ms
52ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/868720658/?random=1659110642036&cv=9&fst=1659110400000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Forder.cava.com%2Fstores&tiba=CAVA%20%7C%20Order%20Online&fmt=3&is_vtc=1&random=471246643&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Jul 2022 16:04:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/868720658/ 42 B
548 B 132ms
50ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/868720658/?random=1659110642036&cv=9&fst=1659110400000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Forder.cava.com%2Fstores&tiba=CAVA%20%7C%20Order%20Online&fmt=3&is_vtc=1&random=471246643&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Jul 2022 16:04:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 720101308646521 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 38ms
38ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/720101308646521?v=2.9.66&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b7d62666b9456d76fb84a489ce717ba036072dc1b3e21f22a18b001834e81187

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 85890
x-xss-protection: 0
pragma: public
x-fb-debug: uP4KpomRRYc8oYT9InLTS+WK5i5G9R7Fq8KfZXBy2I8AeKYPaoP5OTRYDlbp43XPv0hlOvG1R0LmohHZ0GoAgw==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 29 Jul 2022 16:04:02 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 52 KB
17 KB 152ms
45ms Script
text/javascript 2600:9000:225e:7e00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NX9NCP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:7e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9db9265f8119cc29e3011eb69fb5d9bfb6b2b715890351480ac0904059af7f02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

X-Amz-Version-Id: J7p8W1lQgNY91qwUxZU3x.y9IQrTVjMu
Content-Encoding: gzip
Etag: W/"d570d2e0cc47679b5bf3a6f9ff5b9e5b"
Age: 1669
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 816b7f4e336674d9d7828ef4700482e8.cloudfront.net (CloudFront)
Last-Modified: Thu, 30 Jun 2022 21:03:48 GMT
Server: AmazonS3
Date: Fri, 29 Jul 2022 15:36:14 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 5CD6UuZ4JEqKSm36EDQehDXzAOyFAM6LcpS9SK5c36tPOUGxfGS-lw==

GET
H2 200 ndp.js Show response
ads.nextdoor.com/public/pixel/ 6 KB
3 KB 626ms
204ms Script
application/javascript 34.213.121.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.nextdoor.com/public/pixel/ndp.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NX9NCP

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.213.121.197 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-213-121-197.us-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

09f4901e0b0dc161eee6f30ecb384c5e777f5768754b4583f7ccff038d7fc810

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.lightning.force.com;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
last-modified: Tue, 26 Jul 2022 02:03:57 GMT
server: istio-envoy
etag: W/"62df4b8d-19c7"
vary: Accept-Encoding
content-type: application/javascript
x-envoy-upstream-service-time: 2
content-security-policy: frame-ancestors 'self' *.lightning.force.com;

GET
H2 200 scevent.min.js Show response
sc-static.net/ 22 KB
8 KB 138ms
52ms Script
application/javascript 52.222.225.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NX9NCP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.225.250 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-225-250.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 37890dea5b2726064a174b28b90faf16d51fed898d0f37e2fb0342161593d68c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: FRA56-P4
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 7821
via: 1.1 30e954298424aa69c035e25834574742.cloudfront.net (CloudFront)
x-amz-cf-id: ZFZnqziKzQ1x48H3K113OOlqxpD0XOGUEQovSEUYTKjmVwhH9d9XKQ==

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 140ms
63ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7E523B4B6807476D8274DC1972A7570C Ref B: FRA31EDGE0813 Ref C: 2022-07-29T16:04:02Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Fri, 29 Jul 2022 16:04:01 GMT
accept-ranges: bytes
content-length: 11367

