urlscan.io logo urlscan.io
SecurityTrails logo

tortilla.order.orderpay.com Open in urlscan Pro
13.35.24.114  Public Scan

Go To Rescan Add Verdict Report
URL: https://tortilla.order.orderpay.com/checkout/success
Submission: On April 12 via manual from SG — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 8 domains to perform 40 HTTP transactions. The main IP is 13.35.24.114, located in United States and belongs to AMAZON-02, US. The main domain is tortilla.order.orderpay.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on March 2nd 2023. Valid for: a year.
This is the only time tortilla.order.orderpay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
19 13.35.24.114 16509 (AMAZON-02)
1 2a04:4e42:400... 54113 (FASTLY)
1 104.103.146.207 16625 (AKAMAI-AS)
1 11 13.35.24.38 16509 (AMAZON-02)
2 2404:6800:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 34.120.195.249 396982 (GOOGLE-CL...)
1 2404:6800:400... 15169 (GOOGLE)
2 54.194.138.233 16509 (AMAZON-02)
1 104.198.23.205 ()
40 11
19    13.35.24.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-24-114.tpe51.r.cloudfront.net
tortilla.order.orderpay.com
1    2a04:4e42:400::282 (United States)

ASN54113 (FASTLY, US)
polyfill.io
1    104.103.146.207 (Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a104-103-146-207.deploy.static.akamaitechnologies.com
appleid.cdn-apple.com
11    13.35.24.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-24-38.tpe51.r.cloudfront.net
euc-widget.freshworks.com
2    2404:6800:4003:c03::61 (Singapore)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700:3030::ac43:c17e (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.lr-ingest.io
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o379234.ingest.sentry.io
1    2404:6800:4003:c04::66 (Singapore)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    54.194.138.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-138-233.eu-west-1.compute.amazonaws.com
device-gateway.orderpay.com
1    104.198.23.205 (None, )

ASN- ()
r.lr-ingest.io
Apex Domain
Subdomains		 Transfer
21 orderpay.com
tortilla.order.orderpay.com
device-gateway.orderpay.com
641 KB
11 freshworks.com
euc-widget.freshworks.com — Cisco Umbrella Rank: 65929
147 KB
2 lr-ingest.io
cdn.lr-ingest.io — Cisco Umbrella Rank: 14863
r.lr-ingest.io
168 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 62
121 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
253 B
1 sentry.io
o379234.ingest.sentry.io
301 B
1 cdn-apple.com
appleid.cdn-apple.com — Cisco Umbrella Rank: 3656
17 KB
1 polyfill.io
polyfill.io — Cisco Umbrella Rank: 1464
654 B
40 8
Domain Requested by
19 tortilla.order.orderpay.com tortilla.order.orderpay.com
11 euc-widget.freshworks.com 1 redirects tortilla.order.orderpay.com
euc-widget.freshworks.com
2 device-gateway.orderpay.com tortilla.order.orderpay.com
2 www.googletagmanager.com tortilla.order.orderpay.com
www.googletagmanager.com
1 r.lr-ingest.io tortilla.order.orderpay.com
1 www.google-analytics.com www.googletagmanager.com
1 o379234.ingest.sentry.io tortilla.order.orderpay.com
1 cdn.lr-ingest.io tortilla.order.orderpay.com
1 appleid.cdn-apple.com tortilla.order.orderpay.com
1 polyfill.io tortilla.order.orderpay.com
40 10

This site contains no links.

