Submitted URL: https://heysara.co.nz/
Effective URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Submission: On January 13 via api from US — Scanned from US

Summary

This website contacted 43 IPs in 3 countries across 29 domains to perform 209 HTTP transactions. The main IP is 23.227.38.32, located in Ottawa, Canada and belongs to CLOUDFLARENET, US. The main domain is heysara.com.
TLS certificate: Issued by R3 on December 5th 2023. Valid for: 3 months.
This is the only time heysara.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 23.227.38.65 13335 (CLOUDFLAR...)
60 23.227.38.32 13335 (CLOUDFLAR...)
3 2607:f8b0:402... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2607:f8b0:402... 15169 (GOOGLE)
16 151.101.194.133 54113 (FASTLY)
33 23.227.60.200 13335 (CLOUDFLAR...)
1 99.84.208.58 16509 (AMAZON-02)
3 3.162.112.127 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2a03:2880:f00... 32934 (FACEBOOK)
1 2607:f8b0:402... 15169 (GOOGLE)
1 23.227.38.33 13335 (CLOUDFLAR...)
2 52.27.241.171 16509 (AMAZON-02)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 151.101.130.133 54113 (FASTLY)
1 172.217.13.194 15169 (GOOGLE)
1 2607:f8b0:402... 15169 (GOOGLE)
1 1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:402... 15169 (GOOGLE)
8 34.102.229.135 396982 (GOOGLE-CL...)
1 2a03:2880:f10... 32934 (FACEBOOK)
1 185.146.173.20 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
5 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2600:9000:21d... 16509 (AMAZON-02)
1 2600:9000:23c... 16509 (AMAZON-02)
1 3.211.248.173 14618 (AMAZON-AES)
1 167.99.228.137 14061 (DIGITALOC...)
1 54.156.145.102 14618 (AMAZON-AES)
2 2607:f8b0:402... 15169 (GOOGLE)
1 52.92.195.32 16509 (AMAZON-02)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
6 192.229.210.155 15133 (EDGECAST)
4 2607:f8b0:400... 15169 (GOOGLE)
11 151.101.65.21 54113 (FASTLY)
4 2607:f8b0:402... 15169 (GOOGLE)
10 2607:f8b0:402... 15169 (GOOGLE)
3 151.101.1.35 54113 (FASTLY)
4 2606:4700::68... ()
1 18.160.41.16 ()
209 43
Apex Domain
Subdomains
Transfer
60 heysara.com
heysara.com
1 MB
33 shopify.com
cdn.shopify.com — Cisco Umbrella Rank: 2215
1 MB
21 klaviyo.com
static.klaviyo.com — Cisco Umbrella Rank: 3303
static-tracking.klaviyo.com — Cisco Umbrella Rank: 4014
fast.a.klaviyo.com — Cisco Umbrella Rank: 4284
static-forms.klaviyo.com — Cisco Umbrella Rank: 3961
a.klaviyo.com
146 KB
17 google.com
analytics.google.com — Cisco Umbrella Rank: 154
www.google.com — Cisco Umbrella Rank: 2
pay.google.com — Cisco Umbrella Rank: 2630
play.google.com — Cisco Umbrella Rank: 31
424 KB
14 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3015
t.paypal.com — Cisco Umbrella Rank: 3523
35 KB
8 shopifysvc.com
monorail-edge.shopifysvc.com — Cisco Umbrella Rank: 3211
6 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2611
483 KB
6 gstatic.com
fonts.gstatic.com
www.gstatic.com
174 KB
6 nfcube.com
cdn.nfcube.com — Cisco Umbrella Rank: 16268
instafeed.nfcube.com — Cisco Umbrella Rank: 15731
15 KB
5 promobanner.app
static.promobanner.app — Cisco Umbrella Rank: 785884
peter.promobanner.app — Cisco Umbrella Rank: 681929
12 KB
5 stamped.io
cdn1.stamped.io — Cisco Umbrella Rank: 15297
stamped.io — Cisco Umbrella Rank: 13276
68 KB
3 nice-team.net
cdn-bundler.nice-team.net — Cisco Umbrella Rank: 37817
bundler.nice-team.net — Cisco Umbrella Rank: 33635
2 KB
3 stkbl.app
admin.stkbl.app — Cisco Umbrella Rank: 186687
3 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37
243 KB
2 hextom.com
cdn.hextom.com — Cisco Umbrella Rank: 15362
fsb.hextom.com — Cisco Umbrella Rank: 31940
17 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 174
92 KB
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 79
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
1 KB
2 myshopapps.com
cdn.myshopapps.com — Cisco Umbrella Rank: 66467
iwish.myshopapps.com — Cisco Umbrella Rank: 134051
3 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 369
fonts.googleapis.com — Cisco Umbrella Rank: 28
33 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
23 KB
1 cloudfront.net
d3k81ch9hvuctc.cloudfront.net
112 KB
1 amazonaws.com
s3-us-west-2.amazonaws.com
7 KB
1 enhencer.com
cdn.enhencer.com — Cisco Umbrella Rank: 312955
11 KB
1 shopifyapps.com
geolocation-recommendations.shopifyapps.com — Cisco Umbrella Rank: 7767
19 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
185 B
1 merchant-center-analytics.goog
www.merchant-center-analytics.goog — Cisco Umbrella Rank: 5478
251 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 145
2 KB
1 shop.app
shop.app — Cisco Umbrella Rank: 4583
2 KB
1 heysara.co.nz
heysara.co.nz
1 KB
209 29
Domain Requested by
60 heysara.com heysara.com
cdn.shopify.com
33 cdn.shopify.com heysara.com
11 www.paypal.com www.paypalobjects.com
heysara.com
10 play.google.com www.gstatic.com
8 monorail-edge.shopifysvc.com heysara.com
8 static-tracking.klaviyo.com static.klaviyo.com
7 static.klaviyo.com heysara.com
static.klaviyo.com
6 www.paypalobjects.com heysara.com
www.paypal.com
www.paypalobjects.com
5 instafeed.nfcube.com cdn.nfcube.com
heysara.com
instafeed.nfcube.com
4 a.klaviyo.com heysara.com
4 www.gstatic.com pay.google.com
www.gstatic.com
4 pay.google.com heysara.com
pay.google.com
www.gstatic.com
4 peter.promobanner.app heysara.com
3 t.paypal.com
3 admin.stkbl.app heysara.com
3 cdn1.stamped.io heysara.com
cdn1.stamped.io
3 www.googletagmanager.com heysara.com
www.googletagmanager.com
2 fonts.gstatic.com fonts.googleapis.com
2 cdn-bundler.nice-team.net heysara.com
cdn-bundler.nice-team.net
2 stamped.io heysara.com
2 connect.facebook.net heysara.com
connect.facebook.net
2 analytics.google.com www.googletagmanager.com
2 cdnjs.cloudflare.com heysara.com
1 d3k81ch9hvuctc.cloudfront.net
1 s3-us-west-2.amazonaws.com
1 fsb.hextom.com heysara.com
1 bundler.nice-team.net cdn-bundler.nice-team.net
1 iwish.myshopapps.com heysara.com
1 cdn.hextom.com heysara.com
1 cdn.enhencer.com heysara.com
1 cdn.nfcube.com heysara.com
1 static.promobanner.app heysara.com
1 geolocation-recommendations.shopifyapps.com heysara.com
1 www.facebook.com heysara.com
1 www.google.com heysara.com
1 googleads.g.doubleclick.net 1 redirects
1 www.merchant-center-analytics.goog www.googletagmanager.com
1 www.googleadservices.com www.googletagmanager.com
1 static-forms.klaviyo.com heysara.com
1 fast.a.klaviyo.com heysara.com
1 shop.app heysara.com
1 fonts.googleapis.com ajax.googleapis.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 cdn.myshopapps.com heysara.com
1 ajax.googleapis.com heysara.com
1 heysara.co.nz 1 redirects
209 46

This site contains links to these domains. Also see Links.

Domain
www.instagram.com
www.facebook.com
twitter.com
www.pinterest.com.au
stamped.io
www.shopify.com
Subject Issuer Validity Valid
heysara.com
R3
2023-12-05 -
2024-03-04
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
static.klaviyo.com
R3
2023-11-14 -
2024-02-12
3 months crt.sh
cdn.shopify.com
E1
2024-01-06 -
2024-04-05
3 months crt.sh
cdn.myshopapps.com
Amazon RSA 2048 M02
2023-11-28 -
2024-12-26
a year crt.sh
*.stamped.io
Amazon RSA 2048 M02
2023-09-11 -
2024-10-08
a year crt.sh
*.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-10-22 -
2024-01-20
3 months crt.sh
static-tracking.klaviyo.com
R3
2023-11-22 -
2024-02-20
3 months crt.sh
shop.app
E1
2023-11-20 -
2024-02-18
3 months crt.sh
stamped.io
Amazon RSA 2048 M02
2023-07-23 -
2024-08-21
a year crt.sh
stkbl.app
GTS CA 1P5
2024-01-02 -
2024-04-01
3 months crt.sh
fast.a.klaviyo.com
R3
2023-11-14 -
2024-02-12
3 months crt.sh
static-forms.klaviyo.com
R3
2023-12-22 -
2024-03-21
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
merchant-center-analytics.goog
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
monorail-edge-gateway-central.shopifycloud.com
R3
2023-12-10 -
2024-03-09
3 months crt.sh
geolocation-recommendations.shopifyapps.com
E1
2023-12-24 -
2024-03-23
3 months crt.sh
promobanner.app
E1
2023-12-17 -
2024-03-16
3 months crt.sh
nfcube.com
GTS CA 1P5
2023-12-26 -
2024-03-25
3 months crt.sh
*.enhencer.com
Sectigo RSA Domain Validation Secure Server CA
2023-04-24 -
2024-02-22
10 months crt.sh
*.hextom.com
Amazon RSA 2048 M02
2023-03-17 -
2024-04-14
a year crt.sh
myshopapps.com
Amazon RSA 2048 M01
2023-02-17 -
2024-03-17
a year crt.sh
bundler.nice-team.net
R3
2023-11-20 -
2024-02-18
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.s3-us-west-2.amazonaws.com
Amazon RSA 2048 M01
2023-10-10 -
2024-08-03
10 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA
2023-10-12 -
2024-10-31
a year crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA
2023-09-21 -
2024-10-21
a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2023-10-10 -
2024-09-19
a year crt.sh

This page contains 6 frames:

Primary Page: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Frame ID: 0CF54322A041C4590C8C6F6C58AF2251
Requests: 169 HTTP requests in this frame

Frame: https://heysara.com/wpm@08d9d536wbc499b5ep9e0ec6b9m18e2802a/web-pixel-shopify-custom-pixel@0570/sandbox/modern/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Frame ID: 99452813E2EE191BEDDC44CB8DFC9EE3
Requests: 1 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fheysara.com&mid=16708973830884969730
Frame ID: 69818D49C4DD52467FFB9C8F293F059F
Requests: 12 HTTP requests in this frame

Frame: https://www.paypal.com/smart/button?env=production&style.label=paypal&style.shape=rect&style.maxbuttons=1&style.tagline=false&style.size=responsive&style.height=54&style.color=gold&domain=heysara.com&sessionID=uid_af53bc170c_mda6mzi6mtm&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&renderedButtons=paypal&storageID=uid_7f2084828d_mda6mzi6mtm&funding.disallowed=venmo&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=3d19d98ca5&version=min&xcomponent=1
Frame ID: C575B1F12D9A615BD80CA167CCC22A98
Requests: 10 HTTP requests in this frame

Frame: data://truncated
Frame ID: 63C74E67946134F462AACEE74261DFB8
Requests: 2 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 9FAE19D6603D4CEEF00BEC64E525FDB9
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

Hey Sara - Australian Online Fashion Boutique for Women Close teaserClose dialog 1

Page URL History Show full URLs

  1. https://heysara.co.nz/ HTTP 302
    https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • pay\.google\.com/([a-z/]+)/pay\.js

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • klaviyo\.com

Overall confidence: 100%
Detected patterns
  • swiper(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

209
Requests

100 %
HTTPS

55 %
IPv6

29
Domains

46
Subdomains

43
IPs

3
Countries

4088 kB
Transfer

9567 kB
Size

44
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://heysara.co.nz/ HTTP 302
    https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770484391/?random=674550723&cv=11&fst=1705105931831&bg=ffffff&guid=ON&async=1&gtm=45be41a0v898710151&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&label=hre4CILk7M8CEKfRsu8C&tiba=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&hn=www.googleadservices.com&frm=0&gtm_ee=1&auid=1637094968.1705105932&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fen-us&fmt=3&ct_cookie_present=false&ocp_id=C9qhZdWKPLyboPMP66Cn6AU&sscte=1&crd=&pscrd=Ek9DaEVJZ09PRHJRWVFyZV8yd0tudDhvU3pBUkltQUJLeDhicFRfeGd1SEd5WmZZRy00SEVDUk1vOUVLMjhlYUhQMjZzTEZLd1FiUEl6SmQwGlpDaEVJZ09PRHJRWVF6TTdqbTRxams3NmpBUkl1QU1vUkdFaGZZbjIwaG1TSDhLVFk4b20ybXg2bWFfV3J4TkJUbjkzcGVHbUROLWFUdW1RQk1aU0F0Y1J1MFEiEwiVvIXLjtmDAxW8DWgIHWvQCV0 HTTP 302
  • https://www.google.com/pagead/1p-conversion/770484391/?random=674550723&cv=11&fst=1705105931831&bg=ffffff&guid=ON&async=1&gtm=45be41a0v898710151&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&label=hre4CILk7M8CEKfRsu8C&tiba=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&hn=www.googleadservices.com&frm=0&gtm_ee=1&auid=1637094968.1705105932&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fen-us&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09PRHJRWVFyZV8yd0tudDhvU3pBUkltQUJLeDhicFRfeGd1SEd5WmZZRy00SEVDUk1vOUVLMjhlYUhQMjZzTEZLd1FiUEl6SmQwGlpDaEVJZ09PRHJRWVF6TTdqbTRxams3NmpBUkl1QU1vUkdFaGZZbjIwaG1TSDhLVFk4b20ybXg2bWFfV3J4TkJUbjkzcGVHbUROLWFUdW1RQk1aU0F0Y1J1MFEiEwiVvIXLjtmDAxW8DWgIHWvQCV0&is_vtc=1&ocp_id=C9qhZdWKPLyboPMP66Cn6AU&cid=CAQSGwAvHhf_CvWlDH2hRlzLdBDY0-7XVtTYDwz_Vg&random=3126465515

209 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request en-us
heysara.com/
Redirect Chain
  • https://heysara.co.nz/
  • https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
176 KB
31 KB
Document
General
Full URL
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
b2bb058a1375dd7493c528d7128c1da5c1fcfabc693ab92604d697d2f0effda7
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84498a636ec9634a-ORD
content-encoding
br
content-language
en
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Sat, 13 Jan 2024 00:32:11 GMT
etag
W/"cacheable:d6a16ed2009dbed6c426b9ecb3e503b9"
link
<https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin, <//heysara.com/cdn/shop/t/126/assets/theme.css?v=26801060061399558631702866102>; as="style"; rel="preload"
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UzdcLvMEsZCdnco1CtLD1ZutHQkyNXqO%2BQQxuDvT0W7T65tiDbYVEfHeKvLDnU1aSAz0aQz3ygNJ8HKfRFkVpbADqlZ74yAUuyhMwpDa2P5FDxr4Z81Ke2jZWhFA"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=180, db;dur=74, render;dur=73, wasm, asn;desc="20278", edge;desc="ORD", country;desc="US", theme;desc="138370285815", pageType;desc="index", servedBy;desc="tkch", requestID;desc="1d862d8b-9893-4096-9844-9878432550cf" cfRequestDuration;dur=213.000059
strict-transport-security
max-age=7889238
vary
Accept
x-cache
miss
x-content-type-options
nosniff
x-dc
gcp-us-central1,gcp-us-central1,gcp-us-central1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
1d862d8b-9893-4096-9844-9878432550cf
x-shardid
246
x-shopid
26376386
x-shopify-stage
production
x-sorting-hat-podid
246
x-sorting-hat-shopid
26376386
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84498a621e275e72-EWR
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Sat, 13 Jan 2024 00:32:10 GMT
location
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WrwtPTeuhty4dOu6jjj15i1LIvukBgzBzRjZFVV5MQLA8l09mIlm6rXGZ7XL5xylca1xr2FiJFnmo%2FMJopLY%2FOmDAJjb8OI3kS9EpwTtjR4W9ZJEdHzZbujA8ZdIMD8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=12, db;dur=4, asn;desc="20278", edge;desc="EWR", country;desc="US", theme;desc="138370285815", pageType;desc="index", servedBy;desc="cl6v", requestID;desc="a3997f47-fada-4c6b-a81c-f51c8d01a8b2" cfRequestDuration;dur=51.000118
strict-transport-security
max-age=7889238
vary
Accept
x-content-type-options
nosniff
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
a3997f47-fada-4c6b-a81c-f51c8d01a8b2
x-shardid
246
x-shopid
26376386
x-shopify-stage
production
x-sorting-hat-podid
246
x-sorting-hat-shopid
26376386
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block
theme.css
heysara.com/cdn/shop/t/126/assets/
198 KB
34 KB
Stylesheet
General
Full URL
https://heysara.com/cdn/shop/t/126/assets/theme.css?v=26801060061399558631702866102
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
955c7af8acfccde7ec166c68b3ee2f9d5a845218ed4cbf8232a41b53b4dc31b9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=104.553, imageryFetch;dur=82.339, cfRequestDuration;dur=77.999830
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
5bfe8a4f-6d61-42fb-a75e-5fd8b92490fa
last-modified
Tue, 09 Jan 2024 22:01:22 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8g75CNTVWfUD2TYmI8RJJuFdmLq9slrHTfEDhcSOA%2FYAyJl%2BSbDunSqv0RQA3m%2BlqxRCTmEO0YBOMq0NmrDrraeIJBMV8xcLYOLu4lJBxanI43P2dgQSXqSXOvvi"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
cf-ray
84498a64f84c634a-ORD
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/2637/6386/t/126/assets/theme.css>; rel="canonical"
x-sorting-hat-podid
246
js
www.googletagmanager.com/gtag/
279 KB
93 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4G9MT42V3K
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d44d66ba67c9bb717ab94eae48faff394759c5ea356e17f0055a10b255c5574c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
94552
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 13 Jan 2024 00:32:11 GMT
preloads.js
heysara.com/checkouts/internal/
4 KB
1 KB
Script
General
Full URL
https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
4a80504b7b441ff26b6362263d2b9a034fe5c082b807b5006b451d9a1b14aa2d
Security Headers
Name Value
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=7889238
x-content-type-options
nosniff
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=akfIYB3m%2F77pohSvoM5yZ3WSxkrP4eEZ%2B9Fh1ocWP2cRKZ0WBWdQ5wgbVCl0tQPfvFKvgfkWKhtXsYW2HLEB6PMLLGLBRMGtTGwUhtGAQ6eLnwh9PVjsP3qFJsv6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; encoding=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
server-timing
cfRequestDuration;dur=180.000067
timing-allow-origin
*
cf-ray
84498a661c0b7293-EWR
alt-svc
h3=":443"; ma=86400
load_feature-87876fa245af19cbd14aa886ed59c6aa8a27c45d24dcd7a81cf2d2323506233e.js
heysara.com/cdn/shopifycloud/shopify/assets/storefront/
12 KB
4 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/shopify/assets/storefront/load_feature-87876fa245af19cbd14aa886ed59c6aa8a27c45d24dcd7a81cf2d2323506233e.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
87876fa245af19cbd14aa886ed59c6aa8a27c45d24dcd7a81cf2d2323506233e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
85339
content-encoding
br
server-timing
imagery;dur=44.900, imageryFetch;dur=43.954, cfRequestDuration;dur=10.999918
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
8ba97d89-309b-4c04-8e98-5833ce44c9c3
last-modified
Fri, 12 Jan 2024 00:49:52 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ApEiOgyuO%2FKfkOIgAZrt1gm3uf7qJs1GfB8GZoed2A0jiUJJUP9iIJ%2FK4uOP9kb9PXi9mZiK4yVTegCRisVVEAv%2FKoddg%2Bis2nJUZs6f%2BTLod0cv2p26DbDTdR%2BL"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
cf-ray
84498a661c0c7293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-87876fa245af19cbd14aa886ed59c6aa8a27c45d24dcd7a81cf2d2323506233e.js>; rel="canonical"
x-sorting-hat-podid
-1
storefront-a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f.js
heysara.com/cdn/shopifycloud/shopify/assets/shopify_pay/
49 KB
19 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/shopify/assets/shopify_pay/storefront-a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f.js?v=20220906
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
94064
content-encoding
br
server-timing
imagery;dur=28.762, imageryFetch;dur=28.500, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
31ca6c45-d3e8-418a-a2b5-949caf8c0f15
last-modified
Thu, 11 Jan 2024 22:24:27 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5L9ysDfZRnrYWQnCjd82J%2FOxnPCRgJM9NEZlx0y05bqS%2Fyw1LvXpmmhGi4f%2FJk%2FDFzZxqZUUcL8AXC9ASnCkguc3fnRCe07XOS97yBWXFJQl9qXUedHOBxe9X1PD"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
cf-ray
84498a661c0e7293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/shopify_pay/storefront-a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f.js>; rel="canonical"
x-sorting-hat-podid
-1
features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js
heysara.com/cdn/shopifycloud/shopify/assets/storefront/
37 KB
14 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/shopify/assets/storefront/features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
89695
content-encoding
br
server-timing
imagery;dur=27.935, imageryFetch;dur=26.139, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
db977613-4688-4de7-a32d-517f91425220
last-modified
Thu, 11 Jan 2024 23:37:16 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GByKv7PBWrNosL4NQMwYyajpbBweV7tky1BlnwVEFTq9yKDaMqKlC0%2BtZKBwwX%2BAZCESFDUeOisxULJcHWRFCjgNtIyUyDkn6kOr8g%2BX%2FKjnx9eD81M3rWsPoIBH"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
cf-ray
84498a661c0f7293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js>; rel="canonical"
x-sorting-hat-podid
-1
vendor-scripts-v11.js
heysara.com/cdn/shop/t/126/assets/
141 KB
46 KB
Script
General
Full URL
https://heysara.com/cdn/shop/t/126/assets/vendor-scripts-v11.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
0dda7ba92272bd57c764ef327a30ce7d462e01d51837e5d3cb62ef90d8011717
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
content-encoding
br
server-timing
imagery;dur=120.335, imageryFetch;dur=91.304, cfRequestDuration;dur=39.999962
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
22444b17-714c-4352-8ff5-06716b34e69d
last-modified
Thu, 11 Jan 2024 21:45:05 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2pqNsLsmbfHVNmDs7%2FFeXnVyNc7c%2FuStxq4uuZn4fZRiWagsPF6uEEp8UjlwyAhkhzFMzAf2h%2FXe1T2PsmNRCQuB93sHAGcrTm8U35Q4vD8oiNdfWkb1zTBiAXgi"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
cf-ray
84498a661c107293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/2637/6386/t/126/assets/vendor-scripts-v11.js>; rel="canonical"
x-sorting-hat-podid
246
country-flags.css
heysara.com/cdn/shop/t/126/assets/
18 KB
2 KB
Stylesheet
General
Full URL
https://heysara.com/cdn/shop/t/126/assets/country-flags.css
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
bd241bf839d36d4e92663df4747e41782fbde581b9670dec0132b69f63d42919
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
106826
content-encoding
br
server-timing
imagery;dur=130.659, imageryFetch;dur=99.555, cfRequestDuration;dur=11.000156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
c4ba1d72-a9fe-4965-aa33-c351c52d5b64
last-modified
Tue, 02 Jan 2024 14:00:08 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=63N9mwhnp95EXdeFzLjFsZqy%2FAuXo6UT7cqWyGfJyEq8N9QymobrYldaa5%2BIm87JbblveaLKOuurOW0nKxIiW7T97koYeHEvRQJLmQhdjEIT2VrwSjn%2FUcvq6v2O"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
cf-ray
84498a650852634a-ORD
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/2637/6386/t/126/assets/country-flags.css>; rel="canonical"
x-sorting-hat-podid
246
theme.js
heysara.com/cdn/shop/t/126/assets/
238 KB
53 KB
Script
General
Full URL
https://heysara.com/cdn/shop/t/126/assets/theme.js?v=14841166066561010881702865899
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
13f582e60f4bd58d4110853ae1919dce15aeeca5d40b56c1986039ebf1d738d3
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
content-encoding
br
server-timing
imagery;dur=128.016, imageryFetch;dur=85.741, cfRequestDuration;dur=36.999941
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
61dfc80b-89cc-45f8-a7f2-91617ec97d64
last-modified
Thu, 11 Jan 2024 21:16:57 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3HPWg%2FhRoZ24Y9SG53H%2FZiZfKGOiRL7LY4PfdTEMZC1iOx2FlKrOP1NbB1De4yTTtPlmX8XlqIE71AiXCX8gVcd7FqyPhisYYTsKBEORK1fgYUQokVtepD5xh%2F2z"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
cf-ray
84498a661c137293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/2637/6386/t/126/assets/theme.js>; rel="canonical"
x-sorting-hat-podid
246
swiper.min.css
cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.1/css/
17 KB
3 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.1/css/swiper.min.css
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5c9917ae6f29de0ba5c6606ea4d7bae6a7072f6b08fc90ddf9cfc09027b07ee
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3043834
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2439
last-modified
Mon, 04 May 2020 16:04:02 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03cf2-4562"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nPpVVxB0VU65rNWDL%2BCA8pwejDwEGm5LzLri9fQ9sCWaeagwJwYOH8C0uo3GB1Em9bV1zWdISOpTJKgT6FAUcSe%2FlMSUdVn64yNoald0ERjliQklGiRZ%2BhW8ChDbkuoIWg0%2B83E6kuI9rA9qO3nk8YJj"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a656f3d4bc9-BUF
expires
Thu, 02 Jan 2025 00:32:11 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/
87 KB
31 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 13:15:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126999
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jan 2025 13:15:32 GMT
swiper.min.js
cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.1/js/
95 KB
21 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.1/js/swiper.min.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00792ef04b29d7cbd5110cea7e934b63b774145c63defbc66d3df9bd1023ff63
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2002147
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
20403
last-modified
Mon, 04 May 2020 16:04:02 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03cf2-17a3a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEAvxWbNCTL8wDkyikCdNrOx2PpB7cSowNTAldKQXa1aDckr9%2FXSwLmBempP62RkLUZrUSBSh1w1ZkFsqFKdpdMzMytvtmP27Pb4lI1rutIhcekqqx8iyTo9iO4kNIkgTjkhgIpiS0su%2FIB%2FWCO7FXY%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a656f3e4bc9-BUF
expires
Thu, 02 Jan 2025 00:32:11 GMT
klaviyo.js
static.klaviyo.com/onsite/js/
3 KB
2 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=Hcz7BQ
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
efbb5378714832ff3bbcf979c5e5d0bfc1bd1873746156bda40c2de2d672f398
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy
script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
age
5502
x-cache
HIT, MISS
content-length
1146
x-served-by
cache-lga21967-LGA, cache-yyz4526-YYZ
server
nginx
x-timer
S1705105932.520047,VS0,VE14
etag
W/"559decdb83dcb8ba6ee5f93378637d46"
allow
OPTIONS, GET
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
content-type
application/javascript
cache-control
max-age=1, stale-while-revalidate=10800
access-control-allow-credentials
true
vary
Accept-Encoding
accept-ranges
bytes
access-control-allow-headers
x-cache-hits
8, 0
main.c053b88e.chunk.css
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
12 KB
4 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/main.c053b88e.chunk.css
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
1f664948b701e8565d57803d8e3a9ea104b455d21acad80e9ad0d3c2d7536c37
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
67526
content-encoding
br
server-timing
imagery;dur=31.611, imageryFetch;dur=30.710, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
9c7e2e01-518b-4640-8662-c463f5cae1d9
last-modified
Fri, 12 Jan 2024 05:40:47 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gzc1D9rl2mBFary184UDVVJQxMtygyPlzeXTyjLHZDCYPwwqUyBHt21aCfq1mj38PI0r0o1OJg46BgfLVHa48hecqQl5DDThH66EcMsqETGTsKzbHMOZ0xUr9o3AVb0mUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/main.c053b88e.chunk.css>; rel="canonical"
cf-ray
84498a653f224bc9-BUF
2021_Hey_Sara_Logo_update_new_font_1200_x_628_7af67c3f-d1fa-49f8-8422-ae793729a9e9_120x.png
heysara.com/cdn/shop/files/
5 KB
6 KB
Image
General
Full URL
https://heysara.com/cdn/shop/files/2021_Hey_Sara_Logo_update_new_font_1200_x_628_7af67c3f-d1fa-49f8-8422-ae793729a9e9_120x.png?v=1629343155
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
cc3ffbdc61143dd70b512433d9bfe3c041f3cba9383af584f7c1c23baa3b1747
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
source-type
image/png
server-timing
imagery;dur=220.063, imageryFetch;dur=98.947, imageryProcess;dur=120.240;desc="image", cfRequestDuration;dur=19.999981
source-length
85978
content-length
5554
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
be3dbb56-b765-4aea-92c3-47bbcfc91a78
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Jan 2024 17:21:56 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MCFbCr%2Bxrle%2FpuySXFuTtrlN7gLyDPqZg4VJ55HdOCAO6ofTG0GY4%2F7B5tysPGO23A4XDk%2B0mg5uudFnF3yNKbw5QrgMSrkUtaMd%2FVBICjQ3ddamBD2AxG2D0l3R"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a652870634a-ORD
x-sorting-hat-podid
246
2021_Hey_Sara_Logo_update_new_font_1200_x_628_7af67c3f-d1fa-49f8-8422-ae793729a9e9_70x.png
heysara.com/cdn/shop/files/
3 KB
4 KB
Image
General
Full URL
https://heysara.com/cdn/shop/files/2021_Hey_Sara_Logo_update_new_font_1200_x_628_7af67c3f-d1fa-49f8-8422-ae793729a9e9_70x.png?v=1629343155
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
ff7efc15855636ac36986ca3d89ec9ab58a444081ce9b0cb401269f20f002e05
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
242494
source-type
image/png
server-timing
imagery;dur=180.736, imageryFetch;dur=104.362, imageryProcess;dur=75.480;desc="image", cfRequestDuration;dur=12.999773
source-length
85978
content-length
3206
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
11a0c993-3bcd-4bd7-bfbf-731cb760d363
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 02 Dec 2023 13:49:15 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZCNwBNQ9fyXd3pTK8wp7Qmrk2DjX6GbRpPOegEfzBOwxobl5BbHLXGRZ44jK6w8ML2sAYb7fTo8ZVGvljMtJUEnDMjmfBAy5EucOYLc3rKlAoSX%2FVAUXDs6wAFPj"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a652871634a-ORD
x-sorting-hat-podid
246
2021_Hey_Sara_Logo_update_new_font_400_x_400_x120@2x.png
heysara.com/cdn/shop/files/
10 KB
11 KB
Image
General
Full URL
https://heysara.com/cdn/shop/files/2021_Hey_Sara_Logo_update_new_font_400_x_400_x120@2x.png?v=1657414001
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
04a4cf7d97f67e5b18433c67871b6fc42c4c81bd21a31bf1a9f4d80394e967cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
source-type
image/png
server-timing
imagery;dur=305.812, imageryFetch;dur=85.266, imageryProcess;dur=219.761;desc="image", cfRequestDuration;dur=36.999941
source-length
36760
content-length
10138
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
4d4dc782-58b4-4ba5-9929-cd363d08e65b
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 08 Jan 2024 15:13:27 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Pc6IdQg5nMe%2FmCFo4JL1hz68PBxEfWCc5E5JEe1Ubt4wQyP1NIiPjfwzRkNt4FFROTxgUGF%2BtxkoU4ClQeauUrRmvbjh752nIvq7Jtv40sO%2BVJHpjlmuOo90a6M"}],"group":"cf-nel","max_age":604800}
content-type
image/avif
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a656b4a7293-EWR
x-sorting-hat-podid
246
iwishlist.js
cdn.myshopapps.com/iwish/
9 KB
3 KB
Script
General
Full URL
https://cdn.myshopapps.com/iwish/iwishlist.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.208.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-208-58.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2cf287b78e78aaa78b8d4388f1be3b67196a7f762516b6dd1740d2bad3294111