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 141 KB
40 KB 266ms
142ms Script
application/javascript 23.36.163.246
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8STODK02NERG4EK0OJ0&lib=ttq
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.246 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-246.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 62a1fb4e9d85300fe7acf744e0ee25172a0a9575b301ba8d1c38ce3cc5da3a8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-akamai-request-id: 56c0211.119434c4
date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-220-104-21.deploy.akamaitechnologies.com (AkamaiGHost/10.9.1-42763970) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-218.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-parent-response-time: 105,23.36.161.218
server-timing: cdn-cache; desc=MISS, edge; dur=87, origin; dur=18, inner; dur=3
pragma: no-cache
server: nginx
x-tt-logid: 202207291604020100040030077350020550AAB64ED
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 18,23.220.104.21
x-tt-trace-host: 01b5611c10e67fd7b62b972475fb95eb1efbf2fd73c1d831a5633b43a6cfebe965f1c48e9ec8c67092aee018b43d69161c30e3f0792cd75dbae9d2b10e25f0cc4dd300045ddf741a2eb1c5be1ed71358ff406ea4c3833a7e1574006d0396d3a257
expires: Fri, 29 Jul 2022 16:04:02 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 140ms
46ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-20771256-2&cid=1122835567.1659110642&jid=1345331703&gjid=616873364&_gid=494385199.1659110642&_u=YEBAAEAAAAAAAC~&z=581871788

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://order.cava.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 29 Jul 2022 16:04:02 GMT
content-type: text/plain
access-control-allow-origin: https://order.cava.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 77ms
38ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=720101308646521&ev=PageView&dl=https%3A%2F%2Forder.cava.com%2Fstores&rl=&if=false&ts=1659110642372&sw=1600&sh=1200&v=2.9.66&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=29&fbp=fb.1.1659110642212.707850769&it=1659110642054&coo=false&tm=1&rqm=GET

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Fri, 29 Jul 2022 16:04:02 GMT

GET
H2 200 init Show response
tr.snapchat.com/ 126 B
478 B 140ms
47ms Fetch
application/json 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/init?pids=247fc463-f9aa-46d7-af26-5f2e463ede4b

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

a14fb59bd1bc75ba4be4118b788398d2e50d11f3ff8b8d87b537d710e7b1d1d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
server: API Gateway
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://order.cava.com
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google

GET
H2 200 is_enabled Show response
tr.snapchat.com/collector/ 78 B
163 B 140ms
48ms Fetch
application/json 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/collector/is_enabled?pids=247fc463-f9aa-46d7-af26-5f2e463ede4b&tld=com

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

f029570707570adad39a91957394459f0aff88940b8c6074e6db934ceead6fdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
server: API Gateway
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://order.cava.com
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame B983 0
294 B 121ms
46ms Document
text/html 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=247fc463-f9aa-46d7-af26-5f2e463ede4b&_scsid=bbebe85a-1d56-4a21-a2d4-72f36de0d722&_sclid=41dd1a02-45e2-41af-a410-948fed731723

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://order.cava.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Fri, 29 Jul 2022 16:04:02 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google
x-envoy-upstream-service-time: 0

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 141ms
63ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-20771256-2&cid=1122835567.1659110642&jid=1345331703&_u=YEBAAEAAAAAAAC~&z=420602175

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Jul 2022 16:04:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 139ms
62ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-20771256-2&cid=1122835567.1659110642&jid=1345331703&_u=YEBAAEAAAAAAAC~&z=420602175

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Jul 2022 16:04:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/IFFH3LRNVNEK5DGHSDNZYU/index.js
https://s.adroll.com/j/exp/index.js

28 B
785 B

76ms
38ms

Script
application/javascript

2600:9000:225e:7e00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: HTTP/1.1
Server: 2600:9000:225e:7e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

X-Amz-Version-Id: BTP2rshxaRFWPNdrItPYEau9DI6Y8oce
Via: 1.1 816b7f4e336674d9d7828ef4700482e8.cloudfront.net (CloudFront)
Etag: "5816cced8568d223aa09d889f300692b"
Age: 68188
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 28
Last-Modified: Wed, 06 Jul 2022 18:15:57 GMT
Server: AmazonS3
Date: Fri, 29 Jul 2022 07:50:03 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: rMsFfsF1lH4gFSzieRpliJhTKTDT2f9eCdOOnYGHP1cBSubYisqp9w==