Subject Issuer Validity Valid
order.orderpay.com
Amazon RSA 2048 M02		 2023-03-02 -
2024-01-18		 a year crt.sh
polyfill.io
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-10 -
2024-01-11		 a year crt.sh
appleid.cdn-apple.com
Apple Public EV Server RSA CA 2 - G1		 2022-04-19 -
2023-05-19		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-03-20 -
2023-06-12		 3 months crt.sh
*.freshworks.com
Amazon RSA 2048 M02		 2023-02-23 -
2023-08-24		 6 months crt.sh
*.lr-ingest.io
E1		 2023-04-11 -
2023-07-10		 3 months crt.sh
*.ingest.sentry.io
R3		 2023-02-16 -
2023-05-17		 3 months crt.sh
*.orderpay.com
Amazon RSA 2048 M01		 2023-03-15 -
2024-04-12		 a year crt.sh
api.logrocket.com
R3		 2023-03-10 -
2023-06-08		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://tortilla.order.orderpay.com/checkout/success
Frame ID: E379DEE34D8CDEFA40FA604BEB63A9EB
Requests: 32 HTTP requests in this frame

Frame: https://euc-widget.freshworks.com/widgetBase/widget.js
Frame ID: 26B7FB55AF6612C1C8FE8B855A06D7B3
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Tortilla Click & Collect

Detected technologies

Overall confidence: 100%
Detected patterns
  • appleid\.auth\.js
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.lr-ingest\.io
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Page Statistics

40
Requests

95 %
HTTPS

40 %
IPv6

8
Domains

10
Subdomains

11
IPs

3
Countries

1096 kB
Transfer

4305 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://euc-widget.freshworks.com/widgets/79000000898.js HTTP 301
  • https://euc-widget.freshworks.com/widgetBase/bootstrap.js

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request success
tortilla.order.orderpay.com/checkout/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/checkout/success
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bad3ba937a031311e64ce8be12fc2d79f9c11110c16886fff44304c4c85b1c66
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

age
70614
content-encoding
gzip
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
content-type
text/html
date
Wed, 12 Apr 2023 00:19:21 GMT
etag
W/"37ba5f0910ed426167c91fce90651574"
last-modified
Wed, 05 Apr 2023 10:12:47 GMT
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
x-amz-cf-id
4Uz_wkaHwATPeF-P5G1slwV4QtDd8W1aCvJJeLLypRJQuyFN31VKcQ==
x-amz-cf-pop
TPE51-C1
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
polyfill.min.js
polyfill.io/v3/ 		101 B
654 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?version=3.111.0&features=Intl%2Ces7%2Ces6%2Ces5%2CObject.fromEntries%2CIntl.NumberFormat%2CIntl.Locale%2CIntl.PluralRules%2CIntl.RelativeTimeFormat%2CIntl.ListFormat%2CIntl.DisplayNames%2CIntl.DateTimeFormat.prototype.formatToParts%2CIntl.DateTimeFormat%2CIntl.getCanonicalLocales%2CIntersectionObserver%2CPromise.allSettled
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/checkout/success
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://tortilla.order.orderpay.com/
Origin
https://tortilla.order.orderpay.com
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 12 Apr 2023 19:56:14 GMT
age
536347
detected-user-agent
Chrome/111.0.0
useragent_normaliser
chrome/111.0.0
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=2
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
113
referrer-policy
origin-when-cross-origin
last-modified
Sun, 05 Mar 2023 16:54:09 GMT
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=UTF-8
normalized-user-agent
chrome/111.0.0
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
appleid.auth.js
appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/ 		42 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/checkout/success
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.103.146.207 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-103-146-207.deploy.static.akamaitechnologies.com
Software
Apple /
Resource Hash
60e60bf2583cf7444b00a4b0b8d46de5fd5816f768fc72fd71c643357132df69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Date
Wed, 12 Apr 2023 19:56:14 GMT
Last-Modified
Thu, 06 Apr 2023 20:13:46 GMT
Server
Apple
ETag
W/"42671-1680812026967"
Vary
accept-encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=86400,stale-while-revalidate=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17247
bootstrap.js
euc-widget.freshworks.com/widgetBase/
Redirect Chain
  • https://euc-widget.freshworks.com/widgets/79000000898.js
  • https://euc-widget.freshworks.com/widgetBase/bootstrap.js
9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgetBase/bootstrap.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/checkout/success
Protocol
H2
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9eef2b2d8b9f1b2c62e3c8134eedf1007098154025d986f38efd395d0a87ee5e