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 13 Dec 2023 10:20:19 GMT
content-encoding
br
via
1.1 a929b4bfaa0111e3feb7c4dbffdbd8d8.cloudfront.net (CloudFront)
x-amz-version-id
JVD_xj4MbFkSWUeuTi8lw9zQ2bkHCwOM
last-modified
Wed, 17 Nov 2021 10:59:09 GMT
server
AmazonS3
x-amz-cf-pop
IAD79-C1
age
2643113
etag
W/"8872e9f5c098a7d214bef1c837e2a8ef"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=15552000
x-amz-cf-id
q1a7Yo7pjQDi57Yz9Ihn3J2Nz07LcOQZP9EGN-OTbvUgFUwLPMuYtQ==
widget.min.js
cdn1.stamped.io/files/
102 KB
29 KB
Script
General
Full URL
https://cdn1.stamped.io/files/widget.min.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-127.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
680821099ccc3f909e4e7a0bf1ea20b50b34edb28b8259bc10799468192874f7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
yiYflH7rOk.yZXEYjN2qPq07lawVr.FU
content-encoding
br
via
1.1 9a7233ae68a3338294c89b1bf53bc426.cloudfront.net (CloudFront)
date
Fri, 12 Jan 2024 09:08:20 GMT
last-modified
Thu, 23 Nov 2023 19:11:01 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
age
55432
x-amz-server-side-encryption
AES256
etag
W/"8022adab2b5aed2c1b168cd899d441ab"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
i4DM4pQ6SE6TVsd0sz_BvXtDkjXe6BsmWmf6DV0_9A3QGGgzcggIXA==
preview.css
cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/
1 KB
869 B
Stylesheet
General
Full URL
https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/preview.css
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
cad18b706008faddfa94afc494e7c2d796c388cc48ec1cf675c2f4a5806996c1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
3595412
content-encoding
br
server-timing
imagery;dur=38.446, imageryFetch;dur=37.839, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
b117cf7d-31c1-4fab-8949-ee66c8315e13
last-modified
Fri, 01 Dec 2023 23:35:31 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DvKFf1Sgbw7s8gVNmZi0kBuFdX8c97SyhnWu08IZIEUnEGjgKl%2B%2FFx1BsG%2Fo9EovGoboVQ1BCPY6ORQbPkoBIqu7bgZqLcwd8ef2xH2GrZs0xYP34lZEVokbeX13dcVlQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/preview.css>; rel="canonical"
cf-ray
84498a65df7f4bc9-BUF
integration.css
cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/
6 KB
2 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/integration.css
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
cb40782861a503fca696936063d00182c5ebdefc23cf900cb9e5d37a99abc0c9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
age
3595412
content-encoding
br
server-timing
imagery;dur=107.775, imageryFetch;dur=107.094, cfRequestDuration;dur=9.000063
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
11ab130c-21a8-46d6-b06a-822af4060534
last-modified
Fri, 01 Dec 2023 23:35:32 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UFv3nP7TH7z2Atb1OgQfdgSN41gauDIoZIuNJn9ls2DCPKywArf%2F2A1U48zb4bZRP6lnlu20twvWFa0kOs3WvZpRUdhm9Jzm94mWSV52FcYthWjsOTYHWi1NBUYeNs0dWg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/integration.css>; rel="canonical"
cf-ray
84498a660f984bc9-BUF
widget.css
cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/
17 KB
4 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/widget.css
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
f0ef454bf1c02a8d2dc1cb36262fa8f604144136b30b64cb18f5f0a34a9705d1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
3595412
content-encoding
br
server-timing
imagery;dur=30.161, imageryFetch;dur=29.100, cfRequestDuration;dur=9.000063
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
6e38d370-2966-4ebd-98bc-b0065f6fe7ea
last-modified
Fri, 01 Dec 2023 23:35:32 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YjcnUpavLBLqLQCHgxVRX8Gf%2BPZl3S6wzTNWbEgW8mmxQjT3FEtufu8hOrHkPB3DZH5dZ%2F0SZV6r6z5tJLFz4X34K18dxAeuwYvBmumpfc2qYF8qw%2BglN%2FOZF80b%2BmwqDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/widget.css>; rel="canonical"
cf-ray
84498a661fa64bc9-BUF
preview.js
cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/
5 KB
3 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/preview.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
128da0f90ad968619ede1396c3472d0e492d0acabdaf26734a174f8a1b4666e4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
103522
content-encoding
br
server-timing
imagery;dur=92.717, imageryFetch;dur=43.035, cfRequestDuration;dur=9.000063
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
961e5a53-689c-4af7-af79-af96e047b460
last-modified
Thu, 11 Jan 2024 19:33:45 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jj0aa7EWaOPfzVmrru2%2F2Y7p2QND0QlN3iNMy98zHuwLCQx5ubaB9Xpzy7wS8kmBTSdE6rla41dyoHE%2Fi%2FAPEkRoPMlZtA8amZmXtrwhU%2B5hb%2Bb2wLx0YFFsKMM%2BrTtkFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/preview.js>; rel="canonical"
cf-ray
84498a661fa84bc9-BUF
integration.js
cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/
35 KB
12 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/integration.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
61f802442e3515ba46f96553d900fa67234e7450d34ca71b220bb24656c5fa22
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
85780
content-encoding
br
server-timing
imagery;dur=51.082, imageryFetch;dur=49.502, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
f72ed0a3-e6d0-4f10-908c-84b6e6212fec
last-modified
Fri, 12 Jan 2024 00:16:34 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5d8xvDudhBTck9KoEoFlpbII1gZXph7ElaybecBIfy98d3QdBoKV8%2F5E7bmfIJivkFZaqct%2BMH8YJ0mHz6y1WRYU9o%2BN9sPO4Dtx3Mk7fvwPj%2BNYD96wiaYobDRcisjvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/integration.js>; rel="canonical"
cf-ray
84498a661fa94bc9-BUF
widget.js
cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/
121 KB
33 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/widget.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
8741f8720fb391b81c91989bc8cde382006d1e3c5f6adc828bfd65e66a8e75b4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
102432
content-encoding
br
server-timing
imagery;dur=42.393, imageryFetch;dur=42.108, cfRequestDuration;dur=9.000063
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
f43a80c8-0dee-4bc0-96a3-6a520ec7af3c
last-modified
Thu, 11 Jan 2024 20:00:54 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8N6F8dUWi4RHquJ8gq5k%2B%2Bjiat9EaV61xygutwuUgz2Zgvp1k4IUXYovgmAciytKOVtlI%2BQDWwNCMZtuH1ti7K5Gq5edabUtullELL5LgQlrsnIEO5tmd5OMA4LtZ7qe3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/widget.js>; rel="canonical"
cf-ray
84498a661faa4bc9-BUF
shopify-money.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
2 KB
1 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/shopify-money.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
f745008ddbb8b056afac6a1218db5194eeef63f47e8f29f7499bb46af6a8ca41
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
67512
content-encoding
br
server-timing
imagery;dur=21.600, imageryFetch;dur=20.873, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
ccc75f40-c786-43b6-9aeb-1ea74a77aff3
last-modified
Fri, 12 Jan 2024 05:40:55 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2BJXBAonrrVnSwkkeOBKlbYgbdUqlFq68SAVzU6ybvJ9CgmvBkbNjhupy4PKAfSfytryUnq0LL2BT6ipIZwRVLJSxPkWn9PaN5RhRixsDgdu3SdpDp6jervpcHt7hLGujA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/shopify-money.js>; rel="canonical"
cf-ray
84498a661fab4bc9-BUF
b08d9d536wbc499b5ep9e0ec6b9m18e2802am.js
heysara.com/cdn/wpm/
83 KB
30 KB
Script
General
Full URL
https://heysara.com/cdn/wpm/b08d9d536wbc499b5ep9e0ec6b9m18e2802am.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
c6f23178af2855926fb0a9a95ce2d657638270526b85b5ce26f6173af8851407
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
32472
content-encoding
br
server-timing
imagery;dur=31.821, imageryFetch;dur=31.510, cfRequestDuration;dur=13.000011
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
bef5f5e8-861b-461e-81c4-607c1501297b
last-modified
Fri, 12 Jan 2024 15:30:59 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8xxTXw5OU2BljLm2WzfL19%2F%2FAV141tQ9J%2BiWuYigpqk3D0WRqz3jW1V0WCDGPlsX3Udp2kbfej9NeMB3kKMlD9LHH6IzH6H8QCvw78EV8TQDZOCnvHdjBhBmYtn"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
84498a661c157293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/wpm/b08d9d536wbc499b5ep9e0ec6b9m18e2802am.js>; rel="canonical"
x-sorting-hat-podid
-1
trekkie.storefront.f2da2901761ed691d459433ada0e4d90e085713c.min.js
heysara.com/cdn/s/
116 KB
27 KB
Script
General
Full URL
https://heysara.com/cdn/s/trekkie.storefront.f2da2901761ed691d459433ada0e4d90e085713c.min.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
a0cc3360f9c8d2084b936b7f8c6bb5612224363ec8a29f5b8519581eef66992c
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
age
91927
content-encoding
br
server-timing
imagery;dur=28.453, imageryFetch;dur=28.161, cfRequestDuration;dur=8.999825
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
aa578518-fe7d-43ee-8382-4885c785821a
last-modified
Thu, 11 Jan 2024 23:00:04 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U0o8z04n902u%2FtBGmAsCmfoQnfgvtGcori2eCKcNG04cObNwaMGXr0nbxFIH8XnG2eA%2Bvf3xW%2FoYvVsARBRt4h6X8SBCHyiXhwGCst9tGm8jY%2BlCQO8GF%2BKTPlxE"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000
cf-ray
84498a661c167293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/s/trekkie.storefront.f2da2901761ed691d459433ada0e4d90e085713c.min.js>; rel="canonical"
x-sorting-hat-podid
-1
shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
heysara.com/cdn/shopifycloud/shopify/assets/
8 KB
4 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
86691
content-encoding
br
server-timing
imagery;dur=27.465, imageryFetch;dur=26.672, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
aa43250b-0c05-4ba4-a8e4-8ed70863c7a4
last-modified
Fri, 12 Jan 2024 00:27:20 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AsbhSGDkQo%2BpX%2B9qaQMoBb2BY8YFe7x91IO9ud0%2B9fy9Hwc4pklaURW0NJndD%2Fon6MdFTuVvWHuKtCNgoeKB%2F%2BdNO%2FDKaZvODj8fhwUVh98qUmdi%2BfYQZ0OwjTj7"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
cf-ray
84498a661c177293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js>; rel="canonical"
x-sorting-hat-podid
-1
shopify-boomerang-1.0.0.min.js
heysara.com/cdn/shopifycloud/boomerang/
58 KB
19 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
3d4f19e27ee9a32aa646c33e89666ff5b295cfd9d96cb4a983edb4ae3c011dbd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
98893
content-encoding
br
server-timing
imagery;dur=22.033, imageryFetch;dur=21.781, cfRequestDuration;dur=9.000063
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
8f571782-b99e-4384-9fd9-6b888efeacb7
last-modified
Thu, 11 Jan 2024 21:03:58 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kp4sFVVKRNqEJw%2FRMQtpaVYVvNRPEf2ABt%2FD%2BEfrysLZ%2FVjnUIrdep%2Fn3E3VuobV0eM1Na8ERNR3wsFuvUBXa5eVahXwf8e0CMPbKLH1PjzOYZg9VWuS9P%2BljKt2"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=3600, must-revalidate
cf-ray
84498a661c047293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js>; rel="canonical"
x-sorting-hat-podid
-1
lato_n4.c86cddcf8b15d564761aaa71b6201ea326f3648b.woff2
heysara.com/cdn/fonts/lato/
41 KB
42 KB
Font
General
Full URL
https://heysara.com/cdn/fonts/lato/lato_n4.c86cddcf8b15d564761aaa71b6201ea326f3648b.woff2?h1=aGV5c2FyYS5jb20&h2=aGV5c2FyYS5hdQ&h3=aGV5c2FyYS5jby5ueg&h4=aGV5c2FyYS5hY2NvdW50Lm15c2hvcGlmeS5jb20&h5=aGV5c2FyYS5jby51aw&h6=YWNjb3VudC5oZXlzYXJhLmNvbQ&hmac=33372ebea9ee0524f87c79d224c125f544088fb9dde34c4ab7c9a22e1c7e29aa
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
575c97668d79c41ce6dbc1bf6d1c7fa0c5920725a1cd691aa5e11410f892f18b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
2015348
server-timing
imagery;dur=35.840, imageryFetch;dur=35.519, cfRequestDuration;dur=7.999897, cfRequestDuration;dur=19.000053
alt-svc
h3=":443"; ma=86400
content-length
42156
x-xss-protection
1; mode=block
x-request-id
03603ca6-4ed2-4ab7-a27b-b91678837619
last-modified
Wed, 29 Nov 2023 09:50:19 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QLuEnuEAaks8J8FJ8Ck4QW8L4VigYrNsCNnR69Ceobwh%2BcPadG5gUKyeGdW5U406x5XOw8ts07NHbV1JaVe4PXv2c7h2hFetCWzJq1WZZWBNVbhvZbWrA5QqKj4E"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
cf-ray
84498a662c1a7293-EWR
timing-allow-origin
*
lato_n6.8f129fde40f203553b1c63523c8c34e59550404e.woff2
heysara.com/cdn/fonts/lato/
41 KB
42 KB
Font
General
Full URL
https://heysara.com/cdn/fonts/lato/lato_n6.8f129fde40f203553b1c63523c8c34e59550404e.woff2?h1=aGV5c2FyYS5jb20&h2=aGV5c2FyYS5hdQ&h3=aGV5c2FyYS5jby5ueg&h4=aGV5c2FyYS5hY2NvdW50Lm15c2hvcGlmeS5jb20&h5=aGV5c2FyYS5jby51aw&h6=YWNjb3VudC5oZXlzYXJhLmNvbQ&hmac=d588b148a195ac76deab60340b720e1b7e62f9708e1c5db76be50f5f7688f77c
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
7377f22fc16de5a4b202a5c3ce05693f4f35e665e846d9e258e23a57a5637497
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
1306694
server-timing
imagery;dur=50.261, imageryFetch;dur=49.946, cfRequestDuration;dur=7.999897, cfRequestDuration;dur=23.000002
alt-svc
h3=":443"; ma=86400
content-length
42472
x-xss-protection
1; mode=block
x-request-id
734b74fa-42f6-4d92-b72e-155ef3b1a0b6
last-modified
Tue, 28 Nov 2023 10:27:31 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y2dx452X%2B%2Bs10DI18FMmeUUDNa5LIAVyhPL5xPAWSt1kvy6aVAj2POSQ2ni%2FdiNVYyEnmJxqC%2FBfp8NqQJJxqMOA6UQVL9kJRiq0NY6nTKEyZYZg%2BlShDeO2ypwK"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
cf-ray
84498a662c1b7293-EWR
timing-allow-origin
*
collect
analytics.google.com/g/
0
251 B
Ping
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-4G9MT42V3K&gtm=45je41a0v878782411&_p=1705105931046&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=941611164.1705105931&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1705105931&sct=1&seg=0&dl=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&dt=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=875
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4G9MT42V3K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:32:11 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heysara.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
251 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4G9MT42V3K&cid=941611164.1705105931&gtm=45je41a0v878782411&aip=1&dma=0&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4G9MT42V3K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:32:11 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heysara.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
en-us
heysara.com/wpm@08d9d536wbc499b5ep9e0ec6b9m18e2802a/web-pixel-shopify-custom-pixel@0570/sandbox/modern/ Frame 9945
40 KB
17 KB
Document
General
Full URL
https://heysara.com/wpm@08d9d536wbc499b5ep9e0ec6b9m18e2802a/web-pixel-shopify-custom-pixel@0570/sandbox/modern/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/wpm/b08d9d536wbc499b5ep9e0ec6b9m18e2802am.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
1694d4521c5cb4bccdf79e4b577a8e83c556c6e3fdb87ccb7ba97bcd676ca382
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000, public
cf-cache-status
MISS
cf-ray
84498a685e227293-EWR
content-encoding
br
content-language
en
content-security-policy
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Sat, 13 Jan 2024 00:32:11 GMT
etag
W/"cacheable:cb72c4504061a1067f31e0bc99a497b6"
link
<https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vrzOX53Ur1gSFlzz%2BE9oas8il7SzYX0Z%2FZ1hzFQPIHAKWfKY6purcVHy9UoeNH49B7%2Bc5OHsTr08ccyxVg2qE4HZab2HKRXRCEuC8NKsRaQwVTUMq%2Bsdtd0q5i33"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=14, db;dur=4, asn;desc="20278", edge;desc="EWR", country;desc="US", theme;desc="138370285815", servedBy;desc="p2zm", requestID;desc="93552b60-578f-4290-93df-3638f9157bed" cfRequestDuration;dur=55.999994
strict-transport-security
max-age=7889238
vary
Accept, Accept-Encoding
x-cache
miss
x-content-type-options
nosniff
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
93552b60-578f-4290-93df-3638f9157bed
x-robots-tag
noindex, nofollow
x-shardid
246
x-shopid
26376386
x-shopify-stage
production
x-sorting-hat-podid
246
x-sorting-hat-shopid
26376386
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block
produce_batch
heysara.com/.well-known/shopify/monorail/unstable/
0
716 B
Ping
General
Full URL
https://heysara.com/.well-known/shopify/monorail/unstable/produce_batch
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/s/trekkie.storefront.f2da2901761ed691d459433ada0e4d90e085713c.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing
cfRequestDuration;dur=39.999962
alt-svc
h3=":443"; ma=86400
content-length
0
x-request-id
1dd771bb-98ce-4ee9-8a0e-5b8dc161be59
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ik17uwdCMDdG2929%2BlBHwEyH4cMclqd67CHelqyg524qWruc0ZWDcysNl2Tk8PyXiHTn%2FhNGstUPasQLzNgcylavmQF6BoZ0foiylD%2Fgo6BQuuZkZh13aDvrLX3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
cf-ray
84498a687e627293-EWR
worker.modern.js
heysara.com/wpm@08d9d536wbc499b5ep9e0ec6b9m18e2802a/web-pixel-shopify-app-pixel@0570/sandbox/
40 KB
17 KB
Other
General
Full URL
https://heysara.com/wpm@08d9d536wbc499b5ep9e0ec6b9m18e2802a/web-pixel-shopify-app-pixel@0570/sandbox/worker.modern.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
b1c58838c003354dfd13fe34f60d24b2bc8cbc3fd27e25fcd0de16a2230801be
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests;
content-encoding
br
x-permitted-cross-domain-policies
none
server-timing
processing;dur=13, db;dur=4, asn;desc="20278", edge;desc="EWR", country;desc="US", servedBy;desc="v5mg", requestID;desc="deac6917-b231-449c-b603-f3dc35c042cb", cfRequestDuration;dur=60.999870
x-sorting-hat-shopid
26376386
x-shardid
246
x-storefront-renderer-rendered
1
etag
W/"cacheable:5892f1b93699fb4b96c0af393e8e072b"
x-shopid
26376386
x-frame-options
SAMEORIGIN
vary
Accept, Accept-Encoding
content-type
text/javascript; charset=utf-8
content-language
en
cache-control
max-age=31536000, public
x-robots-tag
noindex, nofollow
date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=7889238
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
x-cache
miss
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
deac6917-b231-449c-b603-f3dc35c042cb
x-shopify-stage
production
server
cloudflare
x-download-options
noopen
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RufnDex6CE3gh2xzfJKiER3go%2BKlxBH9dUFkAChCjSAGHK2AjsZ7g5inOIjAlkDGMHPvwB94YPlnV59jbW2acTLALan5zCAb5gI%2BsqW6CKUdFVmVbjpE17NPgqv8"}],"group":"cf-nel","max_age":604800}
cf-ray
84498a688e667293-EWR
x-sorting-hat-podid
246
fbevents.js
connect.facebook.net/en_US/
212 KB
57 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/s/trekkie.storefront.f2da2901761ed691d459433ada0e4d90e085713c.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0c9cc88c27618b01e95063377382195b9062bdbef5eb1687e5881d3f318dbe63
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 13 Jan 2024 00:32:11 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
56915
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
5+iX0mGHvu45M4mm8C4CK9IpkqDgKFEhL1BgKijpqJgVTA46/kfrNkyAjtSc1W4MCtgWN6z9MAIo4pRW4mMuFw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
produce_batch
heysara.com/.well-known/shopify/monorail/unstable/
0
717 B
Ping
General
Full URL
https://heysara.com/.well-known/shopify/monorail/unstable/produce_batch
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/s/trekkie.storefront.f2da2901761ed691d459433ada0e4d90e085713c.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing
cfRequestDuration;dur=39.999962
alt-svc
h3=":443"; ma=86400
content-length
0
x-request-id
21be7552-da60-40e8-b6dd-01303e7f6fc0
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dAbaFstXTcGdyO5YQyvVS8B9UscymhxXVqmmT0KE0F%2BU4NrjtS4DWBnVhKMRBr4hXreHfEKEI0H%2BsSK917yN0xjA9o8BBPyztpt6m%2BncoBd8kqS99cf0tRI84jkO"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
cf-ray
84498a68cec37293-EWR
destination
www.googletagmanager.com/gtag/
213 KB
75 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-770484391&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4G9MT42V3K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d8a46ddd68fb485d20928c75ed5d1bf4191067ae0bcb5fb16b3c24fbff227137
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
77034
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 13 Jan 2024 00:32:11 GMT
destination
www.googletagmanager.com/gtag/
205 KB
75 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=MC-552J7BXGFG&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4G9MT42V3K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
374218623e38465576551f37ea3e146eb668b2ce0c97c6d4505e9d01642a7262
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76204
x-xss-protection
0
last-modified
Sat, 13 Jan 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 13 Jan 2024 00:32:11 GMT
produce_batch
heysara.com/.well-known/shopify/monorail/unstable/
0
718 B
Ping
General
Full URL
https://heysara.com/.well-known/shopify/monorail/unstable/produce_batch
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/s/trekkie.storefront.f2da2901761ed691d459433ada0e4d90e085713c.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing
cfRequestDuration;dur=49.000025
alt-svc
h3=":443"; ma=86400
content-length
0
x-request-id
0dfd121a-0e34-4882-8c37-ee0ad1eac9ed
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xW4XIjhWuJjgD%2Ffe9Jjb2plGyZzCJ3zzT73tfUlzRNQJl54iVcPxy7dHwwUIpL2yUeTx%2FDIz95ph3H74T8T3HXSWJfnvl80pzOgLH%2FdBcdyjCCqc6gwlpwi1B65x"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
cf-ray
84498a68ded07293-EWR
produce_batch
heysara.com/.well-known/shopify/monorail/unstable/
0
718 B
Ping
General
Full URL
https://heysara.com/.well-known/shopify/monorail/unstable/produce_batch
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/s/trekkie.storefront.f2da2901761ed691d459433ada0e4d90e085713c.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing
cfRequestDuration;dur=48.000097
alt-svc
h3=":443"; ma=86400
content-length
0
x-request-id
648dbe9b-a880-4f04-87da-a4cbe762efd6
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uaPjgpNjLatwFzcbJQhGN%2FR1UAJuJHPRt95K1wXaPyjPTPw2rVZNiC699DE5i%2BgFOQv3PJeMwyHPiVQGG4DDnxRQC2IKufRm%2F9VoXhlpODuuNVgwRiUc5C5TeYP1"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
cf-ray
84498a68ded27293-EWR
core.js
cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/
106 KB
32 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/core.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
88c4b57a5d8771a5989218965dc7546315cd6ea6b93a6a48f006dbe12caf4d2e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
age
86757
content-encoding
br
server-timing
imagery;dur=63.434, imageryFetch;dur=63.163, cfRequestDuration;dur=15.000105
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
b4215d62-2b94-4211-be3e-db1fdb1c256e
last-modified
Fri, 12 Jan 2024 00:26:07 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=93TU0KbF29X44TBHruoMjSLrPxqbSA9m0i3wW1qZ6Q%2BSgiIt6lOd0hUyDAxma9pTg%2Bm0bcybgLm%2BHGe9jzm7s9aDdjhH%2BK03Rd6p2JwUu8s36juMe%2F6eUgiMpHifffbAFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/307cd3d8-b796-4f6d-be1b-497400073c12/stackable-discounts-8/assets/core.js>; rel="canonical"
cf-ray
84498a68cee436c7-YYZ
fender_analytics.33e7747a91c6d52a9f2d.js
static-tracking.klaviyo.com/onsite/js/
31 KB
12 KB
Script
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/fender_analytics.33e7747a91c6d52a9f2d.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c77b8fd8b8781b1f2b9766384402c12959ad34af4b2d273ae116306cb406435f