Redirect headers

Date: Thu, 28 Jul 2022 16:34:44 GMT
Via: 1.1 816b7f4e336674d9d7828ef4700482e8.cloudfront.net (CloudFront)
Age: 84558
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: dfSNraHndMGEHDT9AYDqBnXF2ZxeSu0_LZHI1nwAPhXTCqkkIOpnDQ==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/IFFH3LRNVNEK5DGHSDNZYU/DF622QT2ORHCDLKDC3DDPR/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
733 B

39ms
38ms

Script
application/javascript

2600:9000:225e:7e00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: HTTP/1.1
Server: 2600:9000:225e:7e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 28 Jul 2022 21:54:20 GMT
Via: 1.1 7efdfc8e9ebc26758933b0151e22707e.cloudfront.net (CloudFront)
Age: 65383
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: tWmr0zrQCdIaQEBivLoj-J2y8LF9gA5Rx1GriJa6akIxt9NkwCOUeA==

Redirect headers

Date: Thu, 28 Jul 2022 19:43:32 GMT
Via: 1.1 816b7f4e336674d9d7828ef4700482e8.cloudfront.net (CloudFront)
Age: 73229
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 61EKRZhaKy8L-HP43fnZa6lXcdUloVf7JR5hMtNyxtUfrR6dUA3hCQ==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/IFFH3LRNVNEK5DGHSDNZYU/DF622QT2ORHCDLKDC3DDPR/ 0
809 B 112ms
38ms Script
text/javascript 2600:9000:225e:7e00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/IFFH3LRNVNEK5DGHSDNZYU/DF622QT2ORHCDLKDC3DDPR/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:7e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

X-Amz-Version-Id: IyKvm1gZ7.OwK9TFJbRkxpXYxKUhoUZq
Via: 1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 3285
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 0
Last-Modified: Wed, 27 Jul 2022 18:34:18 GMT
Server: AmazonS3
Date: Fri, 29 Jul 2022 15:09:18 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 646zABYv9hrLd4RJgq7X5Utgstvh2m4y7lA1caUVpOhDwLkmwj429g==

GET
H2 200 p
tr.snapchat.com/ 68 B
305 B 111ms
47ms Image
image/png 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?trackId=48cd8843-9d29-4fce-a040-e77ffb41a34e&pid=247fc463-f9aa-46d7-af26-5f2e463ede4b&ev=PAGE_VIEW&pl=https%3A%2F%2Forder.cava.com%2Fstores&ts=1659110642430&rf=&v=1.6.0&if=false&bt=1d53c387&intg=gtm&m_sl=2362&m_rd=2391&m_pi=2007.1000003814697&m_dcl=2007.1000003814697&m_fcps=2010.6000003814697&m_pl=0&m_ic=0&m_pv=v2&u_c1=db5c8157-d906-42da-b5e6-14173e5836f7

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
via: 1.1 google
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68

GET
H2 200 17557495.js Show response
bat.bing.com/p/action/ 1 KB
845 B 204ms
203ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17557495.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8f86badfa6027c7bfb6d82aeb265d73d290ef81fce7042814498d8fc4aaebc1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A0B98DFDEEB1414E88FFF8988D4725A7 Ref B: FRA31EDGE0813 Ref C: 2022-07-29T16:04:02Z
date: Fri, 29 Jul 2022 16:04:02 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 667

GET
H2 204 0
bat.bing.com/action/ 0
175 B 60ms
59ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17557495&Ver=2&mid=a82bc1d3-a254-4c35-92af-a450472e4005&sid=1061c2a00f5811eda05bd9f106244923&vid=1061e2c00f5811edb9482f77063e9c30&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=CAVA%20%7C%20Order%20Online&p=https%3A%2F%2Forder.cava.com%2Fstores&r=&lt=2008&evt=pageLoad&sv=1&rn=212827