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id
0emazt.7_8fG_xbFpnfEYvQmb9CYF27l
content-encoding
gzip
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
date
Wed, 12 Apr 2023 19:56:11 GMT
last-modified
Wed, 07 Dec 2022 10:09:00 GMT
server
AmazonS3
x-amz-cf-pop
TPE51-C1
age
157
etag
W/"0e1576333ae0c0868cd43aebc80ab65e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=900
x-amz-cf-id
vyWmZGpFQZvlcnOAHFDe-gFwVFyHfJNm2wyqjE_MVYPDyWON70hfpQ==

Redirect headers

date
Wed, 12 Apr 2023 19:56:16 GMT
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
TPE51-C1
x-cache
Miss from cloudfront
location
/widgetBase/bootstrap.js
content-length
0
x-amz-cf-id
Z3TJstSufrrecXWV4Da-DtWRG4W18978Hq7fDrBZjVnicWTRRSspng==
runtime-main.6c0bfc72.js
tortilla.order.orderpay.com/static/js/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/checkout/success
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4d3ecdae5602d3581d8fd07b3fec84bfec3c771e62b44f30e61b455be9d0d551
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:15 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:49 GMT
server
AmazonS3
etag
W/"3c0513412f7a2ab7e17e473cdc6af593"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
uQ0tY-_inlWS7Vop598jERaVByHC-3N5wuRyZ9zySx_MIntdd6fqSg==
14.d2d478bc.chunk.js
tortilla.order.orderpay.com/static/js/ 		741 KB
224 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/14.d2d478bc.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/checkout/success
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ff0b378858c99ff18691c8c55c5b132f23973cffb51e582cabe997bfdc1d110
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 10:45:45 GMT
content-encoding
gzip
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
33029
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:47 GMT
server
AmazonS3
etag
W/"d84a341dfaa6e3eb98853e0c6f719d25"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
8jjnqLQaUXrzTKb3tD434vwbCcZGqifxo-Lajg397xs7yIgkNc1L3w==
main.84ac492d.chunk.js
tortilla.order.orderpay.com/static/js/ 		550 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/main.84ac492d.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/checkout/success
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9c68880ba917336089d7e84f0778205bae3a901fb59a1fd9b2747ea853774004
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:15 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:49 GMT
server
AmazonS3
etag
W/"b555cff37e9e438a4e316f159efa3025"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
4UVKXlSAmMCdM5Qyd9Qnsx5HkRC6Ov5dUB8os51ayQmTwDM9dKKNOQ==
gtm.js
www.googletagmanager.com/ 		115 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KSGMHHB
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/checkout/success
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c03::61 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f8457040a75e8377ae87008f38eb3eb7ac1a06d2766f624bd79e36f12f0ca3d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:14 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42447
x-xss-protection
0
last-modified
Wed, 12 Apr 2023 19:20:15 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 12 Apr 2023 19:56:14 GMT
79000000898.json
euc-widget.freshworks.com/widgets/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgets/79000000898.json?randomId=0.630898232317276
Requested by
Host: euc-widget.freshworks.com
URL: https://euc-widget.freshworks.com/widgets/79000000898.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
502137a1d4c724143a37adaf8501eae0764ae499b274e219ca99693f6e8d3a17