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
bl0K4tnmVg0dDCt8copjPS1gu9g_yYix
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
R2V0D6EMDSY2XKPX
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
12003
x-amz-id-2
JqKeHAcbXK4nWJIRbzVRszmRjWoQlZga5+XkOpudetyuCiPNNfNPIXmX6DiLtuXpZYlPheTIFsc=
x-served-by
cache-lga21946-LGA, cache-yyz4531-YYZ
last-modified
Thu, 04 Jan 2024 15:44:39 GMT
server
AmazonS3
etag
"fc1b287b521ef4879922db1574d338b3"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
460d940aa04171f1de774e129790e756e5e40be9
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
1, 3683
static.500134348b1f0969ffe3.js
static-tracking.klaviyo.com/onsite/js/
2 KB
2 KB
Script
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/static.500134348b1f0969ffe3.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1ba49e8383e2329fe4f6e2a33172420fefd5bee26ce915cef9315f5b09c54cf8

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
a.8vL6w09uHoOx__c8l8Rss._YtP0zbq
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
AS5HKYSNDWHFWQPJ
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
985
x-amz-id-2
lb2mEKN6as878KkhLA8/+6rSwe2GSwSFSq6iDg+a3Gf6YOkZB1bMgWyDkQdIjlUEPhfTP4+Fl00=
x-served-by
cache-lga21976-LGA, cache-yyz4531-YYZ
last-modified
Mon, 06 Nov 2023 18:18:30 GMT
server
AmazonS3
etag
"64de10774c3382fe4adddab07ea17f0d"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
a957c60a472df3e447f40628303353bdd959aba8
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
407, 3757
runtime.8993a4cd21755a6d3c0f.js
static.klaviyo.com/onsite/js/
20 KB
9 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/runtime.8993a4cd21755a6d3c0f.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4c776e666003f3fa8b5cb6f7bdd88485df13d31c88ab5a018ee26c684c53321c

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
Bxn9mBEL4bdLrafwm7llpqNekLh5RHSt
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
3GG4X8D411PASV6Z
age
5568
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
8360
x-amz-id-2
/7fIc1uWmN27t0DSLE+xQqGThTLKLwSyq/g1X1ttc8/m7vQ9rtJT7da1W0zAjE6YY5DuMHnG0rY=
x-served-by
cache-lga21923-LGA, cache-yyz4527-YYZ
last-modified
Fri, 12 Jan 2024 22:59:11 GMT
server
AmazonS3
etag
"97baf7cabcdebae1d9f1d84d7248b0c3"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
a7ef84b2b5f471f7e31ee67592c50007237a1bed
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
15, 4442
sharedUtils.8da1d1992c09fe24ec3e.js
static.klaviyo.com/onsite/js/
43 KB
17 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/sharedUtils.8da1d1992c09fe24ec3e.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f969eefe7e8afbed8fcc7d9105f161427e78f24abc5d1697ef7543ef73cbcb90

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
M9nB56jrE038YXxwCO_Wm_ZnBlyKDmxv
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
8B1MDHF2RY7WQPC1
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
16833
x-amz-id-2
jIAGLH3W614pH19hDCoXlpkeripzc4aAmYhH7unzjlTSpEqJKtcQQDCxOOboLcxVieVc9kSPXw+lSMoL6cryS6c6wShLcChb
x-served-by
cache-lga21933-LGA, cache-yyz4527-YYZ
last-modified
Mon, 08 Jan 2024 19:28:35 GMT
server
AmazonS3
etag
"a55c3b0569311b637b1612e6ad08063a"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
4d60e04cd9b74537d1484e8b01818148ab839774
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
10, 3927
vendors~signup_forms~atlas~apiReviews.21ff2b12ce3904ef5c48.js
static.klaviyo.com/onsite/js/
5 KB
2 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/vendors~signup_forms~atlas~apiReviews.21ff2b12ce3904ef5c48.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
703029dc1c274a796c85888ecbdfcf8de58c8b51f6acdfe75076a1f4aeb5a6a8

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
4mGEsMOaEUdD9zOegcuftpAknTOqufMU
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
M79RT20K2SSWG4G1
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
1779
x-amz-id-2
twvvoxp6wTmiLMp0M7aPAB3Cy4xafLQmzfLViMZHFkTCl2QeWyy7jDlgfMrGFiqpZSB4kjc+VtE=
x-served-by
cache-lga21980-LGA, cache-yyz4527-YYZ
last-modified
Fri, 05 Jan 2024 18:07:49 GMT
server
AmazonS3
etag
"5d15e55b3eb703cfddc5b8e04dda8665"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
6a7111fa1ecaa8ec83b4f321e1057fd204538434
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
3, 2924
vendors~signup_forms~atlas.04294b47e0ff827d4db0.js
static.klaviyo.com/onsite/js/
5 KB
2 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/vendors~signup_forms~atlas.04294b47e0ff827d4db0.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f412da5c91ad91ecdc63910bdfe08cc968ceae5e1d946bf4a1b493dc2508de98

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
qOCUCapL41eE0k7OluUI5iChXJpAUzq6
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
Y7NQRABADMFFJC8A
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
1994
x-amz-id-2
ySi1kbNwekXxQc0l0SBaVlDSzjpBmyUFDH2oOpHgmtr2u6ByhALyf28UwbU+G3vDCUDbJqIAN+w=
x-served-by
cache-lga21935-LGA, cache-yyz4527-YYZ
last-modified
Fri, 05 Jan 2024 18:07:45 GMT
server
AmazonS3
etag
"48a6935a1ccec664b0b23f6469504989"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
6a7111fa1ecaa8ec83b4f321e1057fd204538434
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
27, 2934
vendors~signup_forms.8d1bfd5eb9b15cf50941.js
static.klaviyo.com/onsite/js/
23 KB
9 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/vendors~signup_forms.8d1bfd5eb9b15cf50941.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
301351195462c1307b8d3a0c76e539fd96c34d3568dacdc35f2e15f8dc4f00f8

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
azlruYV8Sak2gq8YYXGflv.sllCLv_jJ
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
BSRPS1ZK997PGNKQ
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
8415
x-amz-id-2
XB81QjBi5/wdg+U71EeteAv6LF04M3C7GvtygmxsYO+SKyq8lj6mANYqagT/8u2A8/bZtFvQZa8=
x-served-by
cache-lga21941-LGA, cache-yyz4527-YYZ
last-modified
Fri, 05 Jan 2024 18:07:45 GMT
server
AmazonS3
etag
"965a7a04f11c2588fb64e43cf8ace9ae"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
6a7111fa1ecaa8ec83b4f321e1057fd204538434
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
27, 2921
signup_forms.915984df82f50e050e16.js
static.klaviyo.com/onsite/js/
39 KB
13 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/signup_forms.915984df82f50e050e16.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1cfca4d1dfdb790e7450a87995fe01ef2cdd0249adb43ef3623401b03022af38

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
ZSgveruBCl6fktM5F44Pztqiqh5L4l.Q
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
G9EH7DH6GM15HR82
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
13020
x-amz-id-2
OuUecLs9ksEvsUNvqaQQnq4IBWrKoGaxqWBMZPFp563B1+R7sYpOrjQ0NOwXELUKikrP8JrHf7w=
x-served-by
cache-lga13628-LGA, cache-yyz4527-YYZ
last-modified
Mon, 08 Jan 2024 19:28:35 GMT
server
AmazonS3
etag
"5ba1f33738f0769041999b7991efaa1a"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
4d60e04cd9b74537d1484e8b01818148ab839774
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
51, 2959
widget.min.css
cdn1.stamped.io/files/
105 KB
18 KB
Stylesheet
General
Full URL
https://cdn1.stamped.io/files/widget.min.css
Requested by
Host: cdn1.stamped.io
URL: https://cdn1.stamped.io/files/widget.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-127.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
621d3307d6abb417c3190b7116359afb5bc6e4523482803b3cd544dfc7f2f3f8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
PXVPfhYGgPUPIXHH4NYmY0in0DdLAlIg
content-encoding
gzip
via
1.1 9a7233ae68a3338294c89b1bf53bc426.cloudfront.net (CloudFront)
date
Fri, 12 Jan 2024 09:25:05 GMT
last-modified
Wed, 30 Aug 2023 18:53:44 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
age
54999
x-amz-server-side-encryption
AES256
etag
W/"d9b8def00576b61976ba25954bcd4115"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/css
x-amz-cf-id
p2XeN-YzPKk8RO34P9BY9asq9QnVUEYclQF23EHneez-IsOk0I2qmQ==
css
fonts.googleapis.com/
11 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600&display=swap
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cf76cabfdc048043b6faf3f43da299a2a481b234d5abde96a8e74c6673488122
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 13 Jan 2024 00:32:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 12 Jan 2024 23:26:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 13 Jan 2024 00:32:11 GMT
session
shop.app/pay/
18 B
2 KB
Fetch
General
Full URL
https://shop.app/pay/session?v=1&token=1c898208-1ba0-4639-9b58-89b8a8ded025&shop_id=26376386
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.33 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
checkout.shopify.com
Software
cloudflare /
Resource Hash
9b5179ea2a77fe69b294fbd2ed504eacbfbe048ede58967b43af2ca537144b1f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' https: data: https://cdn.shopify.com https://cdn.shopifycloud.com; child-src blob: merchant-feedback.shopify.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com v.shopify.com https://cdn.shopify.com https://cdn.shopifycloud.com https://www.google-analytics.com https://mpsnare.iesnare.com https://cdn1-sandbox.affirm.com https://checkout.shopifycs.com/dist/card_fields.js https://www.google.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' blob: cdn.shopify.com sdks.shopifycdn.com https://cdn.shopify.com https://cdn.shopifycloud.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com; media-src 'self' blob: data: cdn.shopify.com; img-src 'self' data: blob: https: cdn.shopify.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com; connect-src 'self' https: https://cdn.shopify.com https://cdn.shopifycloud.com https://sessions.bugsnag.com https://notify.bugsnag.com https://monorail-edge.shopifysvc.com https://www.google-analytics.com https://stats.g.doubleclick.net https://atlas.shopifysvc.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; upgrade-insecure-requests; frame-src 'self' https://app.mode.com https://www.youtube.com https://app.datadoghq.com https://*.shopifycs.com https://pay.shopify.com https://checkout.shopifycs.com https://www.affirm.com https://sandbox.affirm.com https://cdn1-sandbox.affirm.com https://www.google.com https://recaptcha.google.com https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors admin.shopify.com https: *.myshopify.com admin.shopify.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' https: data: https://cdn.shopify.com https://cdn.shopifycloud.com; child-src blob: merchant-feedback.shopify.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com v.shopify.com https://cdn.shopify.com https://cdn.shopifycloud.com https://www.google-analytics.com https://mpsnare.iesnare.com https://cdn1-sandbox.affirm.com https://checkout.shopifycs.com/dist/card_fields.js https://www.google.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' blob: cdn.shopify.com sdks.shopifycdn.com https://cdn.shopify.com https://cdn.shopifycloud.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com; media-src 'self' blob: data: cdn.shopify.com; img-src 'self' data: blob: https: cdn.shopify.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com; connect-src 'self' https: https://cdn.shopify.com https://cdn.shopifycloud.com https://sessions.bugsnag.com https://notify.bugsnag.com https://monorail-edge.shopifysvc.com https://www.google-analytics.com https://stats.g.doubleclick.net https://atlas.shopifysvc.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; upgrade-insecure-requests; frame-src 'self' https://app.mode.com https://www.youtube.com https://app.datadoghq.com https://*.shopifycs.com https://pay.shopify.com https://checkout.shopifycs.com https://www.affirm.com https://sandbox.affirm.com https://cdn1-sandbox.affirm.com https://www.google.com https://recaptcha.google.com https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors admin.shopify.com https: *.myshopify.com admin.shopify.com
x-permitted-cross-domain-policies
none
server-timing
cfRequestDuration;dur=62.000036
etag
W/"9b5179ea2a77fe69b294fbd2ed504eac"
vary
Accept, Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heysara.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-frame-options
DENY
x-robots-tag
noindex
date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
p3p
CP="Not used"
alt-svc
h3=":443"; ma=86400
content-length
18
x-xss-protection
1; mode=block
x-request-id
a8d6c919-5c76-495a-8054-451347639f6e
x-runtime
0.003341
server
cloudflare
x-download-options
noopen
access-control-max-age
7200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oYH6dAcTCsic2tKXtj%2FoG2VdnmrJnqW%2FCGswh2v8LgpVcP61FVCz7tU75JUYOXOao9Tvs2CDeA1MTlKwqREa0GkYyFcb1z36SERcjp248iVImEC1mI4%2FN7hF"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
84498a696b5b2d46-ORD
x-sorting-hat-podid
-1
dynamic-checkout-cart.en.js
heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/
90 KB
29 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/dynamic-checkout-cart.en.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/storefront/features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
f78a94e02249d233140142a1d45fd4ef8b3f6a468bf40a229c3cd5072b32cacc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
9
content-encoding
br
server-timing
imagery;dur=23.379, imageryFetch;dur=23.199, cfRequestDuration;dur=22.000074
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
e3aa31fb-937a-4d64-a1d6-fa41d51a31ff
last-modified
Sat, 13 Jan 2024 00:24:25 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kjeY%2FMYrvydzi47rdBXlpyBEfYDT%2Bpu0aQD59Lh0OUBLAjymgX%2FT3xmL4TJa80csQ8Iaj8tYF7TEFT3QFZrxYH4NwqoqhdOZ%2Bzs%2BKqJRXFyi0Oax70XuC7hzLpM8"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=300
cf-ray
84498a68ff0a7293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/payment-sheet/assets/latest/dynamic-checkout-cart.en.js>; rel="canonical"
x-sorting-hat-podid
-1
cart
heysara.com/en-us/
198 B
2 KB
Fetch
General
Full URL
https://heysara.com/en-us/cart?t=1705105931675&view=ajax
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
3865d48d09ae34306fa0eff6936023ada969ec0fc89cca9e3c520a5d5b5060f5
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=7889238
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
x-cache
miss
server-timing
processing;dur=51, db;dur=19, wasm, asn;desc="20278", edge;desc="EWR", country;desc="US", theme;desc="138370285815", pageType;desc="cart", servedBy;desc="sd2q", requestID;desc="a96ef3ab-e3a2-479a-8aaa-71011352e17c", cfRequestDuration;dur=88.999987
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
a96ef3ab-e3a2-479a-8aaa-71011352e17c
x-shardid
246
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
etag
W/"cacheable:f8f1c09bf14f5cf63d33ee5c93a146a4"
x-shopid
26376386
x-frame-options
DENY
vary
Accept
content-type
text/html; charset=utf-8
content-language
en
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djwd%2FXjDC4ZvBhWfgbIwZSP5vWeopPAebMbzaSyBK1c2Skfj2q%2BQeFNUGdp1AEWvRiqt0P%2FQDFxNdgzQcLBDqCEmWTlGKFKwCqRbF96Xm72HJv7Zo7sLSN1MsK1Q"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a691f217293-EWR
link
<https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin
x-sorting-hat-podid
246
2024_Jan_Spend_and_Save_Sale_copy_1600x.jpg
heysara.com/cdn/shop/files/
100 KB
101 KB
Image
General
Full URL
https://heysara.com/cdn/shop/files/2024_Jan_Spend_and_Save_Sale_copy_1600x.jpg?v=1704779035
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
2c7de2af41b2f0591f8f8f85c65737693f9f582cbf70b95740cc6856f034daa4
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
source-type
image/jpeg
server-timing
imagery;dur=275.466, imageryFetch;dur=93.874, imageryProcess;dur=180.044;desc="image", cfRequestDuration;dur=365.000010
source-length
142705
content-length
102774
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
a4d6348f-2b5b-46ef-a3be-647725968722
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:12 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KKDyHrjm33pgBtv0nBk0K%2BBs5ejiAXxArMkFhhoY4fuoOommR8d4cdWdG6Out2IJfl%2Bm2awboSb7r3yl%2FeYuOq77GFcjBQPKMNbbcIALyVIo5wuAvi4od7%2FfvPmf"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a692f547293-EWR
x-sorting-hat-podid
246
shop-new-876009_540x.jpg
heysara.com/cdn/shop/collections/
17 KB
18 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-new-876009_540x.jpg?v=1702864455
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
0dc5db9c258073a03f8c43efb74a5cf981e5635ccf05cd7b98e66a819ba05ab6
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
source-type
image/jpeg
server-timing
imagery;dur=229.718, imageryFetch;dur=129.354, imageryProcess;dur=98.546;desc="image", cfRequestDuration;dur=289.000034
source-length
62897
content-length
17222
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
9cde4c5e-638d-4e4d-9bb1-7ac436fc38e5
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:11 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lTbtSXxL7WGdmUBxviIdT1kFRvaT6P1PxwR8VlYOJ%2F%2BPzahkPxR4BmBtaZ6K%2BcIzmtsv1vqJqwUbBNLkX9uEJcUHZ2BLb8%2Bh9JDBICqv9pFf05yVSzo3fQAuy2Tr"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a692f577293-EWR
x-sorting-hat-podid
246
shop-sale-968355_540x.jpg
heysara.com/cdn/shop/collections/
37 KB
38 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-sale-968355_540x.jpg?v=1702864709
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
79f555b33f2cdb1b6732335c2798d0c55b0164dcba4d6b5e4fa3991eafd9b3b6
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
source-type
image/jpeg
server-timing
imagery;dur=191.609, imageryFetch;dur=99.873, imageryProcess;dur=89.962;desc="image", cfRequestDuration;dur=275.999784
source-length
108466
content-length
37734
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
bf06b347-be39-4794-a51b-b29494b85a7b
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:11 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rShAfKYh0FoQBdFvINumYKIC6qu8ard%2FquV35KlIindEXXNqp%2BxgZTP%2BTZIx0AnBpLeYCUTVBpLs3ejOAlC9lCCkEuW0Iz4Scp61SC6xuLmwlVkK1Nw%2FKKIzzZ7v"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a692f587293-EWR
x-sorting-hat-podid
246
shop-swimwear-578634_540x.jpg
heysara.com/cdn/shop/collections/
66 KB
67 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-swimwear-578634_540x.jpg?v=1693963689
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
a4b7865e82b27bef75430bc954f27be2f1af86815bd757012aa1c80bb5579658
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
source-type
image/jpeg
server-timing
imagery;dur=212.941, imageryFetch;dur=101.720, imageryProcess;dur=108.746;desc="image", cfRequestDuration;dur=378.999949
source-length
147084
content-length
67282
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
fd3042a8-3d08-43a5-b7ca-3ff474166e64
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:12 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tnM7SbwR2Tnu%2FSI%2FEZ%2B5jCAesUYzrtrpeRbsQ5aGUKSDd8MeE3kOkN15ZGG0tD6EzaotYDiSkkywrcYBVP6puaCK9dnGjwjmX0ReGQOjMMvpGbY7oXYM9A658SXz"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a692f597293-EWR
x-sorting-hat-podid
246
batch
stamped.io/api/widget/reviews/
48 KB
10 KB
XHR
General
Full URL
https://stamped.io/api/widget/reviews/batch
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.27.241.171 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-27-241-171.us-west-2.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
237e01337be5d11c7f1355c3665cfd680afb5f24db210942f039802e61ac69f9

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://heysara.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:32:12 GMT
content-encoding
gzip
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heysara.com
cache-control
no-cache
access-control-allow-credentials
true
stamped
S2
content-length
10320
expires
-1
batch
stamped.io/api/widget/reviews/ Frame
0
0
Preflight
General
Full URL
https://stamped.io/api/widget/reviews/batch
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.27.241.171 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-27-241-171.us-west-2.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-origin
https://heysara.com
access-control-max-age
300
cache-control
no-cache
content-length
0
date
Sat, 13 Jan 2024 00:32:11 GMT
expires
-1
pragma
no-cache
server
Microsoft-IIS/10.0
stamped
S2
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
shop
admin.stkbl.app/api/
2 KB
2 KB
Fetch
General
Full URL
https://admin.stkbl.app/api/shop?shop=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:8833 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d9934f57548f7be25b7971028a74f16ecef5c2be2c4c81ac6f3991ad85eda11
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://heysara.myshopify.com https://admin.shopify.com;

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
frame-ancestors https://heysara.myshopify.com https://admin.shopify.com;
via
2 fly.io
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
fly-request-id
01HM03QFM5CNHJR7JM08SZYGA7-lga
server
cloudflare
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QVqCRaDwCI%2FxY5Nso4lGEUCdFHGPK1XM9S7T7%2Bk%2BlqGyeZDpkC94Mgi6OekW6mvEjwtmtGim6lmb2AYhkNjfktJFiykVs0ztEIyTm82e%2FAaoCZC3FvEASvSsmhSolss%2B5AQZyqV%2BKxntICvxnMg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heysara.com
cache-control
private, max-age=60
access-control-allow-credentials
true
cf-ray
84498a6a3f8a4bc1-BUF
onsite
fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/
43 B
594 B
XHR
General
Full URL
https://fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/onsite?company_id=Hcz7BQ
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
53a85651866852f33fcaf1ee1eff6e5002e8dfe32e4dd49187007b3a7c1367ea
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; base-uri 'none'; report-uri /csp/
Strict-Transport-Security max-age=900

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; base-uri 'none'; report-uri /csp/
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=900
age
745008
x-cache
HIT, MISS
content-length
43
x-served-by
cache-bos4678-BOS, cache-yyz4566-YYZ
server
nginx
allow
GET, HEAD, OPTIONS
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
content-type
application/json; charset=utf-8
cache-control
max-age=10
access-control-allow-credentials
true
vary
Cookie
accept-ranges
bytes
access-control-allow-headers
x-cache-hits
176, 0
full-forms
static-forms.klaviyo.com/forms/api/v7/Hcz7BQ/
19 KB
4 KB
XHR
General
Full URL
https://static-forms.klaviyo.com/forms/api/v7/Hcz7BQ/full-forms
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3b82b73bbc8599263e553b56ea25f01775f601fcfc80cdeb84eec0170d10f48d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
gKs3nUgisWHIvhfg090ti.Avoc_pOOOh
content-encoding
gzip
via
1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
E9Q30ZATP3TNNE29
age
183968
x-amz-server-side-encryption
AES256
x-cache
HIT
client-geo-continent
NA
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
full-forms/shared full-forms/Hcz7BQ custom-fonts/Hcz7BQ
content-length
2999
x-amz-id-2
LHdeK9aYc4D36h6TVBbbRnOi0/KxoEeNdu6xO208ATj/ghxNDlF1nDqFaI3qunBojSl1MjhN9fg=
x-served-by
cache-yyz4576-YYZ
client-geo-country
US
last-modified
Wed, 10 Jan 2024 16:34:09 GMT
server
AmazonS3
x-timer
S1705105932.869181,VS0,VE2
etag
"9e6f40df278d5aca992fc384a777716a"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
client-geo-continent, client-geo-country
cache-control
max-age=5
accept-ranges
bytes
x-cache-hits
1
consent-tracking-api.js
heysara.com/cdn/shopifycloud/consent-tracking-api/v0.1/
15 KB
6 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/storefront/load_feature-87876fa245af19cbd14aa886ed59c6aa8a27c45d24dcd7a81cf2d2323506233e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
ef5695392329615991aef82ee880b52c17e6dd36d875c34000975d796a602815
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
58
content-encoding
br
server-timing
imagery;dur=183.374, imageryFetch;dur=29.817, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
6e6d3228-05a1-41d5-bc98-03f320898dea
last-modified
Sat, 13 Jan 2024 00:06:46 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EeL2LTgmaAnmAjDOldW1Y6fndj%2FulLEfBvlhLbR8UyY7MHKZS%2BT6FxUx2jIdLbUB%2B1JIXP4I9IFEUukIsLQzywa9PYgyxU7c0mmcbyK7iAB3Ehp0EXpcj55vNlmh"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
cf-ray
84498a69c80a7293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js>; rel="canonical"
x-sorting-hat-podid
-1
da8ea57857b3d34e1bf7.dcc-698.en.js
heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/
148 KB
39 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/da8ea57857b3d34e1bf7.dcc-698.en.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/dynamic-checkout-cart.en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
0cb9841024e77821b0f801d154a8817b891dbd33ebe69c63519a6647a3d64882
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
96667
content-encoding
br
server-timing
imagery;dur=33.040, imageryFetch;dur=32.792, cfRequestDuration;dur=19.999981
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
48d72bf0-ab2f-44e8-9a6d-962fdd167a8a
last-modified
Thu, 11 Jan 2024 21:41:04 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=39iPry7mlswfkypDwvRA%2BCwwNCy39sKlr5Qh432npc9WLaCUiNB1JFN%2BCT9b7bFXo%2BiOD8detL3gnRMuVup32lSDY%2FMScyRw8vkK7HE67Barsfqqir0UPTnQgyZv"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
84498a69d8197293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/payment-sheet/assets/latest/da8ea57857b3d34e1bf7.dcc-698.en.js>; rel="canonical"
x-sorting-hat-podid
-1
4dfc8c655a497aea24aa.dcc-680.en.js
heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/
3 KB
2 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/4dfc8c655a497aea24aa.dcc-680.en.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/dynamic-checkout-cart.en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
e40ca2741212941a62daa83526c876ce9b9ed0741015430135d0e5570f45f08d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
91678
content-encoding
br
server-timing
imagery;dur=51.321, imageryFetch;dur=50.865, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
c9ddb24f-02fc-4f00-8353-21a517bcb285
last-modified
Thu, 11 Jan 2024 23:04:12 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xzh0PrsPayHRiEb02t90mi5mR%2FL0J33WHECwxwCvRtkXMumStacox20LTV9sKZfhvkrZ6ciMgWyMLpffFXcx0modKP%2BtLQIl94W16TWydGY1liMwin5Tf5nA06Y"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
84498a69d81a7293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/payment-sheet/assets/latest/4dfc8c655a497aea24aa.dcc-680.en.js>; rel="canonical"
x-sorting-hat-podid
-1
739886b0a8cd8920c980.dcc-340.en.js
heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/
81 KB
27 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/739886b0a8cd8920c980.dcc-340.en.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/dynamic-checkout-cart.en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
b7f6cfe8743b60590da514bbdc9c15d93646ba5a532339f95421d8cc8b09d2de
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
5528
content-encoding
br
server-timing
imagery;dur=74.395, imageryFetch;dur=74.137, cfRequestDuration;dur=9.999990
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
2441e062-740d-4d3e-895a-79e7fdd4a738
last-modified
Fri, 12 Jan 2024 00:04:51 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKzf1O3SEdYuRhaBgh1rcBeJyWx6lRXjh5xu9tZVucBeA8%2FRbVMSThXE7ZsRjFCOUEhK74gh9hJxbcoSPVIZCwicjxQ1leqmkhKyDvOAdGXGuX%2BxsAVDSgfq%2F415"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
84498a69d81b7293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/payment-sheet/assets/latest/739886b0a8cd8920c980.dcc-340.en.js>; rel="canonical"
x-sorting-hat-podid
-1
5630056d9b71d991d900.dcc-102.en.js
heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/
173 KB
40 KB
Script
General
Full URL
https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/5630056d9b71d991d900.dcc-102.en.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/dynamic-checkout-cart.en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
dcafbf41a38ad766176ef8ca08c8f59caf67029a2333231ad575f032cbb3461d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
97064
content-encoding
br
server-timing
imagery;dur=28.115, imageryFetch;dur=27.869, cfRequestDuration;dur=17.999887
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
baeadd0d-0366-4702-9f6e-149fab9c19f2
last-modified
Thu, 11 Jan 2024 21:34:27 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ukEMtmBs8KZWQKVQE5lLl5T1iNzJFSdkm8nRlCS7eDRhtN5hyGZuhqWYbsu%2FUJkr2SAEgulm9wWQPfGcJjoXbaY7j7b2VqkGyMWXGYGZofIfmMYEzt4lWCvlLP3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
84498a69d81d7293-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/payment-sheet/assets/latest/5630056d9b71d991d900.dcc-102.en.js>; rel="canonical"
x-sorting-hat-podid
-1
529492020749039
connect.facebook.net/signals/config/
133 KB
35 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/529492020749039?v=2.9.140&r=stable&domain=heysara.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ba9ba2111c07925315fb4a530701796cd9351ed7aa39a6a892b8f9d8778e47f0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 13 Jan 2024 00:32:11 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
RrBGQrY2BDfG2Q6LFpORnrMjBHD4qHLRk/ZT+yaBb4i+SdLgcKnFg0tKR/8l1OfQEm8LDQ1cBstJ4+n4U3wi8w==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/770484391/
3 KB
2 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/770484391/?random=1705105931831&cv=11&fst=1705105931831&bg=ffffff&guid=ON&async=1&gtm=45be41a0v898710151&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&label=hre4CILk7M8CEKfRsu8C&tiba=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&hn=www.googleadservices.com&frm=0&gtm_ee=1&auid=1637094968.1705105932&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fen-us&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-770484391&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.13.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul03s05-in-f2.1e100.net
Software
cafe /
Resource Hash
4ff60f6967d877037d0372072df37519155a5560c28222f8f35f492592c2ba13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:32:11 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1643
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.merchant-center-analytics.goog/mc/
0
251 B
Ping
General
Full URL
https://www.merchant-center-analytics.goog/mc/collect?v=2&tid=MC-552J7BXGFG&gtm=45ve41a0v9121445558&_p=1705105931046&gcd=11l1l1l1l1&dma=0&cid=941611164.1705105931&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dp=%2Fen-us&dt=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&dl=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&sid=1705105931&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1457
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=MC-552J7BXGFG&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:32:11 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heysara.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
config
heysara.com/payments/
4 KB
3 KB
Fetch
General
Full URL
https://heysara.com/payments/config?currency=USD&country=US
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
00f401a0936ec90f8c5ad24db4895d125392c68558117c5942e3f26e01bf269f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=payments%2Fconfigs&source%5Bsection%5D=checkout&source%5Buuid%5D=19a84770-a1a4-4190-bd3d-b70d31efdf8b
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=show&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=payments%2Fconfigs&source%5Bsection%5D=checkout&source%5Buuid%5D=19a84770-a1a4-4190-bd3d-b70d31efdf8b