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2D12A2EF2391488199A08C277B622CC1 Ref B: FRA31EDGE0813 Ref C: 2022-07-29T16:04:02Z
date: Fri, 29 Jul 2022 16:04:02 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 IFFH3LRNVNEK5DGHSDNZYU Show response
d.adroll.com/consent/check/ 449 B
542 B 184ms
56ms Script
application/javascript 52.16.111.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/IFFH3LRNVNEK5DGHSDNZYU?arrfrr=https%3A%2F%2Forder.cava.com%2Fstores&_s=1352d40bdd2b5465fa25254f130e7d5f&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.111.147 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-111-147.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 5013fa33a0bac6102e8deb21a95b5d1187034b57b4f7b7c5adda029c1b82433f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
server: nginx/1.20.0
content-length: 449
content-type: application/javascript

GET
H2 200 identify.js Show response
analytics.tiktok.com/i18n/pixel/ 114 KB
31 KB 131ms
131ms Script
application/javascript 23.36.163.246
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/identify.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8STODK02NERG4EK0OJ0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.246 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-246.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-akamai-request-id: 19a2edab.119436f0
date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a172-232-9-38.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-218.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-parent-response-time: 92,23.36.161.218
server-timing: cdn-cache; desc=MISS, edge; dur=81, origin; dur=11, inner; dur=3
pragma: no-cache
server: nginx
x-tt-logid: 202207291604020100040030077350020250972A432
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 11,172.232.9.38
x-tt-trace-host: 01b5611c10e67fd7b62b972475fb95eb1e1964d1a5ffd328bee7a33690b0eed849c5f227679bc65f875285b345000cbb217bbb52b0f453b2012ac0cfbf76d8ae18110a2e1ded713c5084db1f1b94e88bbd9d839dce6ca65be95f21cf01c5136e4c
expires: Fri, 29 Jul 2022 16:04:02 GMT

GET
H2 200 config.js Show response
analytics.tiktok.com/i18n/pixel/ 864 B
1 KB 131ms
131ms Script
application/javascript 23.36.163.246
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/config.js?sdkid=C8STODK02NERG4EK0OJ0&hostname=order.cava.com
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8STODK02NERG4EK0OJ0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.246 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-246.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a4bf653f1cfb8380639490b0e06a78ea559d00a742260459a68024f30643c35e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-akamai-request-id: 20240a39.1194375d
date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-220-104-24.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-218.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-parent-response-time: 93,23.36.161.218
server-timing: cdn-cache; desc=MISS, edge; dur=87, origin; dur=6, inner; dur=4
content-length: 344
pragma: no-cache
server: nginx
x-tt-logid: 202207291604020100020030050060030120B9C4D11
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 6,23.220.104.24
x-tt-trace-host: 01b5611c10e67fd7b62b972475fb95eb1efbf2fd73c1d831a5633b43a6cfebe96507c8c989727244bdf455b2725525cc1a1580d7ea873552de90dec4441f01e2fe2e8cfc00c77edcdcec1a6137445b6a5b98cf13803dcaea05d340780a06b0e7a2
expires: Fri, 29 Jul 2022 16:04:02 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 37ms
37ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=308432946216559&ev=Microdata&dl=https%3A%2F%2Forder.cava.com%2Fstores&rl=&if=false&ts=1659110642717&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22CAVA%20%7C%20Order%20Online%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22CAVA%20%7C%20Order%20Online%22%2C%22og%3Adescription%22%3A%22order.cava.com%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fd2dk1lz1pgt72l.cloudfront.net%2FCampaign%2FWeb%2F2017_fall_hero_bowl.jpg%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Forder.cava.com%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.66&r=stable&ec=1&o=30&fbp=fb.1.1659110642212.707850769&it=1659110642054&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: order.cava.com
URL: https://order.cava.com/stores

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Fri, 29 Jul 2022 16:04:02 GMT

GET
H2 200 17557495 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 304ms
168ms Script
application/x-javascript 2620:1ec:27::cafe:1994
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/17557495
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/17557495.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1994 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 4c7d81b909fe27ee328c77976d38d37f22bc331870a56a07b5ef669d1fef0d5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
x-powered-by: ASP.NET
x-azure-ref: 08gTkYgAAAAA1BIVDaD9WQoqZLZAv2KaBSEVMMDFFREdFMjEwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
content-length: 1543
expires: -1