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:17 GMT
x-amz-version-id
I7AeAJjXOCnszQfHNxqj3CFnSP5oDWUL
content-encoding
gzip
last-modified
Wed, 29 Mar 2023 22:57:00 GMT
server
AmazonS3
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
x-amz-cf-pop
TPE51-C1
etag
W/"558538ecfec4694c418e715aa3be093c"
vary
Accept-Encoding,Origin
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amz-cf-id
iduS210nNq8ntf0jlVy5mCgvSY0tryF5z6T2a3AJfSlkpZr0Sz6i4Q==
logger-1.min.js
cdn.lr-ingest.io/ 		819 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.lr-ingest.io/logger-1.min.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/14.d2d478bc.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:c17e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
563b7f21113c021f558c27610d7302a6d05d54c101f0586797d8fbaef6239014
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:15 GMT
strict-transport-security
max-age=31556926
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
146
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-qpg1230-QPG
last-modified
Wed, 12 Apr 2023 18:11:31 GMT
server
cloudflare
x-timer
S1681323389.521892,VS0,VE1
etag
W/"ccc11e8d38289af59aaae9c1c8996bb256b6e5faf39ab51b3e9182f15c4a2d04"
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KAVWiAcwrxP5MnAWcOcckqzMw5VZ%2BnttTm1eKuxvS5RGNwrqLjNuyY%2Fj%2F5c6a%2BAcrlkSSnyX7HUBkr%2FZEd3VZdJpVmMvut0PbWkF8thBPIO3TBSCUKf0jscF9bObJynB5UwS2sQSiWWh1nVtekFG"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
7b6e0817c9954cbf-SIN
x-cache-hits
1
52.bce00feb.chunk.js
tortilla.order.orderpay.com/static/js/ 		455 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/52.bce00feb.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2aa6c61578a4147f09a683d8f0c4d307b15b76ba30b07d26c971a9574f2fe578
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:17 GMT
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
x-cache
Miss from cloudfront
content-length
455
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:49 GMT
server
AmazonS3
etag
"a68b0bef769b9ad088f6e63874262592"
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
AQi4EAu_UeHBNCdx9fm5eMnKv3tfg2JaRFuIDgWiGDmND0ziPuwurw==
/
o379234.ingest.sentry.io/api/5639093/envelope/ 		2 B
301 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o379234.ingest.sentry.io/api/5639093/envelope/?sentry_key=a70f5733d0ce409785738fa0fa1c5230&sentry_version=7
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/14.d2d478bc.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://tortilla.order.orderpay.com/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 12 Apr 2023 19:56:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
53.c1fa7398.chunk.js
tortilla.order.orderpay.com/static/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/53.c1fa7398.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f56d149faa31742bd9103994d43c1f42ab312c00f812a135d38e427830781dfc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:07 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28930
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:49 GMT
server
AmazonS3
etag
W/"f489014f9df7fcfd3808106c92616a58"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
BSNh8hzWKLDKWbBn_pmScsYH3gCdCrQjVz0tNgDRctHsNBf59felEw==
49.9b7c29ce.chunk.js
tortilla.order.orderpay.com/static/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/49.9b7c29ce.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4c5c0e54e922f68803f8e9c6e96460984a199e74a4199ccfd07e0cc1e9d7da4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:07 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28930
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:49 GMT
server
AmazonS3
etag
W/"80d46cced33bd476011c77951e5261e6"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
3o_LuQTTGmPkbZ6xfuxownResqjpK66AYTM7itdliTZP-7n_Zbd-rw==
js
www.googletagmanager.com/gtag/ 		231 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5MVYLWVQJ2&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KSGMHHB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c03::61 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7fa8c2c7e7223cb5d08846c6dcc2ad3e7752a2da67b922ea35373236ae153215
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:16 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81186
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Apr 2023 19:56:16 GMT
f526037d-af76-4fec-b24a-825b243e5627
https://tortilla.order.orderpay.com/ 		455 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://tortilla.order.orderpay.com/f526037d-af76-4fec-b24a-825b243e5627
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/checkout/success
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e8724a684f4facb5a12d31cd35fd4b77c5326b347fa132ef5056b39c02151dd