Request headers

Accept
application/json
x-shopify-api-version
2018-02-15
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
X-Shopify-Wallets-Caller
costanza
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=7889238
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=payments%2Fconfigs&source%5Bsection%5D=checkout&source%5Buuid%5D=19a84770-a1a4-4190-bd3d-b70d31efdf8b
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-central1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
x-envoy-upstream-service-time
113
server-timing
processing;dur=111, cfRequestDuration;dur=167.000055
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block; report=/xss-report?source%5Baction%5D=show&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=payments%2Fconfigs&source%5Bsection%5D=checkout&source%5Buuid%5D=19a84770-a1a4-4190-bd3d-b70d31efdf8b
x-sorting-hat-shopid
26376386
x-request-id
19a84770-a1a4-4190-bd3d-b70d31efdf8b
x-shardid
246
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ureaV1O5HCG6SKgWowpBX6PaoOHddI4L8xges4xz90Fj0WIrlS4cu31VUcDcW3GYW8551Ho2te0pFierSir2%2FPM9O8QTcUPMJatQzfbKuHxHLIb1dOmsTwCiutsu"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cache-control
max-age=300, private
cf-ray
84498a6ac92e7293-EWR
x-sorting-hat-podid
246
shop-mini-dresses-926959_540x.jpg
heysara.com/cdn/shop/collections/
20 KB
20 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-mini-dresses-926959_540x.jpg?v=1702861282
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
0b416c75340c907037801e3374e62d31d1123c29f0888da68929d33fdc024669
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
source-type
image/jpeg
server-timing
imagery;dur=207.095, imageryFetch;dur=110.572, imageryProcess;dur=93.798;desc="image", cfRequestDuration;dur=33.999920
source-length
599223
content-length
20088
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
3254f59a-9286-44f6-bfb0-5710c48a34a2
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 12 Jan 2024 09:49:05 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjHJNN4a2PZ8bRULv3ibm0fKu9nzPn6g8TWZNwLQnQYoqaGbg6dEI%2F%2BvRNmxwRnqeyc9sIvY5sJUeJ%2FnLLQGsjlvO%2BHybmM%2BLo%2BLz1LAqyK5xmO0OA39jXG%2Bvakn"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a6ad93a7293-EWR
x-sorting-hat-podid
246
shop-midi-dresses-433349_540x.jpg
heysara.com/cdn/shop/collections/
17 KB
18 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-midi-dresses-433349_540x.jpg?v=1702861673
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
cbc32c0e90c5fb637667b433d2835594c081d98decb4e4b2b3481b47e662a732
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
source-type
image/jpeg
server-timing
imagery;dur=209.910, imageryFetch;dur=110.793, imageryProcess;dur=97.573;desc="image", cfRequestDuration;dur=293.999910
source-length
66369
content-length
17314
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
ad9d7cfd-654c-445c-93b9-0d548371decd
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:12 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DnhS50RHJCDcNMRF05ghSPYz2FCE4vzUNpuTgMMYSAwocxc7dE1o41Z5DopFrIqloFiYQdViqjuQX%2FJJmNYjXOkQD7ZAUG%2FP0jEO3E83mpksiIB3y48TbM%2FCLTsZ"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a6ad93c7293-EWR
x-sorting-hat-podid
246
shop-maxi-dresses-828804_540x.jpg
heysara.com/cdn/shop/collections/
34 KB
35 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-maxi-dresses-828804_540x.jpg?v=1702862220
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
f0b85b6482436d2aa9fb9f57333e33ac45d4af776fed2b7d889a3da355701bd8
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
source-type
image/jpeg
server-timing
imagery;dur=214.387, imageryFetch;dur=92.641, imageryProcess;dur=119.410;desc="image", cfRequestDuration;dur=297.000170
source-length
90180
content-length
34530
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
af11784e-043b-4fbc-88ba-ded12c5d0311
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:12 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVyNOYOg9nmw20skkA7QVHEk0xwuc0IkjC4LFzTw0LirSfitHcLoJe8NPKTzgUKGg9eGboaNRGaonBlbwwwYZymIY1JtV9C0YiwXF6CdOckevDp%2B0AKSJVreadHs"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a6ad93e7293-EWR
x-sorting-hat-podid
246
vendors~atlas~ClientStore~renderReviewsWidgets.18bd4076289f092e4f0a.js
static-tracking.klaviyo.com/onsite/js/
22 KB
8 KB
Script
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/vendors~atlas~ClientStore~renderReviewsWidgets.18bd4076289f092e4f0a.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.8993a4cd21755a6d3c0f.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
87c14f094253cb7538e516d55c2a6980ff86e4d20f9edb04595724362e3ef2ed

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
BMpdGjlBobpuu99gwxmo_HJrgns3urTE
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
ZEQJ1K4HEFCC1CPV
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
7956
x-amz-id-2
12gT8eRplQIa+8NMxaBGZCjmNsZPjSexCBTP3IUCW/K1Th2irqo4r3ujWBxqTRldIgB/fvB3vL0=
x-served-by
cache-lga21967-LGA, cache-yyz4531-YYZ
last-modified
Thu, 21 Dec 2023 18:06:29 GMT
server
AmazonS3
etag
"d4f581b93f2fb8d5f237b9ef431a9bfe"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
ff6d064bbc8fea5f6d5e1119a80ab4bd6fca3714
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
13, 589
ClientStore.ced16b29b16d05ae2557.js
static-tracking.klaviyo.com/onsite/js/
62 KB
19 KB
Script
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/ClientStore.ced16b29b16d05ae2557.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.8993a4cd21755a6d3c0f.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
eac98f4a9ee84748d3aaa698881da1fe28b318689853c6491d4e8c563bdd829d

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
K4_2zh6a..5Up3D1SmIyKNXqDv7ZEpCK
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:11 GMT
x-amz-request-id
6M5F85TP3B2R7DEJ
age
5538
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
18673
x-amz-id-2
bFiUU6KYorV3wQnIk0sVpiwqgQJSMFn8M/W+XJsEyRTJxcq6QjX/GFxgjaJIeXYsRlomTDNhSHw=
x-served-by
cache-lga21957-LGA, cache-yyz4531-YYZ
last-modified
Fri, 12 Jan 2024 22:59:11 GMT
server
AmazonS3
etag
"ab2c4cea556b34b6a39ca5d9a24b02cc"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
a7ef84b2b5f471f7e31ee67592c50007237a1bed
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
4, 532
532.7510924c8ba33d203fb2.css
static-tracking.klaviyo.com/onsite/js/
39 KB
7 KB
Stylesheet
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/532.7510924c8ba33d203fb2.css
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.8993a4cd21755a6d3c0f.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8170107dd679d5f053fd54194b14143839b4b856c27c9f7332409469a59736f4

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
Q3QZfQ39yEgCXTG.A_wFo4Rwq6y8CcwT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:12 GMT
x-amz-request-id
R3R3ZA7DCNKDBPA2
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
6195
x-amz-id-2
oKe2HbYPqtQoiEpDpMweoSOJo0iYXthrGdCEuaNeKGM/ZzuNMxclaom4R4/DiymPIpGNQs+EPqA=
x-served-by
cache-lga21935-LGA, cache-yyz4531-YYZ
last-modified
Fri, 12 Jan 2024 16:29:12 GMT
server
AmazonS3
etag
"65e06e21c877eadc8eceec0f0c0dd1b3"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
0d7d2e3fdc262a0887d83f516791f9a736dff0ce
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
64, 608
styles.33920725fb7c3c853f53.js
static-tracking.klaviyo.com/onsite/js/
13 KB
4 KB
Script
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/styles.33920725fb7c3c853f53.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.8993a4cd21755a6d3c0f.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6af4bcb3682d264b8c6c71aa0a96f2a707e46621379a0001e5990292c8572f68

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
6X62wqiV95x4.SV1SgX5r3xFnIWPJ.8S
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:12 GMT
x-amz-request-id
S3EWW0FRWWHXG0T0
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
3994
x-amz-id-2
sAqK5TsQSo7i1vvAbr7iuiFdAIywO057h6t8mk2WIalfApUmcCUiQGEvj06mABarYdyEYuKyB7pVybXWSzcsrfReR46ZTifJDl7kzTPeEbI=
x-served-by
cache-lga13625-LGA, cache-yyz4531-YYZ
last-modified
Tue, 28 Nov 2023 20:02:19 GMT
server
AmazonS3
etag
"b77ebf481e9f2fe8cb099ed9a28980e7"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
ca0c74fa4ac6a01c464513de19d863f435e8b95c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
130691, 596
vendors~Render.2bc5e6bf5bd25bc82a40.js
static-tracking.klaviyo.com/onsite/js/
12 KB
4 KB
Script
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/vendors~Render.2bc5e6bf5bd25bc82a40.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.8993a4cd21755a6d3c0f.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
353f85cdd75082efd47eb3b3f1f0ab5ff7e0d21fd0a27ef7836a573cca5348f1

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
2av0aphi7XKEw.X.ZcFEWGRxk4eNgWx2
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:12 GMT
x-amz-request-id
W8C3FM0Q8CC53H2B
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
4020
x-amz-id-2
NAaPpJ08XmQMPZFsaavdofIs+QH5RL1iFfkNnN0OmkN9NkijRSw1df96Aboh2l5E2Yh7g0ebzzLxeAfJ8Agldw==
x-served-by
cache-lga21921-LGA, cache-yyz4531-YYZ
last-modified
Wed, 01 Nov 2023 22:25:28 GMT
server
AmazonS3
etag
"22f6291462298f7a69a6bb88dd1bc0eb"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
de3d2b24392429952093848ed2231367282799b3
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
7, 590
Render.67c3f9f0c8ae41b7a804.js
static-tracking.klaviyo.com/onsite/js/
118 KB
33 KB
Script
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/Render.67c3f9f0c8ae41b7a804.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.8993a4cd21755a6d3c0f.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
04800fac5c20bb3651d645f32552bfa8351bed4c707404db19da4ae0c5d4e8f8

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
FiDZ.qOZW4p18xx2IVTmB.QCNaTGdmxK
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sat, 13 Jan 2024 00:32:12 GMT
x-amz-request-id
KM9H1959V46T5AN1
age
5572
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
33454
x-amz-id-2
4K1jMj0FcR+NzfE58NlauIzEpsq1vtgyQCEpwq5l7wu5UDVnq2Jufmd7G+dc8zTy9jHlY0nhX3Y=
x-served-by
cache-lga21977-LGA, cache-yyz4531-YYZ
last-modified
Mon, 08 Jan 2024 19:28:35 GMT
server
AmazonS3
etag
"1f7d04387e8e03f83ad3fe33ea59aca3"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
4d60e04cd9b74537d1484e8b01818148ab839774
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
31, 597
/
www.google.com/pagead/1p-conversion/770484391/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770484391/?random=674550723&cv=11&fst=1705105931831&bg=ffffff&guid=ON&async=1&gtm=45be41a0v898710151&gcd=11l1l1l1l1&dma=0&u_w=1600&u...
  • https://www.google.com/pagead/1p-conversion/770484391/?random=674550723&cv=11&fst=1705105931831&bg=ffffff&guid=ON&async=1&gtm=45be41a0v898710151&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%...
42 B
455 B
Image
General
Full URL
https://www.google.com/pagead/1p-conversion/770484391/?random=674550723&cv=11&fst=1705105931831&bg=ffffff&guid=ON&async=1&gtm=45be41a0v898710151&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&label=hre4CILk7M8CEKfRsu8C&tiba=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&hn=www.googleadservices.com&frm=0&gtm_ee=1&auid=1637094968.1705105932&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fen-us&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09PRHJRWVFyZV8yd0tudDhvU3pBUkltQUJLeDhicFRfeGd1SEd5WmZZRy00SEVDUk1vOUVLMjhlYUhQMjZzTEZLd1FiUEl6SmQwGlpDaEVJZ09PRHJRWVF6TTdqbTRxams3NmpBUkl1QU1vUkdFaGZZbjIwaG1TSDhLVFk4b20ybXg2bWFfV3J4TkJUbjkzcGVHbUROLWFUdW1RQk1aU0F0Y1J1MFEiEwiVvIXLjtmDAxW8DWgIHWvQCV0&is_vtc=1&ocp_id=C9qhZdWKPLyboPMP66Cn6AU&cid=CAQSGwAvHhf_CvWlDH2hRlzLdBDY0-7XVtTYDwz_Vg&random=3126465515
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Server
2607:f8b0:4020:806::2004 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:32:12 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://www.google.com/pagead/1p-conversion/770484391/?random=674550723&cv=11&fst=1705105931831&bg=ffffff&guid=ON&async=1&gtm=45be41a0v898710151&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&label=hre4CILk7M8CEKfRsu8C&tiba=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&hn=www.googleadservices.com&frm=0&gtm_ee=1&auid=1637094968.1705105932&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fen-us&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09PRHJRWVFyZV8yd0tudDhvU3pBUkltQUJLeDhicFRfeGd1SEd5WmZZRy00SEVDUk1vOUVLMjhlYUhQMjZzTEZLd1FiUEl6SmQwGlpDaEVJZ09PRHJRWVF6TTdqbTRxams3NmpBUkl1QU1vUkdFaGZZbjIwaG1TSDhLVFk4b20ybXg2bWFfV3J4TkJUbjkzcGVHbUROLWFUdW1RQk1aU0F0Y1J1MFEiEwiVvIXLjtmDAxW8DWgIHWvQCV0&is_vtc=1&ocp_id=C9qhZdWKPLyboPMP66Cn6AU&cid=CAQSGwAvHhf_CvWlDH2hRlzLdBDY0-7XVtTYDwz_Vg&random=3126465515
content-type
image/gif
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
produce_batch
heysara.com/.well-known/shopify/monorail/unstable/
0
718 B
Ping
General
Full URL
https://heysara.com/.well-known/shopify/monorail/unstable/produce_batch
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/wpm/b08d9d536wbc499b5ep9e0ec6b9m18e2802am.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing
cfRequestDuration;dur=44.000149
alt-svc
h3=":443"; ma=86400
content-length
0
x-request-id
c280c617-4080-48a2-aba3-3f87c8fd5c5a
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Epw%2BcS2vlnc0B2yIK8LdA4zWdQJKKdpf5Us6foafbYQSPISf0K%2Fq6Kp8s5KNI%2BkWBAJtAFxkjh3sAT2Vix%2Fav3DZdbqTLaTPqmgcMjLrUAeSZexjbNgygfdsHhoh"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
cf-ray
84498a6b9a137293-EWR
cart
heysara.com/en-us/apps/stackable/
413 B
2 KB
Fetch
General
Full URL
https://heysara.com/en-us/apps/stackable/cart
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
2e8314416e8682e92cbb19f3b8deb8f8cbcab6ecbf20b853c4dc8acaee177e2a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=7889238
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-east4,gcp-us-east1,gcp-us-east1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
server-timing
cfRequestDuration;dur=265.999794
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
3a7c2b72-fa69-48dd-ad40-46b7ca47d8f7
x-shardid
246
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
text/html; charset=utf-8
content-language
en
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d4j8YcfWnSgVrNhDVwI%2FLN%2B53XgfiJxM%2B7O481CX2sXekUC6sNtfX4nymZtP2IWW5yZpvogfc1%2BotgxAYNFvpZx%2FimkmI%2BlhaV3xJ5lY2iw0iNLnHof01CwyaPaL"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a6bca627293-EWR
link
<https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin
x-sorting-hat-podid
246
produce
monorail-edge.shopifysvc.com/v1/ Frame
0
0
Preflight
General
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.229.135 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
135.229.102.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-monorail-edge-client-message-id,x-monorail-edge-event-created-at-ms,x-monorail-edge-event-sent-at-ms
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://heysara.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 13 Jan 2024 00:32:12 GMT
via
1.1 google
produce
monorail-edge.shopifysvc.com/v1/
0
0
Fetch
General
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.229.135 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
135.229.102.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Referer
https://heysara.com/
X-Monorail-Edge-Event-Created-At-Ms
1705105932162
X-Monorail-Edge-Event-Sent-At-Ms
1705105932163
accept-language
en-US,en;q=0.9
X-Monorail-Edge-Client-Message-Id
cbfe6ab2-575e-4b91-be2a-8407808533ce
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json; charset=utf-8

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
via
1.1 google
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
5b88541e-d93e-40d4-80a4-0dde53b4d701
/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=529492020749039&ev=PageView&dl=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&rl=&if=false&ts=1705105932185&sw=1600&sh=1200&v=2.9.140&r=stable&a=shopify&ec=0&o=4126&fbp=fb.1.1705105931987.1241333196&ler=empty&it=1705105931809&coo=false&eid=sh-003bc183-B183-47BF-421D-518F2C466626&cdl=&rqm=GET
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 13 Jan 2024 00:32:12 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
script.js
geolocation-recommendations.shopifyapps.com/selectors/
67 KB
19 KB
Script
General
Full URL
https://geolocation-recommendations.shopifyapps.com/selectors/script.js?shop=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.146.173.20 , Sweden, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe73d41f0d353ca0c9ab0a53cbee7f6fa80b9e7c5da308dbfdbad712eee06468
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.shopifycloud.com cdn.shopify.com geolocation-recommendations.shopifyapps.com; style-src 'self' 'unsafe-inline' cdn.shopify.com cdn.shopifycloud.com; img-src 'self' 'unsafe-inline' cdn.shopify.com cdn.shopifycloud.com data: *; font-src 'self' cdn.shopify.com cdn.shopifycloud.com data: *; frame-ancestors *.myshopify.com geolocation-recommendations.shopifyapps.com admin.shopify.com; object-src 'none'; media-src 'self' cdn.shopify.com cdn.shopifycloud.com; base-uri 'none'; upgrade-insecure-requests; connect-src 'self' sessions.bugsnag.com notify.bugsnag.com monorail-edge.shopifysvc.com country-service.shopifycloud.com wss://argus.shopifycloud.com shop.app cdn.shopify.com geolocation-recommendations.shopifyapps.com; frame-src 'self' shopify-geolocation-proxy.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.shopifycloud.com cdn.shopify.com geolocation-recommendations.shopifyapps.com; style-src 'self' 'unsafe-inline' cdn.shopify.com cdn.shopifycloud.com; img-src 'self' 'unsafe-inline' cdn.shopify.com cdn.shopifycloud.com data: *; font-src 'self' cdn.shopify.com cdn.shopifycloud.com data: *; frame-ancestors *.myshopify.com geolocation-recommendations.shopifyapps.com admin.shopify.com; object-src 'none'; media-src 'self' cdn.shopify.com cdn.shopifycloud.com; base-uri 'none'; upgrade-insecure-requests; connect-src 'self' sessions.bugsnag.com notify.bugsnag.com monorail-edge.shopifysvc.com country-service.shopifycloud.com wss://argus.shopifycloud.com shop.app cdn.shopify.com geolocation-recommendations.shopifyapps.com; frame-src 'self' shopify-geolocation-proxy.com
cf-cache-status
EXPIRED
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east1,gcp-us-east1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
server-timing
processing;dur=9, socket_queue;dur=2.079, util;dur=0.0, cfRequestDuration;dur=82.000017
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
x-request-id
c763e8e7-1762-491e-941d-243576461325
x-runtime
0.008472
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"fe73d41f0d353ca0c9ab0a53cbee7f6f"
x-download-options
noopen
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pnfoDXwWi2PSD%2FNRmPcg7kYttmPWB6MmE2IofUTQeI6Id6Y%2BRLe7lt4MrPkN0uyhvGv1iRjEC9bfIulN9gsY7Q2wbdLZHbQxljcvioJmhzjCLy0grewzDqb%2FxmWkUdnbouHBbwIZsT8vrjsF2WRNqsWcXN94OZzppYlGJZk%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, private, must-revalidate
cf-ray
84498a6d4b9b4bbd-BUF
bundler.js
cdn-bundler.nice-team.net/app/js/
1 KB
1 KB
Script
General
Full URL
https://cdn-bundler.nice-team.net/app/js/bundler.js?shop=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1fd0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bb911c93bf505555a51eee6d95149ff15dc230e006fd87e45fb4317c18f84c5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2883411
cf-polished
origSize=1549
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Tue, 25 Oct 2022 13:27:56 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1XTz55NAIkisfkhDmNjtJFP8nAZXHasPwwFExoAja9uCCfdTBARFt4qPwIbOjCRx97iaFbQV%2FW4G%2FeKkCCPj%2FxsT18g72tnHmlQeph%2B4V2%2FZzmAHl86qe1rdMp9IUapGS7xWFASaaspsD1zD9ci8EGJ2X3V75PQH"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
x-turbo-charged-by
LiteSpeed
cf-ray
84498a6d6b064bc3-BUF
basicv1.min.js
static.promobanner.app/banner/
28 KB
12 KB
Script
General
Full URL
https://static.promobanner.app/banner/basicv1.min.js?shop=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:15e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c3efc7c061c0df796f3ad754c8e024da3e514f3ff7fbc5a04b51bbb2fca1ebc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
via
1.1 vegur
content-encoding
br
cf-cache-status
REVALIDATED
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
last-modified
Thu, 11 Jan 2024 12:17:15 GMT
server
cloudflare
vary
Origin, Accept-Encoding
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1704981053&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=zfBLg7zKQjTGCCVP09SiJ27y%2BNNUJA1hlevuLl%2BCu8E%3D"}]}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
84498a6d78b06aee-BUF
alt-svc
h3=":443"; ma=86400
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1704981053&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=zfBLg7zKQjTGCCVP09SiJ27y%2BNNUJA1hlevuLl%2BCu8E%3D
instafeed-4f6891793b67b27a80e0244dd2d1b287.js
cdn.nfcube.com/
21 KB
7 KB
Script
General
Full URL
https://cdn.nfcube.com/instafeed-4f6891793b67b27a80e0244dd2d1b287.js?shop=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:69b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9389278f5f84d99768a435b91fb439c08243e92215e7c01b32a4eb1a0f31ed6f
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-polished
origSize=21302
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
cf-bgj
minify
last-modified
Fri, 30 Jun 2023 21:49:20 GMT
server
cloudflare
etag
W/"649f4de0-5336"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GxQ4YwO0TQdnJm6Q47LDHaciKTHvwvTIwFN6ZggHK7FO0Suc%2BWYpMabmdMGIYwfv7xCzS5zcblZjm2zwYthNKexA750XPG7cI4LUTUeuo0PgL9EMCTFJnxto0bUr5RffBrFW3E4h12l2PllG"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
84498a6d6f304bcf-BUF
codisto.js
cdn.shopify.com/s/files/1/2637/6386/t/116/assets/
0
0
Script
General
Full URL
https://cdn.shopify.com/s/files/1/2637/6386/t/116/assets/codisto.js?v=1690412676&shop=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

shopify_v2.js
cdn.enhencer.com/scripts/
11 KB
11 KB
Script
General
Full URL
https://cdn.enhencer.com/scripts/shopify_v2.js?token=6531b9d77a5a7b438ffecf49&shop=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b600:10:7435:da40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3dcf1546a9326b08a675d7538877dd857153151b47dc5358fc67d8c16801d5ad