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
695 B 162ms
162ms Ping
application/octet-stream 23.36.163.246
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8STODK02NERG4EK0OJ0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.246 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-246.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://order.cava.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 2d679c67.119438eb
date: Fri, 29 Jul 2022 16:04:02 GMT
x-cache-remote: TCP_MISS from a23-221-225-29.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-218.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-parent-response-time: 121,23.36.161.218
server-timing: cdn-cache; desc=MISS, edge; dur=85, origin; dur=39, inner; dur=28
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202207291604020100020450077350020430E510692
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 40,23.221.225.29
x-tt-trace-host: 01b5611c10e67fd7b62b972475fb95eb1efbf2fd73c1d831a5633b43a6cfebe965a2d7286e4d934fb352834ef096da8141348b8aac9946e1c990878248339ee50681540aa65044b288048192af384c95792e40465afd8c9993f56ab26483f17f14
expires: Fri, 29 Jul 2022 16:04:02 GMT

GET
H2 204 pixel
flask.nextdoor.com/ 0
112 B 641ms
207ms Image
text/plain 52.37.133.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://flask.nextdoor.com/pixel?pid=b6cb8556-7dd5-4f3f-8005-27c45b0df48f&ev=PAGE_VIEW&pl=https%3A%2F%2Forder.cava.com%2Fstores&ndclid=&rf=&sem=&tm=1
Requested by: Host: order.cava.com
URL: https://order.cava.com/stores
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.37.133.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-37-133-72.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:03 GMT
x-envoy-upstream-service-time: 2
server: istio-envoy
context-id: 311fb3e6-136f-4b7b-9ae0-74f56bc66a82

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-e/s/0.6.36/ 52 KB
23 KB 166ms
165ms Script
application/javascript 2620:1ec:27::cafe:1994
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-e/s/0.6.36/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/17557495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1994 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: e8aff6a8426e2182081c0e696ff05c3b10eeb43716fe56bbc9f8b3b3069c6736

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 16:04:02 GMT
content-encoding: br
etag: "1d8a0e15023e426"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 08wTkYgAAAACGKtNmOf5YSK/ESHhadYfFSEVMMDFFREdFMjEwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

POST
H2 204 collect Show response
k.clarity.ms/ 0
175 B 392ms
126ms XHR
text/plain 20.96.88.162
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-e/s/0.6.36/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.96.88.162 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://order.cava.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: https://order.cava.com
date: Fri, 29 Jul 2022 16:04:03 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=0EC3A12B554C4F069C5DC42940FEC185&RedC=c.clarity.ms&MXFR=022261953D836CD50A0770653983628E
https://c.clarity.ms/c.gif?CtsSyncId=0EC3A12B554C4F069C5DC42940FEC185&MUID=37EFF64E7A766F3835DFE7BE7BDA6EDA

42 B
370 B

55ms
54ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=0EC3A12B554C4F069C5DC42940FEC185&MUID=37EFF64E7A766F3835DFE7BE7BDA6EDA
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://order.cava.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Jul 2022 16:04:03 GMT
last-modified: Thu, 28 Jul 2022 20:41:52 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "82531c78c2a2d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 29 Jul 2022 16:04:03 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4BFCF68FD69E4F41AACC5CA6057E1E92 Ref B: FRA31EDGE0813 Ref C: 2022-07-29T16:04:03Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=0EC3A12B554C4F069C5DC42940FEC185&MUID=37EFF64E7A766F3835DFE7BE7BDA6EDA
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.cava.com
URL: https://api.cava.com/api/device/register