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Length
465945
Content-Type
collect
www.google-analytics.com/g/ 		0
253 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-5MVYLWVQJ2&gtm=45je34a0&_p=443719835&cid=856111673.1681329376&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1681329376&sct=1&seg=0&dl=https%3A%2F%2Ftortilla.order.orderpay.com%2Fcheckout%2Fsuccess&dt=OrderPay%20Web%20Ordering&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5MVYLWVQJ2&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c04::66 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Apr 2023 19:56:16 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://tortilla.order.orderpay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
55.2dffd0af.chunk.js
tortilla.order.orderpay.com/static/js/ 		64 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/55.2dffd0af.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c825e83c8a5908f65a21f88308aae6081ceb6e60b5ee6af89a6bdea806acf76f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:08 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28929
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:49 GMT
server
AmazonS3
etag
W/"a62cd8e306bd2d17b8c148e55ca6b067"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
RJ4WJDZmMCLQKm1vOC6iylJAnIa4ExHwlckfVjWOh77R60YtdQ_iSA==
43.99aecc3e.chunk.js
tortilla.order.orderpay.com/static/js/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/43.99aecc3e.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ad4cc299b926505db96ea4e20e3f22a74453f9b7b26d2032d9e4990b3e0d32b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:08 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28929
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:48 GMT
server
AmazonS3
etag
W/"0636c5e1e1e7910fe8e3d75856b8d6af"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
R5tqkobwwyP4IICb96lmGjZMbH_r0Gdpq7J6-OVVneI4Erx_CboI_A==
4.016a199e.chunk.js
tortilla.order.orderpay.com/static/js/ 		105 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/4.016a199e.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ae98b7a56d3449bcceae376a6cded29acf983b54d88774c21fa97397238b9885
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:09 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28928
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:48 GMT
server
AmazonS3
etag
W/"9358a27f0713e81eea7596d2a0babab9"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
d3LDag3xEADqW6BXYy1zYHdY2F90PrCD1iNaSPmF5lK2GeyPKwESqw==
48.c224754d.chunk.js
tortilla.order.orderpay.com/static/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/48.c224754d.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5a9b938d2f1ee3c846554bf58a7aa414ff56f5157a96f7261efa37796346517e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:09 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28928
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:49 GMT
server
AmazonS3
etag
W/"52d9ffaab14c9cd0e114e08ad71c5ea2"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
WuvaOs0CZGLe44JR24WrGy_LyAJ9U_T40SIZLFkUyhyCWpAZnkljHA==
frame.d7ae132c.css
euc-widget.freshworks.com/widgetBase/static/media/ 		1 KB
893 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgetBase/static/media/frame.d7ae132c.css
Requested by
Host: euc-widget.freshworks.com
URL: https://euc-widget.freshworks.com/widgets/79000000898.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fd899442c2e228b75ababfc6183c7829fd72af587f4333908d230bedfa0fd576

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Sat, 18 Feb 2023 01:39:05 GMT
content-encoding
gzip
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
x-amz-version-id
wGgRdNtu7MoX5Ysq.aF8mzsbtWcZFqm.
last-modified
Wed, 07 Dec 2022 10:01:00 GMT
server
AmazonS3
x-amz-cf-pop
TPE51-C1
age
4645032
etag
W/"d7ae132c387286735e2e9d369838b0c5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
cache-control
max-age=8640000
x-amz-cf-id
g3tdPcjM-FT5866kxY7FseA6Wq69jFHrakim_7VrSuKuB5o0Z2tpkQ==
widget.js
euc-widget.freshworks.com/widgetBase/ Frame 26B7 		306 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgetBase/widget.js
Requested by
Host: euc-widget.freshworks.com
URL: https://euc-widget.freshworks.com/widgets/79000000898.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7c71b2481b8bf479f8224ce14231b6ec1800a45c9fe3762109d66788d05e977

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id
aJJk_AKm52S_sROirsiy11Wa5vXk9JM2
content-encoding
gzip
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
date
Wed, 12 Apr 2023 19:51:10 GMT
last-modified
Wed, 07 Dec 2022 10:08:43 GMT
server
AmazonS3
x-amz-cf-pop
TPE51-C1
age
548
etag
W/"3a0367725e7319487d040ae708bfb748"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=900
x-amz-cf-id
4idAQlKfBHfm7trifb5rRn8HcXYMUPwN1MIbbFBGxhRVN--sGtxrjA==
tortilla
device-gateway.orderpay.com/api/1/brands/slug/ 		894 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://device-gateway.orderpay.com/api/1/brands/slug/tortilla
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/14.d2d478bc.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.138.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-138-233.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
8ebacbb21c44df912cc37daa17af49222ae6978d9c64a75361d828dd05a59d65