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
r.XYqt77M_33q.WAFWyFrWnwIP_Do1ep
date
Fri, 12 Jan 2024 12:52:12 GMT
via
1.1 48d2977daea5b632b090c1400ef6bfcc.cloudfront.net (CloudFront)
last-modified
Fri, 05 Jan 2024 12:49:05 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C2
age
42001
x-amz-server-side-encryption
AES256
etag
"48558725a15ac38a4e8c8097ac7e7993"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
11041
x-amz-cf-id
uhSUSh40qoftNCogfn3F4ZoaTILM_hIO7YGEmw8Cq0xr11j3_H-7RA==
freeshippingbar.js
cdn.hextom.com/js/
63 KB
17 KB
Script
General
Full URL
https://cdn.hextom.com/js/freeshippingbar.js?shop=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:ac00:1:427b:a440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
80f5f45af20480963e8905994ca649b22ce2c9367d00599820d5d963cfd23d7f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 19:03:06 GMT
content-encoding
gzip
via
1.1 cc4ee60e87dead01c9e2d4b985af043e.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
age
19746
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
16720
last-modified
Wed, 10 Jan 2024 18:03:41 GMT
server
AmazonS3
etag
"4b9e1e79dd74d9efbe8f0bd63c3cb0ac"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
TtqxEdiQMsFn1wgw-SYcMv5U9DeT5gQBstAV7gqrMlABmaIp3-mJXQ==
runtime.latest.en.cdb91c7a2a2214cb0516.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
4 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/runtime.latest.en.cdb91c7a2a2214cb0516.js
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
content-encoding
br
server-timing
imagery;dur=26.678, imageryFetch;dur=25.981, cfRequestDuration;dur=65.999985
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
c5a535a4-f71d-425b-8308-03d8e3a37bdd
last-modified
Fri, 12 Jan 2024 18:34:27 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttrcEnpYoBFzgImnIXxBwP6U916Xt0xpsR%2FXw6NFvMIWmIWOAeI9dm8NqCJ7n9Q6wmHPasX39HZayUhKoxCkJna7nXAZy7Zl82ARJtBn%2BXAobOw%2BZJj84Lv6BhKSgGfftA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/runtime.latest.en.cdb91c7a2a2214cb0516.js>; rel="canonical"
cf-ray
84498a6d588d39dd-YYZ
2.chunk.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
116 KB
39 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/2.chunk.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
08bb5a1289d0f1b19fd7485a91d29ca46f05c3c4849b0541c0cb137349043389
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
67804
content-encoding
br
server-timing
imagery;dur=60.478, imageryFetch;dur=60.215, cfRequestDuration;dur=20.000219
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
304b1cca-ec90-49e9-b70c-f9d1912e41d0
last-modified
Fri, 12 Jan 2024 05:41:01 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CH9DI%2BnhyLRjXACsnRyOz0fAMfVIxtR2r2QyK8YkuVS0bcsZPsfUCjvEI2sHyxdeVIbtpmjIql2CRlY3Z%2BIRJtV7XLRES3Fyu8oiEqoI8BZSVFFFhbe0nI3vTmve%2BVzLRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/2.chunk.js>; rel="canonical"
cf-ray
84498a6d0f1a36c7-YYZ
3.chunk.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
127 KB
41 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/3.chunk.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
17f8dea9df9552e469ead8fc28c70f7c4dd0dfd72e33c1567b185b1325625408
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
67804
content-encoding
br
server-timing
imagery;dur=40.602, imageryFetch;dur=40.252, cfRequestDuration;dur=12.000084
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
1bfee797-f7c9-480b-bd29-0c4551ff5949
last-modified
Fri, 12 Jan 2024 05:41:01 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=omdHUe7AWVqrJhgiVTQtUkxfhkNgJvpGHDvu24hbCtxxh8%2F5QoeEbc7eTOwniwCL9%2FWAG0eEk9F1uHaJxhWDrI%2FIVooqvqZbNxXKor%2BDHbEQFIZWZaDzDBNMOMikHEQsug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/3.chunk.js>; rel="canonical"
cf-ray
84498a6d0f1e36c7-YYZ
5.chunk.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
12 KB
4 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/5.chunk.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
14384c15f9728c43d77d77a876d344d0102de972003ef289d850b8be91d1f716
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
67804
content-encoding
br
server-timing
imagery;dur=25.447, imageryFetch;dur=24.423, cfRequestDuration;dur=10.999918
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
aae1e76c-95cb-4928-bab8-c30dceca98fb
last-modified
Fri, 12 Jan 2024 05:40:48 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exeSB3O5DyODHMTgMt7%2FLUrxo8%2BKO0h8mbHA7twJce3loQ%2FehxhX4bonwJxW4Joo1t9XSLmdnGwxEdOqe%2FFjs9VE3eJHxLFRAP0%2BAwUPYEZOe1vlPJ0fzenS%2BmP%2FvqJ4hA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/5.chunk.js>; rel="canonical"
cf-ray
84498a6d0f2136c7-YYZ
6.chunk.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
358 B
1004 B
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/6.chunk.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
7e5d9b9c5d45ad4cbbda894fa4754a3a715a14f3403644e6d885b14b0b5cdcfb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
67804
content-encoding
br
server-timing
imagery;dur=31.812, imageryFetch;dur=31.300, cfRequestDuration;dur=12.000084
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
8e3cfd77-6232-43a0-a437-001da4fafbfb
last-modified
Fri, 12 Jan 2024 05:40:48 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LOBDWUBUIfY3klJ%2BUALP1VnBadFlGWb%2B9JORFud9j%2BeMN05zl9ujtZhd7kdFnQbFl2WpQZQgK0JShX6PhPGlhjr%2FsFPPcyGFRLEb7vjx%2BTZG8QmCEwI3Tn7x1RaK%2FeHRqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/6.chunk.js>; rel="canonical"
cf-ray
84498a6d0f2236c7-YYZ
7.chunk.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
29 KB
8 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/7.chunk.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
95720e0e685a08ffb2d6a1a39479f7eee5f3bdf3f0d6240b9d3a3338bcdb2d52
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
67804
content-encoding
br
server-timing
imagery;dur=136.460, imageryFetch;dur=61.046, cfRequestDuration;dur=12.000084
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
a3e1eb1f-8325-4726-a816-2fbc4b940a9d
last-modified
Fri, 12 Jan 2024 05:40:48 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4dOvcbbAeQLy37SScGedSQFj6TUQPtJf6fp0o8ZcSM%2FnXCCrrCk3VNV%2FXrqO1KJzUz%2BtOj6fcIS7D2mila%2BU0Ab4foV7M%2F69jWMJKEyIDSvkuArTKZWez5wcJW5gEL5qGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/7.chunk.js>; rel="canonical"
cf-ray
84498a6d0f2736c7-YYZ
4.chunk.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
96 KB
35 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/4.chunk.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
8bfdb31b91483f0044fc97d14ee4b5a98c91e2a9edfaf3c06f0f2a216e3eb106
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
67804
content-encoding
br
server-timing
imagery;dur=59.005, imageryFetch;dur=58.708, cfRequestDuration;dur=14.000177
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
ff02c073-30f8-41a4-a412-788ed15e237b
last-modified
Fri, 12 Jan 2024 05:40:48 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G7i32MR%2BVZg0k9MH6JRGTaavcfDO78RqnVjqNpObQO5CDdex2j4W313eJFUri0bRjBGvKSsscBacJtoSWzqbtEVGDZLhVvwAR6G1NMxOVBwSfbYCbdJFOa7a0sf2yIYX9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/4.chunk.js>; rel="canonical"
cf-ray
84498a6d0f2936c7-YYZ
main.chunk.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
848 B
1 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/main.chunk.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
a2fbaac8f1ee459b625cd23b2d12407a836986578de5d195c13234985b769278
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
67804
content-encoding
br
server-timing
imagery;dur=50.403, imageryFetch;dur=49.600, cfRequestDuration;dur=13.000011
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
528e9725-51ff-4280-8162-7995acb16eaa
last-modified
Fri, 12 Jan 2024 05:41:03 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nf5Neq%2BiLxSlXmL4fw6OqL1ZJD7WcKWNzNEVw7J6mTiXMx0dWOKrlr7pUsOPgmFkALLTbvUIueVCwG1qKRo%2FuP5YsKkQM%2FeqfogUHuXOKueiEYEcgPwQhUSCCjg2Bn2IGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/main.chunk.js>; rel="canonical"
cf-ray
84498a6d0f2b36c7-YYZ
runtime-main.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
2 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/runtime-main.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
008a353546d56e2ab28f207905f7bab25bb6f6fcb5f755117e9d71f05c0c42b5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
67804
content-encoding
br
server-timing
imagery;dur=36.294, imageryFetch;dur=35.596, cfRequestDuration;dur=13.000011
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
5c941541-e640-4813-9cef-78623e9e6a70
last-modified
Fri, 12 Jan 2024 05:40:48 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tc85RzMHIrvX4R34Wkum%2FuLMCxMDJmeC9r8bbgcGXsK3dpIyM2dexiOKWsVPdPy4EnMK4XJWR8yxrpLMiJ8AyGudyb6%2Fs4%2BZYTiSnfocA5UAcmYOSClF5BD%2BEENzyKOZCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/runtime-main.js>; rel="canonical"
cf-ray
84498a6d0f2c36c7-YYZ
iwishlist-2.0.js
cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/
103 KB
35 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/iwishlist-2.0.js
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
720e6e6b93b69ba00420aee4bf206c1f6d74928195bb26c46daea0106b84109a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
67804
content-encoding
br
server-timing
imagery;dur=73.166, imageryFetch;dur=72.844, cfRequestDuration;dur=17.999887
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
b5d84c05-af0a-4466-aa4f-e327037f6145
last-modified
Fri, 12 Jan 2024 05:40:48 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2F9lnp%2FRErAgyFG0WMRtAb6UYvXwYhP1P4SzTK0%2FpZVEK7KXdPAsYyjROafBl04syCJXOrXm2cS%2FyhKjHfMJZr1z838s0ffw4y9PmzHWLR%2FixjLUvIKAjwbwewddSZzwUg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/iwishlist-2.0.js>; rel="canonical"
cf-ray
84498a6d0f2e36c7-YYZ
4.chunk.js
heysara.com/static/js/
0
0
Script
General
Full URL
https://heysara.com/static/js/4.chunk.js
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/extensions/fcc23857-9121-4cdc-be25-b6fa05013523/iwish-wishlist-80/assets/runtime-main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=7889238
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
x-cache
miss
server-timing
processing;dur=16, db;dur=6, asn;desc="20278", edge;desc="EWR", country;desc="US", servedBy;desc="8t9l", requestID;desc="9125eee6-6fc4-463e-ab45-9e8837555d92", cfRequestDuration;dur=53.999901
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
9125eee6-6fc4-463e-ab45-9e8837555d92
x-shardid
246
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
etag
W/"cacheable:c120c34b7ae6ee71a704e7044777037a"
x-shopid
26376386
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
content-language
en
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DL3oGZYWKPFriIgGp%2BmBUoSls938N%2BKMcSrkotEniY671NBbVTHVW28uvsNElLr9NbGqbeSWrcUmucZ9%2FY03L7evIDPTsoWqNnRBT8OhSS%2FOqPZtL71n3bPY5j4H"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a6d8c527293-EWR
x-sorting-hat-podid
246
getShopId
iwish.myshopapps.com/API/V1/ShopifyApi/
16 B
300 B
Fetch
General
Full URL
https://iwish.myshopapps.com/API/V1/ShopifyApi/getShopId?shop_url=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.211.248.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-211-248-173.compute-1.amazonaws.com
Software
nginx /
Resource Hash
449eb77b7b09e4fea5844acdeffefc902ff576b8a35e22848c23879801e0ba2b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-encoding
gzip
server
nginx
access-control-max-age
1000
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
vary
Accept-Encoding
access-control-allow-headers
Content-Type, Authorization, X-Requested-With
update.js
heysara.com/en-us/cart/
347 B
2 KB
Fetch
General
Full URL
https://heysara.com/en-us/cart/update.js?app=stkbl
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
feb459ca87f93ea6e76b0554d0352aef2b99bfe3443b6c4f58127a07eb1cb048
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=d4c179f5-e619-45de-8c38-c14bbc0a1cca
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=d4c179f5-e619-45de-8c38-c14bbc0a1cca

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=7889238
x-content-type-options
nosniff
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=d4c179f5-e619-45de-8c38-c14bbc0a1cca
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-central1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
x-envoy-upstream-service-time
168
server-timing
processing;dur=166, cfRequestDuration;dur=213.999987
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block; report=/xss-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=d4c179f5-e619-45de-8c38-c14bbc0a1cca
x-sorting-hat-shopid
26376386
x-request-id
d4c179f5-e619-45de-8c38-c14bbc0a1cca
x-shardid
246
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
content-language
en-US
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vP%2BuU5p424T9NUIk56F9f7kWv1UYSpbwrT1EDLPdirpWxKywXSft%2FxNXiMunPgcfSBJ40zwb3v3DawmYstenJIRwQMzHmE3LyF9t8PJvSfauHnlzDEGiAdlN8jZL"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a6dfcb67293-EWR
x-liquid-rendered-at
2024-01-13T00:32:12.613587226Z
x-sorting-hat-podid
246
cart.js
heysara.com/
283 B
1 KB
XHR
General
Full URL
https://heysara.com/cart.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
44c60a65dbcbbd021dd68678f6ba903b3df697e1205e48bbe9f19aeeae7e4786
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=7889238
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
server-timing
processing;dur=13, db;dur=3, asn;desc="20278", edge;desc="EWR", country;desc="US", servedBy;desc="hljn", requestID;desc="6005428c-eafe-4261-9a1b-c207349d2a22", cfRequestDuration;dur=52.000046
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
6005428c-eafe-4261-9a1b-c207349d2a22
x-shardid
246
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
content-language
en
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rGv3%2BR7Y%2F7meitIBjVnZrX567hOwdQVOMEY%2Fs7yOccM6v4%2BkDP%2FjqE5ZMRQ2f9ZlvoyeLcTKWSsWdgqpQOwT8M16%2F9MZDb6AAXb61sY836JdSqeQEKhm0d2vpMzh"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a6dfcba7293-EWR
x-sorting-hat-podid
246
x-cartjs-updatedat
0
heysara.myshopify.com.js
bundler.nice-team.net/app/shop/status/
40 B
232 B
Script
General
Full URL
https://bundler.nice-team.net/app/shop/status/heysara.myshopify.com.js?1705105932
Requested by
Host: cdn-bundler.nice-team.net
URL: https://cdn-bundler.nice-team.net/app/js/bundler.js?shop=heysara.myshopify.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.99.228.137 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
nice.goldendev.ny
Software
LiteSpeed /
Resource Hash
dc92da4042d79359ec08cfcd554c7d226e98d6084ead823d29091f93648e6a31

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
last-modified
Thu, 31 Aug 2023 12:13:23 GMT
server
LiteSpeed
etag
"28-64f083e3-17d637;;;"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
40
expires
Sun, 12 Jan 2025 00:32:12 GMT
431.latest.en.7425d35eef441dd4f5ab.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
79 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/431.latest.en.7425d35eef441dd4f5ab.js
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=25.328, imageryFetch;dur=25.108, cfRequestDuration;dur=35.000086
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
4f25d48f-1c58-4203-88ee-9c985264bae7
last-modified
Thu, 11 Jan 2024 21:45:08 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2BunNmx56F%2FHTznEODU2SMQUvuqJLVjlAqpQR0HpqYVzvVehL47PpaxaAN5MRPMk2MMX7xzifcEPFF9TjhF8CWQBai0q%2Fkaq0X21%2FkOALjfu%2FbYakjztr0YfPE1k251nhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/431.latest.en.7425d35eef441dd4f5ab.js>; rel="canonical"
cf-ray
84498a6df98239dd-YYZ
fsb_get_bars
fsb.hextom.com/
107 B
300 B
XHR
General
Full URL
https://fsb.hextom.com/fsb_get_bars?shop=heysara.myshopify.com
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.156.145.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-145-102.compute-1.amazonaws.com
Software
nginx /
Resource Hash
befa43b13cdb686a7ef922a91d1a67a72a9ff512e5611b3c9ff3556f7f65e2d0

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://heysara.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
server
nginx
vary
Accept-Language, Origin, Cookie
content-language
en
access-control-allow-origin
https://heysara.com
content-type
application/json
access-control-allow-credentials
true
content-length
107
truncated
/
134 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dd3307a05d3466cfcb2b79872d36c0688389e2fec8e4bb9ff8a13f69dd49d41f

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type
image/svg+xml
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/
47 KB
47 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 08:43:37 GMT
x-content-type-options
nosniff
age
316115
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jan 2025 08:43:37 GMT
stamped-font.ttf
cdn1.stamped.io/fonts/
9 KB
10 KB
Font
General
Full URL
https://cdn1.stamped.io/fonts/stamped-font.ttf?rkevfi
Requested by
Host: cdn1.stamped.io
URL: https://cdn1.stamped.io/files/widget.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-127.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b2f365310c35cf84e0ab011e82072fe91bb97f1e7a159fb7806e4f79172bec33

Request headers

Referer
https://cdn1.stamped.io/files/widget.min.css
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id
_V6WBlqz0lmBWtouLz.12uaxh7Ni128J
date
Fri, 12 Jan 2024 13:10:04 GMT
via
1.1 9cd85e528eb96b937681f7f81aea46c8.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD61-P2
age
40929
x-cache
Hit from cloudfront
content-length
9536
last-modified
Tue, 02 Aug 2022 18:16:43 GMT
server
AmazonS3
etag
"65f2d065c065a7b14fc738aefae5e847"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
C38PpAfejZsaqSWdl_TMNLyWIXm4qFplRaPK4Q3hhPzarSd3XVBI8Q==
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/
24 KB
25 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 13:41:17 GMT
x-content-type-options
nosniff
age
125455
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24984
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:04:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jan 2025 13:41:17 GMT
shopify_verified-by-shop-gray.svg
s3-us-west-2.amazonaws.com/stamped.io/cdn/images/
6 KB
7 KB
Image
General
Full URL
https://s3-us-west-2.amazonaws.com/stamped.io/cdn/images/shopify_verified-by-shop-gray.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.92.195.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
450187620761b682b29a944ae2934b19a00c2ce53278a8c86ba0bff2515b8e19

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:32:13 GMT
x-amz-version-id
sCGZh3mLTCGasCmbMlukMDnHrE4.qoud
Last-Modified
Mon, 06 Nov 2023 19:59:55 GMT
Server
AmazonS3
x-amz-request-id
C56XKK93YNNPY3Z1
ETag
"5e3626a7ee1ad0e7826330822b59aa44"
x-amz-server-side-encryption
AES256
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
6565
x-amz-id-2
PhGmqroe+o/pnF2jmuICxvFHnG56EplOqO/6I0GkyLbf9AusJj0sOKRA1qAgYYSNxO3Jotaw/4k=
instafeed-7.5.1.css
instafeed.nfcube.com/cdn/
11 KB
3 KB
Stylesheet
General
Full URL
https://instafeed.nfcube.com/cdn/instafeed-7.5.1.css
Requested by
Host: cdn.nfcube.com
URL: https://cdn.nfcube.com/instafeed-4f6891793b67b27a80e0244dd2d1b287.js?shop=heysara.myshopify.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:69b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e8d2f196f7a464476bf47d0b722391f44fdbc58c6b941e9cf9eada7fab426bd
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1596474
content-encoding
br
alt-svc
h3=":443"; ma=86400
pragma
public
cf-bgj
minify
last-modified
Wed, 31 May 2023 15:26:15 GMT
server
cloudflare
etag
W/"64776717-29ad"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fpqwxb%2Bye4tMIXZax%2Bapj2mveiWhwtzPxhF70qannrdqL25LtE%2FiV0RCu6pLKk64qe7BI4JP7slQiWgeiTlQnk%2Fr0r6VOMoRRtHgP%2BL3%2Bu8nE%2B%2B%2FAJUZwsXI7wXfYGJRiYLFuepwXO599N5RjltlAa0q"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=315360000, must-revalidate, proxy-revalidate
cf-ray
84498a6ecfda4bcf-BUF
expires
Thu, 31 Dec 2037 23:55:55 GMT
v4
instafeed.nfcube.com/feed/
6 KB
2 KB
Fetch
General
Full URL
https://instafeed.nfcube.com/feed/v4?charge=0&fu=0&limit=4&account=heysara.myshopify.com&fid=0&hash=22ef6f850d8f5fcba992f2365e1cfffe
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:79b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ee9d0f9e5e8ea9978182e9ff3934ecdc7968b61515fa554a6b2bc95fc3644f2
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 12 Jan 2024 23:33:21 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://heysara.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QtNeUjkBCtzraHIS%2BhkTu8pfsvwFclxuVzI%2B1fxa2tXoKtM2t25Xfl%2BqCQXVJMpzNS3WVr0X9bsqK6xp02VZLmLwGWQGgibEq2w%2B4PkaEVcVcJKDSI7Wjzqaxwvg%2BCQjvVk8KHZt83KfTnYDZ0rR%2FTEO"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000, must-revalidate
access-control-allow-credentials
false
cf-ray
84498a6f2cbf4bbd-BUF
access-control-allow-headers
Content-Type, X-Requested-With, X-MinttStudio-Instafeed
expires
Thu, 19 Nov 1981 08:52:00 GMT
loader.gif
instafeed.nfcube.com/assets/img/
596 B
989 B
Image
General
Full URL
https://instafeed.nfcube.com/assets/img/loader.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:69b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06ea3c5c81f846a699293a1329d6e486d29eea890bcf78ac2fc1c92f8260f51e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1596447
cf-polished
origSize=723, status=webp_bigger
alt-svc
h3=":443"; ma=86400
content-length
596
pragma
public
cf-bgj
imgq:100,h2pri
last-modified
Tue, 19 Feb 2019 22:39:54 GMT
server
cloudflare
etag
"5c6c85ba-2d3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xKPAljbHDbuoLbXdb1E1jHe82MHn18HDBQrPDvZGbEeCjN6TZ75cUl60hRXMTjbXqz8LePltNkuKeZ%2FkLSazXwl%2Fc%2FNMhjT13qOHMEqXeYSai1A6%2FZ4cVcl55LQeNatPn%2FVRjVG3HNyws%2FpE7jm1zWJY"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
public, max-age=315360000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
84498a6ecfdd4bcf-BUF
expires
Thu, 31 Dec 2037 23:55:55 GMT
pub
peter.promobanner.app/api/v2/ Frame
0
0
Preflight
General
Full URL
https://peter.promobanner.app/api/v2/pub?shop=heysara.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:80f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84498a6f4a924bd2-BUF
date
Sat, 13 Jan 2024 00:32:12 GMT
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705105932&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=pv0nxNLWoFbqk4SiHqKQoxaqJo6GPK%2B%2FVJlFPZLuCrA%3D"}]}
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705105932&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=pv0nxNLWoFbqk4SiHqKQoxaqJo6GPK%2B%2FVJlFPZLuCrA%3D
server
cloudflare
via
1.1 vegur
pub
peter.promobanner.app/api/v2/
2 B
368 B
XHR
General
Full URL
https://peter.promobanner.app/api/v2/pub?shop=heysara.com
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:80f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705105932&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=pv0nxNLWoFbqk4SiHqKQoxaqJo6GPK%2B%2FVJlFPZLuCrA%3D
x-request-id
e8a88bf3-a092-4988-a405-e5e7ec21dd7c
x-runtime
0.011851
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"44136fa355b3678a1146ad16f7e8649e"
x-download-options
noopen
access-control-max-age
7200
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705105932&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=pv0nxNLWoFbqk4SiHqKQoxaqJo6GPK%2B%2FVJlFPZLuCrA%3D"}]}
access-control-expose-headers
x-frame-options
SAMEORIGIN
cache-control
max-age=0, private, must-revalidate
vary
Origin
cf-ray
84498a6ffacd4bd2-BUF
s
peter.promobanner.app/api/v2/
0
0
Fetch
General
Full URL
https://peter.promobanner.app/api/v2/s?shop=heysara.com
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:80f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705105932&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=pv0nxNLWoFbqk4SiHqKQoxaqJo6GPK%2B%2FVJlFPZLuCrA%3D
x-request-id
95a0b6a1-67be-47b8-8427-02912655dca7
x-runtime
0.008031
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-download-options
noopen
access-control-max-age
7200
access-control-allow-methods
GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705105932&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=pv0nxNLWoFbqk4SiHqKQoxaqJo6GPK%2B%2FVJlFPZLuCrA%3D"}]}
access-control-expose-headers
x-frame-options
SAMEORIGIN
cache-control
no-cache
vary
Origin
cf-ray
84498a700ad34bd2-BUF
605.latest.en.314e89a8131329087f6a.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
78 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/605.latest.en.314e89a8131329087f6a.js
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=22.627, imageryFetch;dur=22.403, cfRequestDuration;dur=91.000080
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
255e9688-5c49-47e4-b21c-cb159e302a66
last-modified
Sat, 13 Jan 2024 00:32:12 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rK9y86lK5mad%2BAhCV0DE6fcH2JriQcUc7npqsp1r89qXoTcbQ58RolMF6yYQpRVO6tqngGv1%2FJcst9N4%2B0UeJ6MGmjDmpzHuLqotHOy0ndcwVKy1yI%2BGDAZzQcMbmraVA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/605.latest.en.314e89a8131329087f6a.js>; rel="canonical"
cf-ray
84498a6edb4239dd-YYZ
bundler-script.js
cdn-bundler.nice-team.net/app/js/
0
324 B
Script
General
Full URL
https://cdn-bundler.nice-team.net/app/js/bundler-script.js?shop=heysara.myshopify.com&1693484003
Requested by
Host: cdn-bundler.nice-team.net
URL: https://cdn-bundler.nice-team.net/app/js/bundler.js?shop=heysara.myshopify.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1fd0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1575136
cf-polished
origSize=4
alt-svc
h3=":443"; ma=86400
content-length
0
cf-bgj
minify
last-modified
Thu, 26 Dec 2019 19:28:30 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NG20XWDrIqSGH%2FLm6MHFDdP8lDgjpE8F56K%2BA4oY2gr1SMAd6zBNMpZKmEPOBv4hKsOmbVNaTdj5%2By52pgaCeSebMMQNZsLPMJA2uergWis7gSgTyGWMBDzLFyu9tHHnC0%2FjO56Z7C3kXqagKVBaqhj52WFNwZZB"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
84498a6edbbc4bc3-BUF
s
peter.promobanner.app/api/v2/ Frame
0
0
Preflight
General
Full URL
https://peter.promobanner.app/api/v2/s?shop=heysara.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:80f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84498a6f4a944bd2-BUF
date
Sat, 13 Jan 2024 00:32:12 GMT
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705105932&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=pv0nxNLWoFbqk4SiHqKQoxaqJo6GPK%2B%2FVJlFPZLuCrA%3D"}]}
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705105932&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=pv0nxNLWoFbqk4SiHqKQoxaqJo6GPK%2B%2FVJlFPZLuCrA%3D
server
cloudflare
via
1.1 vegur
cart.json
heysara.com/
283 B
1 KB
XHR
General
Full URL
https://heysara.com/cart.json
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
2ee55e524b6dae3e5a5f1d5dc3b09ee34b956b602934b81c0dbe7f878ace66bb
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
X-Requested-With
XMLHttpRequest
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=7889238
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
server-timing
processing;dur=12, db;dur=3, asn;desc="20278", edge;desc="EWR", country;desc="US", servedBy;desc="sd2q", requestID;desc="4f74b077-7cf4-497e-99ac-b61c94071c16", cfRequestDuration;dur=46.999931
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
4f74b077-7cf4-497e-99ac-b61c94071c16
x-shardid
246
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
content-language
en
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pTdgrLkypER5o8MvX7VtH7%2FPe1zDexjHOZFA6wt8wkMIil5SEwRKUJsJqOXPnMhkFnNcb36nwepAEfemnS%2Fmj1G10vXhzh9AuDxyNGqBIveDRzTZ6a%2FurWMqnZVV"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a6efdea7293-EWR
x-sorting-hat-podid
246
x-cartjs-updatedat
0
cart.js
heysara.com/en-us/
345 B
1 KB
Fetch
General
Full URL
https://heysara.com/en-us/cart.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
25c58b5996793854059af5eb81e0850824c2ec276c426e26489df85a911c4879
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=7889238
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-central1,gcp-us-central1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
server-timing
processing;dur=14, db;dur=4, asn;desc="20278", edge;desc="EWR", country;desc="US", servedBy;desc="2htz", requestID;desc="f488ec80-9435-498b-859f-f8283caec565", cfRequestDuration;dur=66.999912
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
f488ec80-9435-498b-859f-f8283caec565
x-shardid
246
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
content-language
en-US
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PfrkclXJPTKlgc%2Byq4aR3%2FDf2S1zpOHhhkXxqSpYgNoUCI1c0kIXxuK6PPV1i0LvlRZiANWX7HUOq4lFFFNOCl9%2F9Jp1WsNRrhi1nvay0D5bCG1%2Bl%2B%2F9x%2BxLnMQL"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a6f9e9f7293-EWR
x-sorting-hat-podid
246
x-cartjs-updatedat
1705105932
savings
admin.stkbl.app/api/v2/extension/ Frame
0
0
Preflight
General
Full URL
https://admin.stkbl.app/api/v2/extension/savings?shop=heysara.myshopify.com&cartItemsHash=4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:8833 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://heysara.com
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84498a6f8a104bc1-BUF
date
Sat, 13 Jan 2024 00:32:12 GMT
fly-request-id
01HM03QGE39CAC0NAPSMWVHWV3-lga
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7zzccNzoehUrfaHMU1T02nW5bMSEEgGv6jPmqvi4B4cDq%2B2gbA3wB1n2OSltYkIfv5UEo4QQrtKlzVGtH0OzCn8Fj38DAtV91B8aBcuws2xnK8KxPZUJzEzEu4CUtxG9veqDpNIVH4%2FoZvG0ACo%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin
via
2 fly.io
savings
admin.stkbl.app/api/v2/extension/
6 KB
1 KB
Fetch
General
Full URL
https://admin.stkbl.app/api/v2/extension/savings?shop=heysara.myshopify.com&cartItemsHash=4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:8833 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
356095d1ab9f5df0cd0665a6c66d940f102215674306e78f64c435f18fc17d20
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://heysara.myshopify.com https://admin.shopify.com;