Verdicts & Comments Add Verdict or Comment

114 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 04:53:17	Name: X-AB Value: 0d6e407936704bd380072f5891d28b0e
order.cava.com/	1970-01-20 06:18:14	Name: cg_device Value: 3b1be14d-f996-7e0f-3bd2-c515b56ac220
.cava.com/	1970-01-20 22:23:02	Name: _ga Value: GA1.2.1122835567.1659110642
.cava.com/	1970-01-20 04:53:17	Name: _gid Value: GA1.2.494385199.1659110642
.cava.com/	1970-01-20 04:51:50	Name: _gat Value: 1
.doubleclick.net/	1970-01-20 04:51:51	Name: test_cookie Value: CheckForPermission
.cava.com/	1970-01-20 07:01:26	Name: _fbp Value: fb.1.1659110642212.707850769
.cava.com/	1970-01-20 07:01:26	Name: _gcl_au Value: 1.1.1508542523.1659110642
.t.co/	1970-01-20 22:23:02	Name: muc_ads Value: 1eb3a5af-85ae-449e-a7de-437992ef6437
.twitter.com/	1970-01-20 22:23:02	Name: personalization_id Value: "v1_6UETWtrkKs1RoKS7ZKTqcQ=="
.cava.com/	1970-01-20 14:21:37	Name: _scid Value: db5c8157-d906-42da-b5e6-14173e5836f7
.bing.com/	1970-01-20 14:13:26	Name: MUID Value: 37EFF64E7A766F3835DFE7BE7BDA6EDA
.cava.com/	1970-01-20 04:53:17	Name: _uetsid Value: 1061c2a00f5811eda05bd9f106244923
.cava.com/	1970-01-20 14:13:26	Name: _uetvid Value: 1061e2c00f5811edb9482f77063e9c30
.snapchat.com/	1970-01-20 14:13:26	Name: sc_at Value: v2\|H4sIAAAAAAAAAAXBgQ3AMAgDsIuQCGSMntMOegXHz+6XmYBLtl9hlsr+nGKHEV1ed9kM4lmABm30B4GAbJAyAAAA
.tiktok.com/	1970-01-20 14:13:26	Name: _ttp Value: 2CcnGAlkysh3OIRISJ9uqQRKcq3
.cava.com/	1970-01-20 14:13:26	Name: _tt_enable_cookie Value: 1
.cava.com/	1970-01-20 14:13:26	Name: _ttp Value: f3663c33-d56f-4e8c-8142-b844e17ba4f6
www.clarity.ms/	1970-01-20 13:37:26	Name: CLID Value: 44665ed063a945d3b411f6ff08f4f6ef.20220729.20230729
.cava.com/	1970-01-20 13:37:26	Name: _clck Value: 1m1hdgm\|1\|f3k\|0
.cava.com/	1970-01-20 04:53:17	Name: _clsk Value: 15jlxkw\|1659110643736\|1\|1\|k.clarity.ms/collect
.c.bing.com/	1970-01-20 14:13:26	Name: SRM_B Value: 37EFF64E7A766F3835DFE7BE7BDA6EDA
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 14:13:26	Name: MUID Value: 37EFF64E7A766F3835DFE7BE7BDA6EDA
.c.clarity.ms/	1970-01-20 04:51:51	Name: ANONCHK Value: 0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://order.cava.com/stores Message: Access to fetch at 'https://api.cava.com/api/device/register' from origin 'https://order.cava.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://api.cava.com/api/device/register Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.nextdoor.com
analytics.tiktok.com
analytics.twitter.com
api.cava.com
bat.bing.com
c.bing.com
c.clarity.ms
connect.facebook.net
d.adroll.com
d2wy8f7a9ursnm.cloudfront.net
flask.nextdoor.com
fonts.googleapis.com
googleads.g.doubleclick.net
k.clarity.ms
order.cava.com
p.typekit.net
s.adroll.com
safetechpageencryption.chasepaymentech.com
sc-static.net
siteimproveanalytics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tr.snapchat.com
use.typekit.net
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
api.cava.com
104.244.42.3
104.244.42.5
13.32.121.21
142.250.184.226
159.53.34.127
199.232.188.157
20.234.93.27
20.96.88.162
23.36.163.246
2600:9000:225e:7e00:6:9280:1080:93a1
2606:4700::6812:127
2620:1ec:27::cafe:1994
2620:1ec:c11::200
2a00:1450:4001:812::2008
2a00:1450:4001:812::200a
2a00:1450:4001:829::2003
2a00:1450:4001:829::200e
2a00:1450:4001:82b::2004
2a00:1450:400c:c07::9c
2a00:1450:4014:80f::2002