Request headers

Referer
https://heysara.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-security-policy
frame-ancestors https://heysara.myshopify.com https://admin.shopify.com;
via
2 fly.io
cf-cache-status
DYNAMIC
fly-request-id
01HM03QGFRVYDMM4PKDHGE1GC9-lga
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46u9KCFvUMwNv8OvnqYA%2B6zTYAHqacYteuAPzVDklEbuNpMWv6yQ50BsZdWjtFLDRCq3pHh2bQOoxgzHAujW5frvVkxbqYfaD1IFE%2F5ANLkhduhoRLD9IfuAHQSLv78dO5USf%2B6L9vsSaRs7rek%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
cf-ray
84498a6fea2e4bc1-BUF
alt-svc
h3=":443"; ma=86400
598.latest.en.fe9c14be777555bb281a.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
20 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/598.latest.en.fe9c14be777555bb281a.js
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
content-encoding
br
server-timing
imagery;dur=21.852, imageryFetch;dur=21.651, cfRequestDuration;dur=96.999884
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
d12f850b-6a03-478f-ba8e-6fd853bf1a34
last-modified
Sat, 13 Jan 2024 00:32:12 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t8t4XThZXdsFWQUlZ0ASqQOKADqNhd7KDi7%2BVnJkV%2BXYsVlNCT6qPxwJQW20Pvam93yh0Igms8papR%2FBsYWXhkjtvfZ4uPW08A31okdGYT16oGmy1fISLxN7ttpPFxGplw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/598.latest.en.fe9c14be777555bb281a.js>; rel="canonical"
cf-ray
84498a6fdd8439dd-YYZ
placeholder.gif
instafeed.nfcube.com/assets/img/
38 B
441 B
Image
General
Full URL
https://instafeed.nfcube.com/assets/img/placeholder.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:69b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1596349
cf-polished
origFmt=gif, origSize=826
content-disposition
inline; filename="placeholder.webp"
alt-svc
h3=":443"; ma=86400
content-length
38
pragma
public
cf-bgj
imgq:100,h2pri
last-modified
Thu, 23 Jun 2022 20:01:32 GMT
server
cloudflare
etag
"62b4c69c-33a"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7fKDAdMwRor5KNG%2FjXM0Wdn%2FhVVGyQfKjdzdP31UwyOtfuXMGxftE0s%2BSR7k%2FXnCrcSFhs9PcmVqHE76Xo2wYedF373lpOZq2sTNIcQY5H%2FTudHDWnPvEG7RtFh6fR9r6b1wkSTuUbh5AYmj9PW6ZUMl"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=315360000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
84498a7018ac4bcf-BUF
expires
Thu, 31 Dec 2037 23:55:55 GMT
produce_batch
monorail-edge.shopifysvc.com/unstable/ Frame
0
0
Preflight
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.229.135 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
135.229.102.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-monorail-edge-client-message-id,x-monorail-edge-event-created-at-ms,x-monorail-edge-event-sent-at-ms
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://heysara.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 13 Jan 2024 00:32:12 GMT
via
1.1 google
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
0
Fetch
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.229.135 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
135.229.102.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Referer
https://heysara.com/
X-Monorail-Edge-Event-Created-At-Ms
1705105932804
X-Monorail-Edge-Event-Sent-At-Ms
1705105932804
accept-language
en-US,en;q=0.9
X-Monorail-Edge-Client-Message-Id
67926ea2-8ed8-454b-bd58-914fab4f5360
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json; charset=utf-8

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
via
1.1 google
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
e4304cb9-1f2f-4443-aa7a-811b0819379f
instagram-icon-v2.svg
instafeed.nfcube.com/assets/img/
393 B
600 B
Image
General
Full URL
https://instafeed.nfcube.com/assets/img/instagram-icon-v2.svg
Requested by
Host: instafeed.nfcube.com
URL: https://instafeed.nfcube.com/cdn/instafeed-7.5.1.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:69b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46cfe6f645ccb4cf54b7ed3fdd3db2198fb0e96e8f88b15e4478625cdf03cb38
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://instafeed.nfcube.com/cdn/instafeed-7.5.1.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1596348
content-encoding
br
alt-svc
h3=":443"; ma=86400
pragma
public
last-modified
Thu, 20 Apr 2023 21:40:49 GMT
server
cloudflare
etag
W/"6441b161-189"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sGa%2FAO44iCLMSluZeYgDBeqk9XKGYwjITcczum8NP6DoLcCFc3Bs1InbB60P%2Bw5F12z8BPKoeGSC%2BiDMmfc364zKs55MM4M5yP%2FFv%2B%2BmfBE5puPAZbl2CaKbrDWG976%2BaMXRJRht1wFXcDU%2F5UGdSaXv"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=315360000, must-revalidate, proxy-revalidate
cf-ray
84498a7018b34bcf-BUF
expires
Thu, 31 Dec 2037 23:55:55 GMT
checkout.min.js
www.paypalobjects.com/api/
863 KB
187 KB
Script
General
Full URL
https://www.paypalobjects.com/api/checkout.min.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/da8ea57857b3d34e1bf7.dcc-698.en.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chf/16A8) /
Resource Hash
f7d9c8184937ff854afd6da2a3de3fc970ef1c2820795e44e932499540fe5832
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
a5457f0cbbe9b
dc
ccg11-origin-www-1.paypal.com
content-length
191373
last-modified
Wed, 24 May 2023 16:43:28 GMT
server
ECAcc (chf/16A8)
traceparent
00-0000000000000000000a5457f0cbbe9b-28b22c20ce5108ca-01
etag
"646e3eb0-d7ad2+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Sun, 14 Jan 2024 00:32:12 GMT
pay.js
pay.google.com/gp/p/js/
118 KB
36 KB
Script
General
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/payment-sheet/assets/latest/da8ea57857b3d34e1bf7.dcc-698.en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::5c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b4b118f1d6941d1c227f24465a739f9c03a205b53382e0aafcdfec681f394f7b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-gRojKwik9jXgcITquPLOMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:12 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-gRojKwik9jXgcITquPLOMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Sat, 13 Jan 2024 00:32:12 GMT
update.js
heysara.com/en-us/cart/
345 B
2 KB
Fetch
General
Full URL
https://heysara.com/en-us/cart/update.js?app=stkbl
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
25c58b5996793854059af5eb81e0850824c2ec276c426e26489df85a911c4879
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=0b2debe4-e21f-4d73-942e-6f466c8742f6
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=0b2debe4-e21f-4d73-942e-6f466c8742f6

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
strict-transport-security
max-age=7889238
x-content-type-options
nosniff
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=0b2debe4-e21f-4d73-942e-6f466c8742f6
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-central1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
x-envoy-upstream-service-time
146
server-timing
processing;dur=144, cfRequestDuration;dur=203.000069
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block; report=/xss-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=0b2debe4-e21f-4d73-942e-6f466c8742f6
x-sorting-hat-shopid
26376386
x-request-id
0b2debe4-e21f-4d73-942e-6f466c8742f6
x-shardid
246
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
content-language
en-US
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vkb66j%2BKnNgaRZScX%2Fw9z2ajXjnoBnmKbQpCIUKtvBK9rpqy0ZIFPJZVOcRB0MssiRTBfR7TD4LPhhBG1Paa5XuB5%2FQpdzt3JOm%2BjudAMGHK08%2BxneZGXU6Gglml"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a709f987293-EWR
x-liquid-rendered-at
2024-01-13T00:32:12.971301433Z
x-sorting-hat-podid
246
app.latest.en.35fc991026029d44f266.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
219 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/app.latest.en.35fc991026029d44f266.js
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
content-encoding
br
server-timing
imagery;dur=32.542, imageryFetch;dur=32.187, cfRequestDuration;dur=217.000008
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
d0100d9c-f4ca-4190-be07-6a111807c4f0
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s5o6XksH3FmlQ9Ssh6xtw8gekBLHnTpFPvK8CFKWfXC23teIt%2BcsrPPpWEbuLQ08Uu5mxiqMj%2B%2BJAMqzT28Z1pc1pHAa0c%2FbJdtd8caUcvivXLTtoP0vIqS%2FJvVNJp0Heg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/app.latest.en.35fc991026029d44f266.js>; rel="canonical"
cf-ray
84498a709f2739dd-YYZ
payframe
pay.google.com/gp/p/ui/ Frame 6981
19 KB
8 KB
Document
General
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fheysara.com&mid=16708973830884969730
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::5c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
42d943d26530ba140625166f1491b42e09cbdcda120ff344bbfb6f4ce948b298
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-t8DQ0BlAezAwj7aZGzjcNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://heysara.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-t8DQ0BlAezAwj7aZGzjcNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site
date
Sat, 13 Jan 2024 00:32:13 GMT
expires
Sat, 13 Jan 2024 00:32:13 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
0
pptm.js
www.paypal.com/tagmanager/
14 KB
6 KB
Script
General
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=heysara.com&mrid=RN3T23Q5Y777S&source=checkoutjs&t=xo&v=4.0.338
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
645a238bdcf3e5b208a7d1a4b7e4499962998de24b882578bf211444bd782652
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-Vi48p8nLG4jlDgWgu7vggfmb+mQxM1dL8sGAdfvu1GascPg1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-Vi48p8nLG4jlDgWgu7vggfmb+mQxM1dL8sGAdfvu1GascPg1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
0
x-cache
MISS, MISS, MISS
paypal-debug-id
f342883326834
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4767
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200176-BUR, cache-yyz4582-YYZ, cache-yyz4582-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f342883326834-1df8dfb08763d63e-01
x-timer
S1705105933.154116,VS0,VE459
etag
W/"3658-mwcokDrt14UGkb/ZJK+cx+H6wf4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
cart.js
heysara.com/en-us/
345 B
1 KB
Fetch
General
Full URL
https://heysara.com/en-us/cart.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
25c58b5996793854059af5eb81e0850824c2ec276c426e26489df85a911c4879
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=7889238
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-central1,gcp-us-central1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
server-timing
processing;dur=13, db;dur=4, asn;desc="20278", edge;desc="EWR", country;desc="US", servedBy;desc="r5k4", requestID;desc="ccda5354-dcbd-4a4d-b108-b2e589373a62", cfRequestDuration;dur=59.999943
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
ccda5354-dcbd-4a4d-b108-b2e589373a62
x-shardid
246
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
content-language
en-US
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c8aYAh7UWm9VUe0JIJzsvD1OrcSmvVagkMuBB6Xb7fQNQMUOrpYq1Gv3U9j%2BgVqAJ3ThBPoExqS6Si17TLF61EVoUZAOdMH3Y3ESmV%2FqPRBXFq3QRO1XhLMzg%2B6r"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a7209057293-EWR
x-sorting-hat-podid
246
x-cartjs-updatedat
1705105933
cart.js
heysara.com/en-us/
345 B
1 KB
Fetch
General
Full URL
https://heysara.com/en-us/cart.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
25c58b5996793854059af5eb81e0850824c2ec276c426e26489df85a911c4879
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=7889238
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-central1,gcp-us-central1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
server-timing
processing;dur=11, db;dur=4, asn;desc="20278", edge;desc="EWR", country;desc="US", servedBy;desc="r5k4", requestID;desc="56ead837-6031-42c5-9bc0-38170a4db3c4", cfRequestDuration;dur=59.000015
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
56ead837-6031-42c5-9bc0-38170a4db3c4
x-shardid
246
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
content-language
en-US
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQwHPmOShonjViNgDHiJ0h6%2FFww2EiCLBO4XDByqHCl14QmonRE9E2%2BKMBbNVvCza%2FkzcAbcTKBbGocA3gIAbL6hsDMedr96B81DtS7smOq6yImg%2FURj7MKQHm2s"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a7219167293-EWR
x-sorting-hat-podid
246
x-cartjs-updatedat
1705105933
button
www.paypal.com/smart/ Frame C575
60 KB
15 KB
Document
General
Full URL
https://www.paypal.com/smart/button?env=production&style.label=paypal&style.shape=rect&style.maxbuttons=1&style.tagline=false&style.size=responsive&style.height=54&style.color=gold&domain=heysara.com&sessionID=uid_af53bc170c_mda6mzi6mtm&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&renderedButtons=paypal&storageID=uid_7f2084828d_mda6mzi6mtm&funding.disallowed=venmo&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=3d19d98ca5&version=min&xcomponent=1
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e98117da5335e97f29897d861d04e1dfe8351a151b968515822927182e4c9bfe
Security Headers
Name Value
Content-Security-Policy form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html; charset=utf-8
date
Sat, 13 Jan 2024 00:32:13 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
p3p
true
paypal-debug-id
f342883754733
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f342883754733-8df99551cdc830c5-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f342883754733-4b74fc26ba55e289-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-csrf-jwt
__blank__
x-served-by
cache-bur-kbur8200155-BUR, cache-yyz4582-YYZ, cache-yyz4582-YYZ
x-timer
S1705105933.159116,VS0,VE218
x-xss-protection
1; mode=block
truncated
/ Frame 63C7
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
adf9b3c556710fac2e0f2ecf748a1f82afd023d7957336ef228db33f1deb83d3

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 63C7
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb91dfcb049d42c6a9b5b9798498ced5f618b7a5838c15468da7fe38745d4378

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type
image/svg+xml
m=_b,_tp
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMi... Frame 6981
158 KB
57 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fheysara.com&mid=16708973830884969730
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0907b4aa82a15c779c30330fe6a51314edb838168870e2fe7e535276e3034828
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 17:21:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25823
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57333
x-xss-protection
0
last-modified
Fri, 12 Jan 2024 04:38:34 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jan 2025 17:21:50 GMT
cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame 6981
2 KB
2 KB
Other
General
Full URL
https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by
Host: heysara.com
URL: https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::5c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer
https://pay.google.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
referrer-policy
no-referrer
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1608
content-type
text/html; charset=UTF-8
logger
www.paypal.com/xoplatform/logger/api/ Frame
0
0
Preflight
General
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-app-name,x-requested-with
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-app-name,x-requested-with
access-control-allow-methods
POST
access-control-allow-origin
https://heysara.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-length
0
date
Sat, 13 Jan 2024 00:32:13 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f342883c79811
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f342883c79811-f9fe1c29997a6665-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-served-by
cache-bur-kbur8200137-BUR, cache-yyz4524-YYZ, cache-yyz4524-YYZ
x-timer
S1705105933.220461,VS0,VE134
logger
www.paypal.com/xoplatform/logger/api/
1007 B
1 KB
XHR
General
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5c208dd55384b3516eb63abf6f239a5309d7411623419e74ac8ea188076ad2b3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

x-app-name
checkoutjs
Referer
https://heysara.com/
X-Requested-With
XMLHttpRequest
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS, MISS
paypal-debug-id
f342883026e80
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200076-BUR, cache-yyz4524-YYZ, cache-yyz4524-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f342883026e80-e911934f440c569b-01
x-timer
S1705105933.381296,VS0,VE150
etag
W/"3ef-HaUzBI4sCVYnbJejCYK4IvP0yXA"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heysara.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
x-cache-hits
0, 0, 0
cart.js
heysara.com/en-us/
345 B
1 KB
Fetch
General
Full URL
https://heysara.com/en-us/cart.js
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
25c58b5996793854059af5eb81e0850824c2ec276c426e26489df85a911c4879
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=7889238
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-central1,gcp-us-central1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding
br
server-timing
processing;dur=13, db;dur=3, asn;desc="20278", edge;desc="EWR", country;desc="US", servedBy;desc="tp5x", requestID;desc="9cc8c294-1c44-4cf1-a3c7-a606186ce8d1", cfRequestDuration;dur=59.000015
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
9cc8c294-1c44-4cf1-a3c7-a606186ce8d1
x-shardid
246
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
x-shopid
26376386
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
content-language
en-US
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQGxyIKhwWVFahT%2FucEm4mMH9t%2F2CgcHSRmC4ONhRU6tRjtNU0USwPBcCbr%2BJRjJs9UwAJWx72bleAbmuegXb0NO12CA91xXI3nRzSq8Pn5CO5d6n7hXY1KWxn5T"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
84498a72796a7293-EWR
x-sorting-hat-podid
246
x-cartjs-updatedat
1705105933
731.latest.en.13d4de92b88330e8fea9.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
959 B
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/731.latest.en.13d4de92b88330e8fea9.js
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
content-encoding
br
server-timing
imagery;dur=18.999, imageryFetch;dur=18.552, cfRequestDuration;dur=105.000019
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
7cb6fe0a-5fa0-4016-8f6e-0ad431a57855
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlU7V7qirCV9tbE%2Bf%2B7MHWdLvpc7KPGKmbuptbwsBIN%2Fb0bct%2BLy9q7KLN7FTISF65sdp3MVC287Hu7%2FQCwAFEz%2BVehxPgWGXOlDK0Ujr35duzu%2FLX75s0gj2Dcyqkodfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/731.latest.en.13d4de92b88330e8fea9.js>; rel="canonical"
cf-ray
84498a72badc39dd-YYZ
m=Das5Le
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.d-k... Frame 6981
74 KB
27 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.d-ksGeBOJ00.L.B1.O/am=gEEY/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrjDfC78kPQfGpzCJkAyWrtIVIxMXw/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Das5Le
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73918053b6fb69d8979aefebf48c1a39e7cd181afdb5ac6f435c0269fd73eb00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 19:55:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
27614
x-xss-protection
0
last-modified
Thu, 04 Jan 2024 04:21:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jan 2025 19:55:00 GMT
958.latest.en.0b24d25af4b199f69e10.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
9 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/958.latest.en.0b24d25af4b199f69e10.js
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=20.697, imageryFetch;dur=19.478, cfRequestDuration;dur=29.999971
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
2c44b16a-4454-47d4-8864-8d582b92fc65
last-modified
Thu, 11 Jan 2024 19:53:00 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BkNk69N%2FSHHIrAX204shNqgg6LLP4avCIX1u174ydIeI2a9Gvrl6j0ILavEcWGMsauanVJk6n6GV%2FP%2F7NSET0%2F%2B63m6vLTjzLqk9%2FiWAYWN6qSHRAw3BJTRT1B4XSR7ndA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/958.latest.en.0b24d25af4b199f69e10.js>; rel="canonical"
cf-ray
84498a738c2f39dd-YYZ
checkout.min.js
www.paypalobjects.com/api/ Frame C575
863 KB
187 KB
Script
General
Full URL
https://www.paypalobjects.com/api/checkout.min.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/smart/button?env=production&style.label=paypal&style.shape=rect&style.maxbuttons=1&style.tagline=false&style.size=responsive&style.height=54&style.color=gold&domain=heysara.com&sessionID=uid_af53bc170c_mda6mzi6mtm&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&renderedButtons=paypal&storageID=uid_7f2084828d_mda6mzi6mtm&funding.disallowed=venmo&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=3d19d98ca5&version=min&xcomponent=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chf/16A8) /
Resource Hash
f7d9c8184937ff854afd6da2a3de3fc970ef1c2820795e44e932499540fe5832
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
a5457f0cbbe9b
dc
ccg11-origin-www-1.paypal.com
content-length
191373
last-modified
Wed, 24 May 2023 16:43:28 GMT
server
ECAcc (chf/16A8)
traceparent
00-0000000000000000000a5457f0cbbe9b-28b22c20ce5108ca-01
etag
"646e3eb0-d7ad2+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Sun, 14 Jan 2024 00:32:13 GMT
button.js
www.paypalobjects.com/api/xo/ Frame C575
446 KB
75 KB
Script
General
Full URL
https://www.paypalobjects.com/api/xo/button.js?date=2024-0-12
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/smart/button?env=production&style.label=paypal&style.shape=rect&style.maxbuttons=1&style.tagline=false&style.size=responsive&style.height=54&style.color=gold&domain=heysara.com&sessionID=uid_af53bc170c_mda6mzi6mtm&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&renderedButtons=paypal&storageID=uid_7f2084828d_mda6mzi6mtm&funding.disallowed=venmo&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=3d19d98ca5&version=min&xcomponent=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chf/16BE) /
Resource Hash
70c166c46fe4bb17c3c4d649c6bf36a680b1d913af0bbb7b678f7d34626b3222
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
93cb91207be01
dc
ccg11-origin-www-1.paypal.com
content-length
77071
last-modified
Tue, 19 Sep 2023 16:29:24 GMT
server
ECAcc (chf/16BE)
traceparent
00-000000000000000000093cb91207be01-c6a8ee1e88c5344e-01
etag
W/"6509cc64-6f979"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Sun, 14 Jan 2024 00:32:13 GMT
truncated
/ Frame C575
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
adf9b3c556710fac2e0f2ecf748a1f82afd023d7957336ef228db33f1deb83d3

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame C575
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb91dfcb049d42c6a9b5b9798498ced5f618b7a5838c15468da7fe38745d4378