2a02:26f0:3500:16::215:1495
2a02:26f0:3500:16::215:14a0
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a06:98c1:3120::3
34.213.121.197
35.190.43.134
52.16.111.147
52.222.206.51
52.222.225.250
52.37.133.72
038943028568899d9f97e37747d7cf59bde4a82f16435a5308f48408516d47f5
09f4901e0b0dc161eee6f30ecb384c5e777f5768754b4583f7ccff038d7fc810
0c27642f131ec180b6ce69e82d3bdb5e31dc77f41e24a1898f8a055cc6f4933b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
169654a2040e9f83c46d4cd65600c3dc9db6db042904c22cc97645fb4323c362
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1cdb975802d4d43b08baeaaab99807f262e327f77649ee965536088efa911c41
1fbb6c077b4a123bea8f94ccd90c31ab633efc6926b35884830758b52d036419
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2f469eee40b5f0bb3a5823b2cd4d1fd9a92afe4a2ac549dcd458902db6afa507
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
37890dea5b2726064a174b28b90faf16d51fed898d0f37e2fb0342161593d68c
4c7d81b909fe27ee328c77976d38d37f22bc331870a56a07b5ef669d1fef0d5e
5013fa33a0bac6102e8deb21a95b5d1187034b57b4f7b7c5adda029c1b82433f
5e67377be7c682ecfa690c0b8d01fdba98b12a541bf798de78811635a450f99e
62a1fb4e9d85300fe7acf744e0ee25172a0a9575b301ba8d1c38ce3cc5da3a8e
7d52994b327c797e0d0d410ace642d8cce0c0d3053b558ea94edf00a9ebde07d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
897b09bbba043a4bbe2de18cb38fc13edd2a1286554a4e78fe68dd3bda78c96c
8e423383d3be2a40b83db6f40a7af5bbbd02be428dfb73ef5d22fe2ae676b641
8f86badfa6027c7bfb6d82aeb265d73d290ef81fce7042814498d8fc4aaebc1c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9db9265f8119cc29e3011eb69fb5d9bfb6b2b715890351480ac0904059af7f02
9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc
a14fb59bd1bc75ba4be4118b788398d2e50d11f3ff8b8d87b537d710e7b1d1d2
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3e0fbb31ea7229f433a1ea02fb9d52c4864862ec41c07a27cadcf990d10c28e
a4bf653f1cfb8380639490b0e06a78ea559d00a742260459a68024f30643c35e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aeff9e365e783428ed76f4eebf4417858b590cd635c4b15ee37cf446da822a4a
affb4822fa0ce3098029af18a7b75fd34f76ddcec2ac33831c8c13848ebd979b
b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0
b7d62666b9456d76fb84a489ce717ba036072dc1b3e21f22a18b001834e81187
ba6ca723df7e614725498820e695bdb78fc8f5074898725f5b260a23cb481aad
d963ad8ac1f05a0e1956fc7038b7648dae588bd98f2666958f3dfc3d3087ca9b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8aff6a8426e2182081c0e696ff05c3b10eeb43716fe56bbc9f8b3b3069c6736
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f029570707570adad39a91957394459f0aff88940b8c6074e6db934ceead6fdd
f4f6e3e53177c08ab6c846bcb9873aac07bc77b76e56c21c45436d7a0c6d245f
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
fe74bca1db05ee86384c38d7ccbe3ea90b2f60fb928c1ce2d7f17e92d75f9ca5

order.cava.com Open in urlscan Pro 13.32.121.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

58 Requests

93 %HTTPS

52 %IPv6

24 Domains

32 Subdomains

32 IPs

4 Countries

2683 kBTransfer

3701 kBSize

25 Cookies

0 Outgoing links

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

order.cava.com Open in urlscan Pro
13.32.121.21 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

93 %
HTTPS

52 %
IPv6

24
Domains

32
Subdomains

32
IPs

4
Countries

2683 kB
Transfer

3701 kB
Size

25
Cookies

58 HTTP transactions
0 data transactions