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type
image/svg+xml
pay
pay.google.com/gp/p/ui/ Frame 6981
1 MB
376 KB
XHR
General
Full URL
https://pay.google.com/gp/p/ui/pay
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::5c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
41d7fe3257594f83f7095e7471176c7e36c9ebab7408a60ed9381bb9a06255d3
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-CaTyccz9zR2Ey6Zb-0--dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-CaTyccz9zR2Ey6Zb-0--dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
x-content-type-options
nosniff
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
x-ua-compatible
IE=edge
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
unsafe-none
server
ESF
x-frame-options
DENY
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
cache-control
private, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Sat, 13 Jan 2024 00:32:13 GMT
844.latest.en.7fcd45ae446a9a5574e8.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
1 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/844.latest.en.7fcd45ae446a9a5574e8.js
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
content-encoding
br
server-timing
imagery;dur=155.333, imageryFetch;dur=16.651, cfRequestDuration;dur=230.999947
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
7e4b7d26-5e9d-41d1-ac96-ee40aabe67b6
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvmadUoQ6j%2FCDfjEpzmIY1cUsfRpg%2FSPdBay2oVDNs1Df5sDk38LOV4OJ8WksmBOOoJ448Jhv69AHryNb5uokzuBfkaf%2FqBA7FXdjBKWy62Ex%2Bzd%2F6kGozc8rq4Ub5zHRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/844.latest.en.7fcd45ae446a9a5574e8.js>; rel="canonical"
cf-ray
84498a73fcc739dd-YYZ
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.d-k... Frame 6981
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.d-ksGeBOJ00.L.B1.O/am=gEEY/d=1/exm=Das5Le,_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrjDfC78kPQfGpzCJkAyWrtIVIxMXw/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f13f02aaad5c331cbd9ea62875eeb70f9eccc6fd0f3f97f87a2d6051e1e3378
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 20:45:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13594
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3742
x-xss-protection
0
last-modified
Thu, 04 Jan 2024 04:21:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jan 2025 20:45:39 GMT
m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.d-k... Frame 6981
37 KB
14 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.d-ksGeBOJ00.L.B1.O/am=gEEY/d=1/exm=Das5Le,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrjDfC78kPQfGpzCJkAyWrtIVIxMXw/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ad75f91fe2a592369f5214ffc0b87250fc9898a9fea1856627ec8c552f6a0506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 20:45:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13594
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14295
x-xss-protection
0
last-modified
Thu, 04 Jan 2024 04:21:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jan 2025 20:45:39 GMT
log
play.google.com/ Frame 6981
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 13 Jan 2024 00:32:13 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Sat, 13 Jan 2024 00:32:13 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 6981
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 13 Jan 2024 00:32:13 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Sat, 13 Jan 2024 00:32:13 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 6981
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 13 Jan 2024 00:32:13 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Sat, 13 Jan 2024 00:32:13 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 6981
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 13 Jan 2024 00:32:13 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Sat, 13 Jan 2024 00:32:13 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 6981
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.dmoSfp-pJE8.es5.O/am=gEEY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgTTSWOJHxKuqOXMWmxgClrnbzJzg/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 13 Jan 2024 00:32:13 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Sat, 13 Jan 2024 00:32:13 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
shop-tops-702073_540x.jpg
heysara.com/cdn/shop/collections/
27 KB
28 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-tops-702073_540x.jpg?v=1692756441
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
11c71c96122fa9b40863f2e7df23af04f148ebd4af4f5cd90bf2dfef12290179
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
source-type
image/jpeg
server-timing
imagery;dur=171.310, imageryFetch;dur=64.549, imageryProcess;dur=105.235;desc="image", cfRequestDuration;dur=230.999947
source-length
82962
content-length
27630
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
6ae65315-2e0a-42e6-b591-30f32b53c045
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=96xivic7KlOu0f4ylVYEr6mDWTraIdiqF%2B%2B%2Br7InUkA2Lzyu%2Bku67vIyaGCJVUi2WXoRcqgzTfz7sXd1yzt0bLVDDPN1VHPlLXwthZDD5trWX3DKp6P6FMNeX3dc"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a742b4f7293-EWR
x-sorting-hat-podid
246
shop-bottoms-109109_540x.jpg
heysara.com/cdn/shop/collections/
16 KB
16 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-bottoms-109109_540x.jpg?v=1697505200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
90059e323b885529f5323b27e49dd73837f0500110669e305b56bf5d453a5c5a
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
source-type
image/jpeg
server-timing
imagery;dur=249.145, imageryFetch;dur=88.188, imageryProcess;dur=95.152;desc="image", cfRequestDuration;dur=345.999956
source-length
61119
content-length
15884
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
ed74f13b-6176-4864-8258-9900d7057184
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hX2IUZx3x7PgXamkI6P2Eotio0W1AbrNHzkUi2c4cxkd73N3ieQLEuX3upqF9Oguu%2FumXf%2BTDYJd%2FZtDdP9VJHiio%2B5NKz4CDYPG%2BjUUoBYDV2y7RE2c1s9g8eNu"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a742b537293-EWR
x-sorting-hat-podid
246
shop-skirts-905568_540x.jpg
heysara.com/cdn/shop/collections/
24 KB
25 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-skirts-905568_540x.jpg?v=1666073395
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
af088fc47009ab2b1ea38be07a28cb3f09cf7221cbfc2335e4f852aad508a102
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
source-type
image/jpeg
server-timing
imagery;dur=162.766, imageryFetch;dur=45.716, imageryProcess;dur=116.234;desc="image", cfRequestDuration;dur=32.000065
source-length
73978
content-length
25060
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
b43772cd-1061-4546-b237-72d5c6e8e058
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 12 Jan 2024 09:49:21 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B24CpaXgG6PvD1H7xqmjoTUa9z1HRVWR18FSjj84Xtj9GOqd2QKQMAbNK4QjAlRXWCTzz%2B6MkpT4yX6ZHZ1Yk5J36MzM%2BmhfJ34Fr4FuyfecSH3A50NMFcB105a3"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a742b547293-EWR
x-sorting-hat-podid
246
shop-linen-122429_540x.jpg
heysara.com/cdn/shop/collections/
21 KB
21 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-linen-122429_540x.jpg?v=1701388839
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
9abb61c407d0b408997f0ac14aaae9df53fe18056c638b26e8a54eba34c7d524
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
source-type
image/jpeg
server-timing
imagery;dur=178.979, imageryFetch;dur=103.297, imageryProcess;dur=74.062;desc="image", cfRequestDuration;dur=248.999834
source-length
64828
content-length
21040
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
4f9a4eeb-3da1-4059-9559-e1a15859474e
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hy1uPz6pVeJgps3HnBT%2BRABeyEaqeajcsJDyb3bC2npZY4oTXRE4Huz31zpicys0bojwZ3aCM%2BpNaBHan0sZg%2BhM1sOhmWaEDbrrW997z4AMuwxEi1KiQb83x3%2Bd"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a742b557293-EWR
x-sorting-hat-podid
246
shop-shorts-160551_540x.jpg
heysara.com/cdn/shop/collections/
15 KB
16 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-shorts-160551_540x.jpg?v=1701388974
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
29f44366a2a53217523c84b66655d2e0bdae7a301a429cf2dcd77df46c886e33
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
source-type
image/jpeg
server-timing
imagery;dur=280.828, imageryFetch;dur=124.680, imageryProcess;dur=154.778;desc="image", cfRequestDuration;dur=360.999823
source-length
119619
content-length
15064
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
42448668-4c3e-44bb-bb4c-ccaf5c35f4e4
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0E6%2FJ8DoxwgUk%2F0wosMeSPB9haWOhzl1NO6egu7YjkQ8k8xGEvqpZqbjdUpjvPjBuT8IZilh0rwcF9pNPus9pawccEbmaOLmH%2FVV313SLPVZLwtV9hRRAmw2TNka"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a742b587293-EWR
x-sorting-hat-podid
246
shop-accessories-216087_540x.jpg
heysara.com/cdn/shop/collections/
23 KB
24 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-accessories-216087_540x.jpg?v=1666073282
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
6c75b4f9a51f42180d7505995fc634244b9878d2c0c6a69fc2d9bfd6e8794cd8
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
source-type
image/jpeg
server-timing
imagery;dur=237.258, imageryFetch;dur=163.024, imageryProcess;dur=73.438;desc="image", cfRequestDuration;dur=33.999920
source-length
72054
content-length
23806
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
701ab611-332b-42e4-97e9-2170b8248b9c
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 12 Jan 2024 01:14:32 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZLoC4mBcDFr%2FO1%2FOPZWVOtAGnydbMDyY5FSubpiN9E5%2BK%2BhqX6Qg%2B5AgilY%2B694BjyJK%2Bwh9k2m9XqzlyXdYZBqZQP9rsTadnXFl7MrqoiG3YKyafcKLXZFMOCix"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a742b5a7293-EWR
x-sorting-hat-podid
246
shop-lipsticks-and-gloss-109968_540x.jpg
heysara.com/cdn/shop/collections/
53 KB
54 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-lipsticks-and-gloss-109968_540x.jpg?v=1692757614
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
8d4a66398e3b09cbfd26ffad383504fbd72fa699b976c6febfe6e4f8c57d02f3
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
source-type
image/jpeg
server-timing
imagery;dur=178.721, imageryFetch;dur=86.283, imageryProcess;dur=90.790;desc="image", cfRequestDuration;dur=283.999920
source-length
89026
content-length
53964
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
649598b4-e112-4101-8635-473624c0cf2a
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EzjmjpvyE6kBrzG74%2BVhEwx4dXeu7mtF1Yy5Vag00ap35W9NU%2F6pWN63B%2FiRwVPvyQStmwpbjwGiJGsDxLa4pdtuoIVFws3Mb1yKGu9ocP90xqTCMWtn0gkdp%2Bbo"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a742b5d7293-EWR
x-sorting-hat-podid
246
shop-candles-and-home-fragrances-720953_540x.png
heysara.com/cdn/shop/collections/
33 KB
34 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-candles-and-home-fragrances-720953_540x.png?v=1704779339
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
9634e93baae3a735f1038e3292f4f428dc8f63f0e288189ec5ca66eca9649f43
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
source-type
image/png
server-timing
imagery;dur=326.312, imageryFetch;dur=77.046, imageryProcess;dur=245.329;desc="image", cfRequestDuration;dur=458.000183
source-length
2627241
content-length
33686
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
5c0cb464-d890-4c1c-9046-ffb0281de30c
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BNOLQ%2Fa%2BKIFo51IQbWfmC9SQBIMxnXb3yZ4A5tjQfMOVOzZqLVU7q8m%2F0pLS00rJZ1p9uQ3DgNR%2B3aJfOKc9vcIUUiSir7C1rUgN9Dy3fpSrX7ArKYj%2Bhn7Qt%2Bob"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a742b5e7293-EWR
x-sorting-hat-podid
246
shop-flats-646056_540x.jpg
heysara.com/cdn/shop/collections/
14 KB
15 KB
Image
General
Full URL
https://heysara.com/cdn/shop/collections/shop-flats-646056_540x.jpg?v=1695965796
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
2dfe5242fc3ca3e009436552c2300a820dc07e09d306f23332871913c29c8564
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
source-type
image/jpeg
server-timing
imagery;dur=262.475, imageryFetch;dur=46.183, imageryProcess;dur=213.925;desc="image", cfRequestDuration;dur=366.000175
source-length
216803
content-length
14686
x-xss-protection
1; mode=block
x-sorting-hat-shopid
26376386
x-request-id
1a1bb384-8270-405c-9e78-d0aa87cd64b6
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sN2a%2B7%2FU%2Fk9BIzwBV66koH%2Bni3ipnbWyqTijbSfQM3TmCEkWGzCZWAlKlxcs%2BOnjsaY8BhW9Kxz1WX5tpJYf1m25llMRg5bIiDf0gFx%2FKdbHQ2f56EZoHtv%2BMD8Y"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84498a742b5f7293-EWR
x-sorting-hat-podid
246
graphql
www.paypal.com/ Frame C575
2 KB
3 KB
XHR
General
Full URL
https://www.paypal.com/graphql?GetNativeEligibility
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/xo/button.js?date=2024-0-12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
11b8c4f4e70009c9d00dc9285982585ee42ef6293111935f328f5191829be0a5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ielkLLm1tBa0Wp/wwXf7jgoMuItj93kYw2nhY3sokJPLIceo' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' data: https://c.paypal.com; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

x-app-name
smart-payment-buttons
accept
application/json
Referer
https://www.paypal.com/smart/button?env=production&style.label=paypal&style.shape=rect&style.maxbuttons=1&style.tagline=false&style.size=responsive&style.height=54&style.color=gold&domain=heysara.com&sessionID=uid_af53bc170c_mda6mzi6mtm&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&renderedButtons=paypal&storageID=uid_7f2084828d_mda6mzi6mtm&funding.disallowed=venmo&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=3d19d98ca5&version=min&xcomponent=1
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
content-type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ielkLLm1tBa0Wp/wwXf7jgoMuItj93kYw2nhY3sokJPLIceo' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' data: https://c.paypal.com; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f219156cf3851
server-timing
"traceparent;desc="00-0000000000000000000f219156cf3851-4ef40869dc8ab806-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200132-BUR, cache-yyz4582-YYZ, cache-yyz4582-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f219156cf3851-4338b23f455c5869-01
x-timer
S1705105934.542576,VS0,VE192
etag
W/"66b-/52qgdKtNxqNxuvTyR9mK3a402A"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
logger
www.paypal.com/xoplatform/logger/api/ Frame C575
1014 B
2 KB
XHR
General
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5411536fc5b4bf42c55b785155de4d6db03fa69a0bdda8e03d0cd461a55ee60
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

x-app-name
checkoutjs
Referer
https://www.paypal.com/smart/button?env=production&style.label=paypal&style.shape=rect&style.maxbuttons=1&style.tagline=false&style.size=responsive&style.height=54&style.color=gold&domain=heysara.com&sessionID=uid_af53bc170c_mda6mzi6mtm&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&renderedButtons=paypal&storageID=uid_7f2084828d_mda6mzi6mtm&funding.disallowed=venmo&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=3d19d98ca5&version=min&xcomponent=1
X-Requested-With
XMLHttpRequest
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS, MISS
paypal-debug-id
f219156ac734d
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200145-BUR, cache-yyz4582-YYZ, cache-yyz4582-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f219156ac734d-e642cb20544d8fe9-01
x-timer
S1705105934.554222,VS0,VE122
etag
W/"3f6-MdpJ+jvA0OMcaPVwDxA9ZyhIEdA"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
x-cache-hits
0, 0, 0
funding
www.paypal.com/smart/api/button/ Frame C575
563 B
2 KB
XHR
General
Full URL
https://www.paypal.com/smart/api/button/funding?buttonLabel=paypal&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&country=US&disallowed=venmo&domain=heysara.com&lang=en&renderedButtons=paypal
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/xo/button.js?date=2024-0-12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
83913ac3dddcb27792f1cb766f6f177c45f81c7b62d6ddfce280fb7bf96e5ec5
Security Headers
Name Value
Content-Security-Policy form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
x-requested-by
smart-payment-buttons
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
x-csrf-jwt
__blank__
Accept
application/json
Referer
https://www.paypal.com/smart/button?env=production&style.label=paypal&style.shape=rect&style.maxbuttons=1&style.tagline=false&style.size=responsive&style.height=54&style.color=gold&domain=heysara.com&sessionID=uid_af53bc170c_mda6mzi6mtm&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&renderedButtons=paypal&storageID=uid_7f2084828d_mda6mzi6mtm&funding.disallowed=venmo&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=3d19d98ca5&version=min&xcomponent=1
X-Requested-With
XMLHttpRequest
x-cookies
{}

Response headers

expires
Fri, 01 Jan 1990 00:00:00 GMT
content-security-policy
form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
p3p
true
paypal-debug-id
f219156e899cc
server-timing
"traceparent;desc="00-0000000000000000000f219156e899cc-dcedbc9361853d90-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200123-BUR, cache-yyz4582-YYZ, cache-yyz4582-YYZ
pragma
no-cache
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f219156e899cc-fc320faffe0b9fcf-01
x-timer
S1705105934.556012,VS0,VE210
etag
W/"233-L4OEyoFZtCQ3Z370sB+fhMtCWig"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-csrf-jwt
__blank__
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
produce
heysara.com/.well-known/shopify/monorail/v1/
0
715 B
Ping
General
Full URL
https://heysara.com/.well-known/shopify/monorail/v1/produce
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.32 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heysara.com/en-us?shpxid=18701955-623d-408e-8ab3-fcdee223e27d
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing
cfRequestDuration;dur=44.999838
alt-svc
h3=":443"; ma=86400
content-length
0
x-request-id
87b2579c-8f79-42d9-9780-2c92937d1bd3
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1tAylqbrZVqODOJl9MCohwV29KRzgZDL8JM5QSkMmAY9vB1HYql0AbCuRTX6KvT0wFDoBskFjidzN7q7lC3eyK4w5ww1RAutJ2qQ2qd0wTKPs2G3BLuO%2FIR0frMC"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
cf-ray
84498a74cc007293-EWR
logger
www.paypal.com/xoplatform/logger/api/ Frame C575
1016 B
2 KB
XHR
General
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2981ba79432c2bacfa8859adeff8faa12758e4ef9082a79ed83701c4f241e2ca
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

x-app-name
checkoutjs
Referer
https://www.paypal.com/smart/button?env=production&style.label=paypal&style.shape=rect&style.maxbuttons=1&style.tagline=false&style.size=responsive&style.height=54&style.color=gold&domain=heysara.com&sessionID=uid_af53bc170c_mda6mzi6mtm&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&renderedButtons=paypal&storageID=uid_7f2084828d_mda6mzi6mtm&funding.disallowed=venmo&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=3d19d98ca5&version=min&xcomponent=1
X-Requested-With
XMLHttpRequest
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS, MISS
paypal-debug-id
f219156548dba
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200171-BUR, cache-yyz4582-YYZ, cache-yyz4582-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f219156548dba-51f35bb057692678-01
x-timer
S1705105934.567622,VS0,VE130
etag
W/"3f8-WFBgFF+ElpEvc0/mqQq3RmrloyY"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
x-cache-hits
0, 0, 0
logger
www.paypal.com/xoplatform/logger/api/ Frame C575
1002 B
2 KB
Ping
General
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/xo/button.js?date=2024-0-12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
94d05bcdc5873dbf5497822e65b865768abf6b99f5eab2c0f0a04d34525f128d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypal.com/smart/button?env=production&style.label=paypal&style.shape=rect&style.maxbuttons=1&style.tagline=false&style.size=responsive&style.height=54&style.color=gold&domain=heysara.com&sessionID=uid_af53bc170c_mda6mzi6mtm&buttonSessionID=uid_3ecc4a8e28_mda6mzi6mtm&renderedButtons=paypal&storageID=uid_7f2084828d_mda6mzi6mtm&funding.disallowed=venmo&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=3d19d98ca5&version=min&xcomponent=1
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS, MISS
paypal-debug-id
f2191565ceb96
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200119-BUR, cache-yyz4582-YYZ, cache-yyz4582-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f2191565ceb96-b42585d152e6bcad-01
x-timer
S1705105934.609440,VS0,VE147
etag
W/"3ea-wPgnEk3h9gYB3dvLdL2/wKBDWRA"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
x-cache-hits
0, 0, 0
muse.js
www.paypalobjects.com/muse/
55 KB
16 KB
Script
General
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/tagmanager/pptm.js?id=heysara.com&mrid=RN3T23Q5Y777S&source=checkoutjs&t=xo&v=4.0.338
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chf/1693) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
eaf4916412c0b
dc
ccg11-origin-www-1.paypal.com
content-length
16355
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (chf/1693)
traceparent
00-0000000000000000000eaf4916412c0b-a68190af636117bb-01
etag
"64f25363-daa8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Sat, 13 Jan 2024 01:32:13 GMT
ts
t.paypal.com/
42 B
542 B
Image
General
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ARN3T23Q5Y777S-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ARN3T23Q5Y777S-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=6795aa8a-7ba8-4035-b8d6-ce4703b120da&fltp=analytics&mrid=RN3T23Q5Y777S&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1705105933627&g=600&completeurl=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&disableSetCookie=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-cache-hits
0, 0
date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
2e9e2e2d60926
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200024-BUR, cache-yyz4581-YYZ
pragma
no-cache
correlation-id
2e9e2e2d60926
traceparent
00-00000000000000000002e9e2e2d60926-a0ae8089f77a9945-01
x-timer
S1705105934.686879,VS0,VE115
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:32:13 GMT
index.html
www.paypalobjects.com/muse/analytics/ Frame 9FAE
55 KB
17 KB
Document
General
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chf/16CA) /
Resource Hash
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://heysara.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16892
content-type
text/html
date
Sat, 13 Jan 2024 00:32:13 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc"
expires
Sat, 13 Jan 2024 01:32:13 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
ada6639d5266a
server
ECAcc (chf/16CA)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-0000000000000000000ada6639d5266a-9214afe813cf7272-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
OnePage.latest.en.1bd680dc0584d186257d.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
242 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/OnePage.latest.en.1bd680dc0584d186257d.js
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=31.960, imageryFetch;dur=31.689, cfRequestDuration;dur=88.999987
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
cf8ac74c-bdab-4b4a-8cb2-e2b1f009a72e
last-modified
Sat, 13 Jan 2024 00:32:13 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4D9NMKI9qfKPVs9GpUjM1GAjUQuTpS3jal3IIPE3AVATlJ2z4A7DVRSb1uHtzu87ZkMcsc9pMjseymc7aXSqh8Ta%2FPL2uqUlOqGp%2FO4vhQL1t4zDpMS2wG2OUqgGjnPW4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/OnePage.latest.en.1bd680dc0584d186257d.js>; rel="canonical"
cf-ray
84498a758f2239dd-YYZ
noop.js
www.paypalobjects.com/muse/ Frame 9FAE
18 B
210 B
Fetch
General
Full URL
https://www.paypalobjects.com/muse/noop.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (daa/7D46) /
Resource Hash
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypalobjects.com/muse/analytics/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
paypal-debug-id
3f6eb44bcbaef
dc
ccg11-origin-www-1.paypal.com
content-length
18
last-modified
Sat, 13 Feb 2021 00:26:56 GMT
server
ECAcc (daa/7D46)
traceparent
00-00000000000000000003f6eb44bcbaef-edeeabe4a6a2bf29-01
etag
"60271cd0-12"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Sat, 13 Jan 2024 00:32:12 GMT
ts
t.paypal.com/
42 B
200 B
Image
General
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ARN3T23Q5Y777S-1&page=muse%3Aoffer%3A%3A%3ARN3T23Q5Y777S-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=6795aa8a-7ba8-4035-b8d6-ce4703b120da&es=visitorInfoFlowStarted&mrid=RN3T23Q5Y777S&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1705105933720&g=600&completeurl=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&disableSetCookie=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-cache-hits
0, 0
date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
9241c0b985910
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200056-BUR, cache-yyz4581-YYZ
pragma
no-cache
correlation-id
9241c0b985910
traceparent
00-00000000000000000009241c0b985910-e10120b3e1d58b21-01
x-timer
S1705105934.735782,VS0,VE109
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:32:13 GMT
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
0
Fetch
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.229.135 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
135.229.102.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Referer
https://heysara.com/
X-Monorail-Edge-Event-Created-At-Ms
1705105933795
X-Monorail-Edge-Event-Sent-At-Ms
1705105933795
accept-language
en-US,en;q=0.9
X-Monorail-Edge-Client-Message-Id
cc425922-f038-4c47-825e-d98c0ca0de69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json; charset=utf-8

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 google
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
a947a6f6-7032-4989-9f21-e8afe9d65038
produce_batch
monorail-edge.shopifysvc.com/unstable/ Frame
0
0
Preflight
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.229.135 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
135.229.102.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-monorail-edge-client-message-id,x-monorail-edge-event-created-at-ms,x-monorail-edge-event-sent-at-ms
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://heysara.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 google
produce_batch
monorail-edge.shopifysvc.com/unstable/ Frame
0
0
Preflight
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.229.135 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
135.229.102.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-monorail-edge-client-message-id,x-monorail-edge-event-created-at-ms,x-monorail-edge-event-sent-at-ms
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://heysara.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 google
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
0
Fetch
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.229.135 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
135.229.102.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Referer
https://heysara.com/
X-Monorail-Edge-Event-Created-At-Ms
1705105933796
X-Monorail-Edge-Event-Sent-At-Ms
1705105933796
accept-language
en-US,en;q=0.9
X-Monorail-Edge-Client-Message-Id
d5b5face-3d4e-44c4-9057-d05bdc1863f3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json; charset=utf-8

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
via
1.1 google
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://heysara.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
6ea4ca5a-4b5d-4fca-bca5-25cfe1c2ff24
graphql
www.paypal.com/targeting/ Frame
0
0
Preflight
General
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,disable-set-cookie
Access-Control-Request-Method
POST
Origin
https://www.paypalobjects.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type,disable-set-cookie
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Sat, 13 Jan 2024 00:32:13 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f219156578c36
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f219156578c36-d1371cf6f2bde3ef-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-bur-kbur8200056-BUR, cache-yyz4524-YYZ, cache-yyz4524-YYZ
x-timer
S1705105934.820006,VS0,VE120
graphql
www.paypal.com/targeting/ Frame 9FAE
446 B
2 KB
Fetch
General
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1e8ec1938b3cbe7bd119c90f1727ff093c058eb08eb4aa19a7bc2d86ac7ebea3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-cpuEarFObF7+AoI4X0GLa6MHINHMy5AmqZ/C9iXkU9FKHolr' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypalobjects.com/
disable-set-cookie
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-cpuEarFObF7+AoI4X0GLa6MHINHMy5AmqZ/C9iXkU9FKHolr' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
disable-set-cookie
true
date
Sat, 13 Jan 2024 00:32:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f219156029eeb
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200105-BUR, cache-yyz4582-YYZ, cache-yyz4582-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f219156029eeb-cb3f3f76e0982656-01
x-timer
S1705105934.961210,VS0,VE325
etag
W/"1be-kBD3UwaM/GqDppsItQw9iU8MdJg"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
431.latest.en.18eecd205dabb9c44d0a.css
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
24 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/431.latest.en.18eecd205dabb9c44d0a.css
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:13 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=21.928, imageryFetch;dur=21.688, cfRequestDuration;dur=49.999952
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
ae70fe09-5d0b-44ec-9b31-04b0fa2839fa
last-modified
Fri, 12 Jan 2024 05:35:44 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xtDofkAm1uLHyRZYfTfcWAUncTTK06Y6UGdXdDu2A4Ry61uj95N%2BJE0f97waZ8UFAHgku5sYsnaLfbbVwmR693gwBUQkTs2wDaImd5M%2FjfP9q3VyKRqjleQFglYOdmeIHg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/431.latest.en.18eecd205dabb9c44d0a.css>; rel="canonical"
cf-ray
84498a7698e339dd-YYZ
app.latest.en.e5a7f63ca146c0549466.css
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
2 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/app.latest.en.e5a7f63ca146c0549466.css
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:14 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=21.181, imageryFetch;dur=20.643, cfRequestDuration;dur=121.000051
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
d140f016-c8e6-4c50-9175-d4fce23f03c5
last-modified
Sat, 13 Jan 2024 00:32:14 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QomEUO0eL9wbBIIeAdtT7D2mTeoVH47RBrFbAP4LQtwqyDbn%2FIr4lwH7Kas1nCjNz%2F%2BquHTGFq7F%2FyayGiIxte1YEd4UX8VB3bUjaXcz5R6LgRzkXA%2BKZYQqrdRGh9cIaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/app.latest.en.e5a7f63ca146c0549466.css>; rel="canonical"
cf-ray
84498a7719ba39dd-YYZ
958.latest.en.31c500f25402b90e24ba.css
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
9 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/958.latest.en.31c500f25402b90e24ba.css
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:14 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=18.751, imageryFetch;dur=18.532, cfRequestDuration;dur=121.999979
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
66d0a48a-a979-44af-bf6f-62372e6ecd69
last-modified
Sat, 13 Jan 2024 00:32:14 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0tM%2FliOEhL6T0L%2BTr4fijd9DzbSbRFs5eJhfXSSXBx25xYB9nZNlylA76%2B%2F3bsCVQRtR7nfT6W5pZSmL%2BQiVDlohuQ2H9tKn9H0pYN2FDH9WefPBnSK42ecruBXg%2FYmaYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/958.latest.en.31c500f25402b90e24ba.css>; rel="canonical"
cf-ray
84498a780b1939dd-YYZ
74.latest.en.3120ae2cf08678c4e2e9.css
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
8 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/74.latest.en.3120ae2cf08678c4e2e9.css
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:14 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
content-encoding
br
server-timing
imagery;dur=27.198, imageryFetch;dur=22.178, cfRequestDuration;dur=33.999920
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
a75c3883-a137-42c3-94bc-48891608eff6
last-modified
Fri, 12 Jan 2024 05:35:44 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YtiYZxV%2B7JC9%2Bt%2FrqcEDjflJ9hXjigaVKajYqEALBnfrsX9Vr7iHigDxYckvxEQa896sCDtsW7zqsmtgq0GOiwUKA%2BUhM9gsbly6y7464ufT6Zb1CChTW6saYKvqAd3BVw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/74.latest.en.3120ae2cf08678c4e2e9.css>; rel="canonical"
cf-ray
84498a78fc8939dd-YYZ
2021_Hey_Sara_Logo_update_new_font_1200_x_628_7af67c3f-d1fa-49f8-8422-ae793729a9e9_x320.png
cdn.shopify.com/s/files/1/2637/6386/files/
0
93 KB
Other
General
Full URL
https://cdn.shopify.com/s/files/1/2637/6386/files/2021_Hey_Sara_Logo_update_new_font_1200_x_628_7af67c3f-d1fa-49f8-8422-ae793729a9e9_x320.png?v=1629343155
Requested by
Host: heysara.com
URL: https://heysara.com/checkouts/internal/preloads.js?permanent-domain=heysara.myshopify.com&locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heysara.com/
Origin
https://heysara.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:32:14 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
source-type
image/png
server-timing
imagery;dur=145.492, imageryFetch;dur=64.815, imageryProcess;dur=80.029;desc="image", cfRequestDuration;dur=52.999973
source-length
85978
content-length
94171
x-xss-protection
1; mode=block
x-request-id
4c7ae5dd-cd5e-424e-92d1-5a957d1b580e
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 03 Jan 2024 04:31:54 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sNMQS0usz0X4ajx%2Bmfi6tC3fBQn%2F%2BHrGYOh0kvfbcpqTudhUwFLRbrPQ%2BD6FgfPOAK3Sp0wUkG8pOz54tKlWb2Ls1s%2B6Mi3n0K%2FBaO5L5rXTECHZaW%2BSgmGYSFg0DUpGnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/2637/6386/files/2021_Hey_Sara_Logo_update_new_font_1200_x_628_7af67c3f-d1fa-49f8-8422-ae793729a9e9_x320.png>; rel="canonical"
cf-ray
84498a794d2c39dd-YYZ
ts
t.paypal.com/
42 B
257 B
Image
General
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ARN3T23Q5Y777S-1&page=muse%3Aoffer%3A%3A%3ARN3T23Q5Y777S-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=6795aa8a-7ba8-4035-b8d6-ce4703b120da&es=visitorInfo&cust=NFLQ73CTDEYVQ&mrid=RN3T23Q5Y777S&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=8&identifier_used=DFP&e=im&t=1705105934298&g=600&completeurl=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&disableSetCookie=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-cache-hits
0, 0
date
Sat, 13 Jan 2024 00:32:14 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
e19c83748df42
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200169-BUR, cache-yyz4581-YYZ
pragma
no-cache
correlation-id
e19c83748df42
traceparent
00-0000000000000000000e19c83748df42-f53a7c29bb6a547d-01
x-timer
S1705105934.308506,VS0,VE130
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:32:14 GMT
collect
analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-4G9MT42V3K&gtm=45je41a0v878782411&_p=1705105931046&gcd=11l1l1l1l1&dma=0&cid=941611164.1705105931&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=2&dp=%2Fen-us&dt=Hey%20Sara%20-%20Australian%20Online%20Fashion%20Boutique%20for%20Women&dl=https%3A%2F%2Fheysara.com%2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d&sid=1705105931&sct=1&seg=1&en=page_view&_ee=1&_et=336&tfd=6214
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4G9MT42V3K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:32:16 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heysara.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
track-analytics
a.klaviyo.com/onsite/ Frame
0
0
Preflight
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3bb -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
allow
POST, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
84498a96bbc54bd8-BUF
content-encoding
gzip
content-security-policy
frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; report-uri /csp/
content-type
text/html; charset=utf-8
date
Sat, 13 Jan 2024 00:32:19 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Cookie, Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
noindex, nofollow
track-analytics
a.klaviyo.com/onsite/ Frame
0
0
Preflight
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=Hcz7BQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3bb -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; base-uri 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heysara.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
allow
POST, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
84498a96bbc64bd8-BUF
content-encoding
gzip
content-security-policy
object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; base-uri 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; report-uri /csp/
content-type
text/html; charset=utf-8
date
Sat, 13 Jan 2024 00:32:19 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Cookie, Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
noindex, nofollow
track-analytics
a.klaviyo.com/onsite/
50 B
317 B
XHR
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=Hcz7BQ
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3bb -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; object-src 'none'; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://heysara.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-security-policy
frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; object-src 'none'; report-uri /csp/
content-length
50
server
cloudflare
allow
POST, OPTIONS
vary
Cookie, Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-allow-methods
POST
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
84498a972bf64bd8-BUF
access-control-allow-headers
x-robots-tag
noindex, nofollow
track-analytics
a.klaviyo.com/onsite/
50 B
343 B
XHR
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=Hcz7BQ
Requested by
Host: heysara.com
URL: https://heysara.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3bb -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://heysara.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 13 Jan 2024 00:32:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-security-policy
base-uri 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
content-length
50
server
cloudflare
allow
POST, OPTIONS
vary
Cookie, Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-allow-methods
POST
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
84498a972bf84bd8-BUF
access-control-allow-headers
x-robots-tag
noindex, nofollow
7fc78270-26d0-4735-8616-a53671b19d51.jpeg
d3k81ch9hvuctc.cloudfront.net/company/Hcz7BQ/images/
112 KB
112 KB
Image
General
Full URL
https://d3k81ch9hvuctc.cloudfront.net/company/Hcz7BQ/images/7fc78270-26d0-4735-8616-a53671b19d51.jpeg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.160.41.16 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8b95b8318ad785e98c65fb84070cb0a155c9ce2001d807d381be30ed872e951e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://heysara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:32:20 GMT
x-amz-version-id
oO6Isc5QRuX2s19K8rqfUYo.0w_PfHvD
Via
1.1 69baaa5439c683e230d9fcac1c2ffce0.cloudfront.net (CloudFront)
Last-Modified
Thu, 22 Dec 2022 00:31:39 GMT
Server
AmazonS3
X-Amz-Cf-Pop
IAD55-P1
ETag
"4fe3b439ec6abe82e9c8f874232dd3f2"
x-amz-server-side-encryption
AES256
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
Cache-Control
public,max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
114568
X-Amz-Cf-Id
TWdnABGVh5Pqml_0Ie-eP6mxWQsuDbp_eQp6Nw9PbykcF6NNKRD6Gg==

Verdicts & Comments Add Verdict or Comment

154 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| gtag object| dataLayer object| theme object| Shopify object| ShopifyPay object| __st boolean| ShopifyPaypalV4VisibilityTracking function| $ function| jQuery function| Swiper object| _klOnsite object| klaviyo object| meta string| attr object| ShopifyAnalytics object| trekkie object| BOOMR string| instafeedLocalTitle string| iwish_shop boolean| iwish_pro_template string| iwish_cid object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| webPixelsManager function| fbq function| _fbq number| iWishCnt object| iWishlistmain boolean| iWishsync string| iWishUrl string| iwishWrapperClass string| iWishVarSelector string| iWishQtySelector string| iWishSelectClass function| iWishPost function| getSession function| pushToSession function| isInWishlist function| syncWithServer function| checkIwish function| iwish_addOnly function| iwish_add function| iwish_addCollection function| iwish_remove function| iwish_initQV function| iwish_updateQty function| iwishInit object| _visit undefined| stackablePreventCheckoutListener boolean| stackableCore string| jsUrl object| currency string| currentSymbol string| shopify_cur string| drawer_login_msg string| cart_icon_class boolean| open_drawer_once string| classes string| base_cur object| _learnq string| __klKey object| StampedFn object| StampedGlobalOptions boolean| isInitializedStamped function| newFormatStringStamped object| lazyLoadOptionsStamped object| LazyLoadStamped function| timeagoStamped function| jQueryStamped object| __core-js_shared__ object| core object| regeneratorRuntime object| lazySizesConfig object| lazySizes object| AOS function| Cookies function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Flickity function| Unipointer function| Unidragger function| PhotoSwipe function| PhotoSwipeUI_Default object| noUiSlider function| on function| off function| vimeoApiReady function| gm_authFailure function| mapError object| namespaces object| stackableService object| stackableMachine object| webpackChunk_klaviyo_onsite_modules object| shopifyDccJsonp object| GooglebQhCsO function| spbExportTimeseries number| BOOMR_onload number| visuallyReady object| webpackJsonpwishlist-drawer function| setImmediate function| clearImmediate object| FontAwesomeConfig object| ___FONT_AWESOME___ function| jquery boolean| isWishlistLoaded function| EnhCollector object| enhencer function| hextom_fsb object| hextom_fsb_instance function| fsb_button_on_click function| fsb_close_on_click function| fsb_button_on_click_v1 function| fsb_close_on_click_v1 string| fsb_already_run object| webpackChunk_GeoLocationRecommendations object| LocaleSelectors object| _GeoLocationRecommendations object| StampedCarouselFn function| instafeedApp function| Instafeed number| instafeedSlidePage function| instafeedSlide number| bundler_settings_updated string| imageFullHtml object| gpayInitParams object| denylistedDomainsHashedValueListForGpayButtonWithCardInfo object| whitelistedDomainsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchentIdsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchantIdsHashedValueListForGpayButtonVariant string| dynamicGpayButtonVariant object| google object| __postRobot__ object| __zoid__ function| onLegacyPaymentAuthorize function| watchForLegacyFallback function| onLegacyFallback string| LOG_LEVEL function| __pptmLoadedWithNoContent object| paypal object| PAYPAL object| ppxo object| paypalDDL string| PaypalOffersObject function| ppq object| __post_robot_10_0_44__ object| __paypal_global__

44 Cookies

Domain/Path Name / Value
heysara.com/en-us Name: localization
Value: US
heysara.co.nz/ Name: keep_alive
Value: 03f39d79-f476-49d8-8e13-9e605540a5a2
.heysara.co.nz/ Name: _shopify_y
Value: b99e01bb-49f5-48ca-9306-533f93141950
.heysara.co.nz/ Name: _shopify_s
Value: ed95b284-42e6-47af-a83b-a5ec4e155060
heysara.com/ Name: secure_customer_sig
Value:
.heysara.com/ Name: _cmp_a
Value: %7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D
.heysara.com/ Name: _shopify_y
Value: 1c898208-1ba0-4639-9b58-89b8a8ded025
.heysara.com/ Name: _orig_referrer
Value:
.heysara.com/ Name: _landing_page
Value: %2Fen-us%3Fshpxid%3D18701955-623d-408e-8ab3-fcdee223e27d
.heysara.com/ Name: _ga
Value: GA1.1.941611164.1705105931
.heysara.com/ Name: _shopify_s
Value: d319baf1-7f29-4422-a31d-acd396a0fe4c
.heysara.com/ Name: _shopify_sa_t
Value: 2024-01-13T00%3A32%3A11.626Z
.heysara.com/ Name: _shopify_sa_p
Value: shpxid%3D18701955-623d-408e-8ab3-fcdee223e27d
.heysara.com/ Name: _ga_4G9MT42V3K
Value: GS1.1.1705105931.1.1.1705105931.60.0.0
.heysara.com/ Name: _gcl_au
Value: 1.1.1637094968.1705105932
.heysara.com/ Name: _ga_552J7BXGFG
Value: GS1.1.1705105931.1.0.1705105931.0.0.0
heysara.com/ Name: shopify_pay_redirect
Value: pending
heysara.com/ Name: __kla_id
Value: eyJjaWQiOiJNRE14TTJZNE9UZ3ROems0T0MwMFpqSXlMV0UzTjJVdE1UWTFZamd5TnpReFl6ZGwiLCIkcmVmZXJyZXIiOnsidHMiOjE3MDUxMDU5MzIsInZhbHVlIjoiIiwiZmlyc3RfcGFnZSI6Imh0dHBzOi8vaGV5c2FyYS5jb20vZW4tdXM/c2hweGlkPTE4NzAxOTU1LTYyM2QtNDA4ZS04YWIzLWZjZGVlMjIzZTI3ZCJ9LCIkbGFzdF9yZWZlcnJlciI6eyJ0cyI6MTcwNTEwNTkzMiwidmFsdWUiOiIiLCJmaXJzdF9wYWdlIjoiaHR0cHM6Ly9oZXlzYXJhLmNvbS9lbi11cz9zaHB4aWQ9MTg3MDE5NTUtNjIzZC00MDhlLThhYjMtZmNkZWUyMjNlMjdkIn19
.heysara.com/ Name: _fbp
Value: fb.1.1705105931987.1241333196
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
heysara.com/ Name: keep_alive
Value: 1f02c196-b8e2-4caa-878e-4c82d900c57b
heysara.com/ Name: enh_visitor_session
Value: X16dG6kPfx
heysara.com/ Name: enh_source
Value:
heysara.com/ Name: enh_token
Value: 6531b9d77a5a7b438ffecf49
heysara.com/ Name: g_conv_id
Value:
heysara.com/ Name: enh_last_access
Value: 1705105932451
heysara.com/ Name: fsb_previous_pathname
Value: /en-us
heysara.com/ Name: enh_cart_ic
Value:
heysara.com/ Name: cart
Value: c1-9659ff47b3440e7b4c38801fa32c6108
heysara.com/ Name: cart_currency
Value: USD
heysara.com/ Name: promobannerapp
Value: 2024-01-13T00:32:12.861Z
heysara.com/ Name: cart_ts
Value: 1705105933
heysara.com/ Name: cart_sig
Value: aeb195a47cddbf98006325802963bb0d
heysara.com/ Name: dynamic_checkout_shown_on_cart
Value: 1
.paypal.com/ Name: LANG
Value: en_US%3BUS
.paypal.com/ Name: l7_az
Value: dcg14.slc
.paypal.com/ Name: ts
Value: vreXpYrS%3D1799800333%26vteXpYrS%3D1705107733%26vr%3D003bc39a18d0a551b0ace96cffbcf980%26vt%3D003bc39a18d0a551b0ace96cffbcf97f%26vtyp%3Dnew
.paypal.com/ Name: ts_c
Value: vr%3D003bc39a18d0a551b0ace96cffbcf980%26vt%3D003bc39a18d0a551b0ace96cffbcf97f
.paypal.com/ Name: enforce_policy
Value: ccpa
.google.com/ Name: NID
Value: 511=lcOlKLVrUGd92gB1uTSOFjIt3qX_8q1DOp-YZD7RUBQnteF90HuT5BnhStlygFV2h-j-Xh0-CakettYiglsA03eWP9whxemSE0uJkpXBA5-8ZCdyf-mhuM2kV309kFuErqb1tgWVcvzEmlEA1qSznsphLaXYzYKUEsIVyqxmyUk
www.paypal.com/ Name: nsid
Value: s%3AcSQgZFfbplQLz4XuOsESPhCcKxmdGxoE.jILttPKGIzQDSzoXfGDOOlsSrAUVJYaJYpqFu5%2BHFHE
.paypal.com/ Name: tsrce
Value: loggernodeweb
.paypal.com/ Name: x-pp-s
Value: eyJ0IjoiMTcwNTEwNTkzMzcwMyIsImwiOiIwIiwibSI6IjAifQ
.paypalobjects.com/ Name: paypal-offers--cust
Value: NFLQ73CTDEYVQ:8:DFP

14 Console Messages

Source Level URL
Text
network error URL: https://cdn.shopify.com/s/files/1/2637/6386/t/116/assets/codisto.js?v=1690412676&shop=heysara.myshopify.com
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://heysara.com/static/js/4.chunk.js
Message:
Failed to load resource: the server responded with a status of 404 ()
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Message:
Failed to load resource: the server responded with a status of 404 ()
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation warning URL: https://www.paypalobjects.com/api/checkout.min.js(Line 1)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.klaviyo.com
admin.stkbl.app
ajax.googleapis.com
analytics.google.com
bundler.nice-team.net
cdn-bundler.nice-team.net
cdn.enhencer.com
cdn.hextom.com
cdn.myshopapps.com
cdn.nfcube.com
cdn.shopify.com
cdn1.stamped.io
cdnjs.cloudflare.com
connect.facebook.net
d3k81ch9hvuctc.cloudfront.net
fast.a.klaviyo.com
fonts.googleapis.com
fonts.gstatic.com
fsb.hextom.com
geolocation-recommendations.shopifyapps.com
googleads.g.doubleclick.net
heysara.co.nz
heysara.com
instafeed.nfcube.com
iwish.myshopapps.com
monorail-edge.shopifysvc.com
pay.google.com
peter.promobanner.app
play.google.com
s3-us-west-2.amazonaws.com
shop.app
stamped.io
static-forms.klaviyo.com
static-tracking.klaviyo.com
static.klaviyo.com
static.promobanner.app
stats.g.doubleclick.net
t.paypal.com
www.facebook.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.merchant-center-analytics.goog
www.paypal.com
www.paypalobjects.com
151.101.1.35
151.101.130.133
151.101.194.133
151.101.65.21
167.99.228.137
172.217.13.194
18.160.41.16
185.146.173.20
192.229.210.155
2001:4860:4802:36::181
23.227.38.32
23.227.38.33
23.227.38.65
23.227.60.200
2600:9000:21dd:b600:10:7435:da40:93a1
2600:9000:23ca:ac00:1:427b:a440:93a1
2606:4700:20::681a:69b
2606:4700:20::681a:79b
2606:4700:3030::ac43:8833
2606:4700:3032::6815:1fd0
2606:4700:3035::6815:15e
2606:4700:3035::ac43:80f8
2606:4700::6811:190e
2606:4700::6812:3bb
2607:f8b0:4004:c0b::9a
2607:f8b0:4004:c17::5c
2607:f8b0:4006:80e::2002
2607:f8b0:4020:804::200a
2607:f8b0:4020:805::2003
2607:f8b0:4020:805::2008
2607:f8b0:4020:805::200a
2607:f8b0:4020:805::200e
2607:f8b0:4020:806::2003
2607:f8b0:4020:806::2004
2607:f8b0:4020:807::200e
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
3.162.112.127
3.211.248.173
34.102.229.135
52.27.241.171
52.92.195.32
54.156.145.102
99.84.208.58
00792ef04b29d7cbd5110cea7e934b63b774145c63defbc66d3df9bd1023ff63
008a353546d56e2ab28f207905f7bab25bb6f6fcb5f755117e9d71f05c0c42b5
00f401a0936ec90f8c5ad24db4895d125392c68558117c5942e3f26e01bf269f
04800fac5c20bb3651d645f32552bfa8351bed4c707404db19da4ae0c5d4e8f8
04a4cf7d97f67e5b18433c67871b6fc42c4c81bd21a31bf1a9f4d80394e967cd
06ea3c5c81f846a699293a1329d6e486d29eea890bcf78ac2fc1c92f8260f51e
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
08bb5a1289d0f1b19fd7485a91d29ca46f05c3c4849b0541c0cb137349043389
0907b4aa82a15c779c30330fe6a51314edb838168870e2fe7e535276e3034828
0b416c75340c907037801e3374e62d31d1123c29f0888da68929d33fdc024669
0c9cc88c27618b01e95063377382195b9062bdbef5eb1687e5881d3f318dbe63
0cb9841024e77821b0f801d154a8817b891dbd33ebe69c63519a6647a3d64882
0d9934f57548f7be25b7971028a74f16ecef5c2be2c4c81ac6f3991ad85eda11
0dc5db9c258073a03f8c43efb74a5cf981e5635ccf05cd7b98e66a819ba05ab6
0dda7ba92272bd57c764ef327a30ce7d462e01d51837e5d3cb62ef90d8011717
11b8c4f4e70009c9d00dc9285982585ee42ef6293111935f328f5191829be0a5
11c71c96122fa9b40863f2e7df23af04f148ebd4af4f5cd90bf2dfef12290179
128da0f90ad968619ede1396c3472d0e492d0acabdaf26734a174f8a1b4666e4
13f582e60f4bd58d4110853ae1919dce15aeeca5d40b56c1986039ebf1d738d3
14384c15f9728c43d77d77a876d344d0102de972003ef289d850b8be91d1f716
1694d4521c5cb4bccdf79e4b577a8e83c556c6e3fdb87ccb7ba97bcd676ca382
17f8dea9df9552e469ead8fc28c70f7c4dd0dfd72e33c1567b185b1325625408
1ba49e8383e2329fe4f6e2a33172420fefd5bee26ce915cef9315f5b09c54cf8
1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f
1cfca4d1dfdb790e7450a87995fe01ef2cdd0249adb43ef3623401b03022af38
1e8ec1938b3cbe7bd119c90f1727ff093c058eb08eb4aa19a7bc2d86ac7ebea3
1f664948b701e8565d57803d8e3a9ea104b455d21acad80e9ad0d3c2d7536c37
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
237e01337be5d11c7f1355c3665cfd680afb5f24db210942f039802e61ac69f9
25c58b5996793854059af5eb81e0850824c2ec276c426e26489df85a911c4879
2981ba79432c2bacfa8859adeff8faa12758e4ef9082a79ed83701c4f241e2ca
29f44366a2a53217523c84b66655d2e0bdae7a301a429cf2dcd77df46c886e33
2c7de2af41b2f0591f8f8f85c65737693f9f582cbf70b95740cc6856f034daa4
2cf287b78e78aaa78b8d4388f1be3b67196a7f762516b6dd1740d2bad3294111
2dfe5242fc3ca3e009436552c2300a820dc07e09d306f23332871913c29c8564
2e8314416e8682e92cbb19f3b8deb8f8cbcab6ecbf20b853c4dc8acaee177e2a
2ee55e524b6dae3e5a5f1d5dc3b09ee34b956b602934b81c0dbe7f878ace66bb
301351195462c1307b8d3a0c76e539fd96c34d3568dacdc35f2e15f8dc4f00f8
353f85cdd75082efd47eb3b3f1f0ab5ff7e0d21fd0a27ef7836a573cca5348f1
356095d1ab9f5df0cd0665a6c66d940f102215674306e78f64c435f18fc17d20
374218623e38465576551f37ea3e146eb668b2ce0c97c6d4505e9d01642a7262
3865d48d09ae34306fa0eff6936023ada969ec0fc89cca9e3c520a5d5b5060f5
3b82b73bbc8599263e553b56ea25f01775f601fcfc80cdeb84eec0170d10f48d
3bb911c93bf505555a51eee6d95149ff15dc230e006fd87e45fb4317c18f84c5
3c3efc7c061c0df796f3ad754c8e024da3e514f3ff7fbc5a04b51bbb2fca1ebc
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3d4f19e27ee9a32aa646c33e89666ff5b295cfd9d96cb4a983edb4ae3c011dbd
3dcf1546a9326b08a675d7538877dd857153151b47dc5358fc67d8c16801d5ad
41d7fe3257594f83f7095e7471176c7e36c9ebab7408a60ed9381bb9a06255d3
42d943d26530ba140625166f1491b42e09cbdcda120ff344bbfb6f4ce948b298
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
449eb77b7b09e4fea5844acdeffefc902ff576b8a35e22848c23879801e0ba2b
44c60a65dbcbbd021dd68678f6ba903b3df697e1205e48bbe9f19aeeae7e4786
450187620761b682b29a944ae2934b19a00c2ce53278a8c86ba0bff2515b8e19
46cfe6f645ccb4cf54b7ed3fdd3db2198fb0e96e8f88b15e4478625cdf03cb38
4a80504b7b441ff26b6362263d2b9a034fe5c082b807b5006b451d9a1b14aa2d
4c776e666003f3fa8b5cb6f7bdd88485df13d31c88ab5a018ee26c684c53321c
4e8d2f196f7a464476bf47d0b722391f44fdbc58c6b941e9cf9eada7fab426bd
4f13f02aaad5c331cbd9ea62875eeb70f9eccc6fd0f3f97f87a2d6051e1e3378
4ff60f6967d877037d0372072df37519155a5560c28222f8f35f492592c2ba13
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
53a85651866852f33fcaf1ee1eff6e5002e8dfe32e4dd49187007b3a7c1367ea
575c97668d79c41ce6dbc1bf6d1c7fa0c5920725a1cd691aa5e11410f892f18b
5c208dd55384b3516eb63abf6f239a5309d7411623419e74ac8ea188076ad2b3
61f802442e3515ba46f96553d900fa67234e7450d34ca71b220bb24656c5fa22
621d3307d6abb417c3190b7116359afb5bc6e4523482803b3cd544dfc7f2f3f8
645a238bdcf3e5b208a7d1a4b7e4499962998de24b882578bf211444bd782652
680821099ccc3f909e4e7a0bf1ea20b50b34edb28b8259bc10799468192874f7
6af4bcb3682d264b8c6c71aa0a96f2a707e46621379a0001e5990292c8572f68
6c75b4f9a51f42180d7505995fc634244b9878d2c0c6a69fc2d9bfd6e8794cd8
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
703029dc1c274a796c85888ecbdfcf8de58c8b51f6acdfe75076a1f4aeb5a6a8
70c166c46fe4bb17c3c4d649c6bf36a680b1d913af0bbb7b678f7d34626b3222
720e6e6b93b69ba00420aee4bf206c1f6d74928195bb26c46daea0106b84109a
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
7377f22fc16de5a4b202a5c3ce05693f4f35e665e846d9e258e23a57a5637497
73918053b6fb69d8979aefebf48c1a39e7cd181afdb5ac6f435c0269fd73eb00
79f555b33f2cdb1b6732335c2798d0c55b0164dcba4d6b5e4fa3991eafd9b3b6
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
7e5d9b9c5d45ad4cbbda894fa4754a3a715a14f3403644e6d885b14b0b5cdcfb
80f5f45af20480963e8905994ca649b22ce2c9367d00599820d5d963cfd23d7f
8170107dd679d5f053fd54194b14143839b4b856c27c9f7332409469a59736f4
83913ac3dddcb27792f1cb766f6f177c45f81c7b62d6ddfce280fb7bf96e5ec5
8741f8720fb391b81c91989bc8cde382006d1e3c5f6adc828bfd65e66a8e75b4
87876fa245af19cbd14aa886ed59c6aa8a27c45d24dcd7a81cf2d2323506233e
87c14f094253cb7538e516d55c2a6980ff86e4d20f9edb04595724362e3ef2ed
88c4b57a5d8771a5989218965dc7546315cd6ea6b93a6a48f006dbe12caf4d2e
8b95b8318ad785e98c65fb84070cb0a155c9ce2001d807d381be30ed872e951e
8bfdb31b91483f0044fc97d14ee4b5a98c91e2a9edfaf3c06f0f2a216e3eb106
8d4a66398e3b09cbfd26ffad383504fbd72fa699b976c6febfe6e4f8c57d02f3
8ee9d0f9e5e8ea9978182e9ff3934ecdc7968b61515fa554a6b2bc95fc3644f2
90059e323b885529f5323b27e49dd73837f0500110669e305b56bf5d453a5c5a
9389278f5f84d99768a435b91fb439c08243e92215e7c01b32a4eb1a0f31ed6f
94d05bcdc5873dbf5497822e65b865768abf6b99f5eab2c0f0a04d34525f128d
955c7af8acfccde7ec166c68b3ee2f9d5a845218ed4cbf8232a41b53b4dc31b9
95720e0e685a08ffb2d6a1a39479f7eee5f3bdf3f0d6240b9d3a3338bcdb2d52
9634e93baae3a735f1038e3292f4f428dc8f63f0e288189ec5ca66eca9649f43
9abb61c407d0b408997f0ac14aaae9df53fe18056c638b26e8a54eba34c7d524
9b5179ea2a77fe69b294fbd2ed504eacbfbe048ede58967b43af2ca537144b1f
a0cc3360f9c8d2084b936b7f8c6bb5612224363ec8a29f5b8519581eef66992c
a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f
a2fbaac8f1ee459b625cd23b2d12407a836986578de5d195c13234985b769278
a4b7865e82b27bef75430bc954f27be2f1af86815bd757012aa1c80bb5579658
a5411536fc5b4bf42c55b785155de4d6db03fa69a0bdda8e03d0cd461a55ee60
a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b
ad75f91fe2a592369f5214ffc0b87250fc9898a9fea1856627ec8c552f6a0506
adf9b3c556710fac2e0f2ecf748a1f82afd023d7957336ef228db33f1deb83d3
af088fc47009ab2b1ea38be07a28cb3f09cf7221cbfc2335e4f852aad508a102
b1c58838c003354dfd13fe34f60d24b2bc8cbc3fd27e25fcd0de16a2230801be
b2bb058a1375dd7493c528d7128c1da5c1fcfabc693ab92604d697d2f0effda7
b2f365310c35cf84e0ab011e82072fe91bb97f1e7a159fb7806e4f79172bec33
b4b118f1d6941d1c227f24465a739f9c03a205b53382e0aafcdfec681f394f7b
b7f6cfe8743b60590da514bbdc9c15d93646ba5a532339f95421d8cc8b09d2de
ba9ba2111c07925315fb4a530701796cd9351ed7aa39a6a892b8f9d8778e47f0
bd241bf839d36d4e92663df4747e41782fbde581b9670dec0132b69f63d42919
befa43b13cdb686a7ef922a91d1a67a72a9ff512e5611b3c9ff3556f7f65e2d0
c6f23178af2855926fb0a9a95ce2d657638270526b85b5ce26f6173af8851407
c77b8fd8b8781b1f2b9766384402c12959ad34af4b2d273ae116306cb406435f
cad18b706008faddfa94afc494e7c2d796c388cc48ec1cf675c2f4a5806996c1
cb40782861a503fca696936063d00182c5ebdefc23cf900cb9e5d37a99abc0c9
cbc32c0e90c5fb637667b433d2835594c081d98decb4e4b2b3481b47e662a732
cc3ffbdc61143dd70b512433d9bfe3c041f3cba9383af584f7c1c23baa3b1747
cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709
cf76cabfdc048043b6faf3f43da299a2a481b234d5abde96a8e74c6673488122
d44d66ba67c9bb717ab94eae48faff394759c5ea356e17f0055a10b255c5574c
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
d8a46ddd68fb485d20928c75ed5d1bf4191067ae0bcb5fb16b3c24fbff227137
dc92da4042d79359ec08cfcd554c7d226e98d6084ead823d29091f93648e6a31
dcafbf41a38ad766176ef8ca08c8f59caf67029a2333231ad575f032cbb3461d
dd3307a05d3466cfcb2b79872d36c0688389e2fec8e4bb9ff8a13f69dd49d41f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40ca2741212941a62daa83526c876ce9b9ed0741015430135d0e5570f45f08d
e98117da5335e97f29897d861d04e1dfe8351a151b968515822927182e4c9bfe
eac98f4a9ee84748d3aaa698881da1fe28b318689853c6491d4e8c563bdd829d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5695392329615991aef82ee880b52c17e6dd36d875c34000975d796a602815
efbb5378714832ff3bbcf979c5e5d0bfc1bd1873746156bda40c2de2d672f398
f0b85b6482436d2aa9fb9f57333e33ac45d4af776fed2b7d889a3da355701bd8
f0ef454bf1c02a8d2dc1cb36262fa8f604144136b30b64cb18f5f0a34a9705d1
f412da5c91ad91ecdc63910bdfe08cc968ceae5e1d946bf4a1b493dc2508de98
f5c9917ae6f29de0ba5c6606ea4d7bae6a7072f6b08fc90ddf9cfc09027b07ee
f745008ddbb8b056afac6a1218db5194eeef63f47e8f29f7499bb46af6a8ca41
f78a94e02249d233140142a1d45fd4ef8b3f6a468bf40a229c3cd5072b32cacc
f7d9c8184937ff854afd6da2a3de3fc970ef1c2820795e44e932499540fe5832
f969eefe7e8afbed8fcc7d9105f161427e78f24abc5d1697ef7543ef73cbcb90
fb91dfcb049d42c6a9b5b9798498ced5f618b7a5838c15468da7fe38745d4378
fe73d41f0d353ca0c9ab0a53cbee7f6fa80b9e7c5da308dbfdbad712eee06468
feb459ca87f93ea6e76b0554d0352aef2b99bfe3443b6c4f58127a07eb1cb048
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff7efc15855636ac36986ca3d89ec9ab58a444081ce9b0cb401269f20f002e05