Request headers

x-app-version
2.75.3
accept-language
zh-SG,zh;q=0.9
x-device-manufacturer
Chrome
x-device-serial-number
c064e2fa-1670-437a-9fed-f48aa5027261
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Accept
application/json, text/plain, */*
x-app-name
orderpay-web-ordering
x-device-identifier
c064e2fa-1670-437a-9fed-f48aa5027261
x-device-os
Windows:10
x-device-model
111.0.5563.146
Referer
https://tortilla.order.orderpay.com/

Response headers

access-control-allow-origin
*
date
Wed, 12 Apr 2023 19:56:17 GMT
x-powered-by
Express
content-length
894
vary
Accept-Encoding
etag
W/"37e-ar72jKEOIXHsGXmQT5nbLalvawA"
content-type
application/json; charset=utf-8
tortilla
device-gateway.orderpay.com/api/1/brands/slug/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://device-gateway.orderpay.com/api/1/brands/slug/tortilla
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.138.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-138-233.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-app-name,x-app-version,x-device-identifier,x-device-manufacturer,x-device-model,x-device-os,x-device-serial-number
Access-Control-Request-Method
GET
Origin
https://tortilla.order.orderpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-headers
x-app-name,x-app-version,x-device-identifier,x-device-manufacturer,x-device-model,x-device-os,x-device-serial-number
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
date
Wed, 12 Apr 2023 19:56:16 GMT
vary
Access-Control-Request-Headers
x-powered-by
Express
0.46b04294e09e86ff8c13.widget.js
euc-widget.freshworks.com/widgetBase/ Frame 26B7 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgetBase/0.46b04294e09e86ff8c13.widget.js
Requested by
Host: euc-widget.freshworks.com
URL: https://euc-widget.freshworks.com/widgetBase/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b48189ed59463628a5629340d7f0480b0fd4fb7991dfef6da4b92ba1c18e74b5

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Sun, 02 Apr 2023 18:51:01 GMT
content-encoding
gzip
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
x-amz-version-id
k7vSIoDqGM3OxxlXAIR8tL.Ein9b5Sh3
last-modified
Wed, 07 Dec 2022 10:01:45 GMT
server
AmazonS3
x-amz-cf-pop
TPE51-C1
age
867916
etag
W/"edf9f11d71c24994171f35695c94002f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=8640000
x-amz-cf-id
ZgS0ffrfwHsf8nXFk_fU4PXNWPeJDq4sn72aW-_YI5UEt0WG1mdOBw==
1.10938da9dc18b7b5da11.widget.js
euc-widget.freshworks.com/widgetBase/ Frame 26B7 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgetBase/1.10938da9dc18b7b5da11.widget.js
Requested by
Host: euc-widget.freshworks.com
URL: https://euc-widget.freshworks.com/widgetBase/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f173eae04e7f1b5a805d7db7fbc0b0d6eb1142b2c887eefd98b04458179178f5

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 18:18:39 GMT
content-encoding
gzip
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
x-amz-version-id
02BJOFm1zGjFNE0uxcFXwdqmy.pcI1g5
last-modified
Wed, 07 Dec 2022 10:01:46 GMT
server
AmazonS3
x-amz-cf-pop
TPE51-C1
age
4412258
etag
W/"ba0ed901bf6399bbf355c9fccb9875c4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=8640000
x-amz-cf-id
ZUMAKjX4L1EvIATHIoa9pcSs73-HEhx3ng2SHhN2jcyNjiIEPrZqJw==
10.724aaf395c78b0cf3629.widget.js
euc-widget.freshworks.com/widgetBase/ Frame 26B7 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgetBase/10.724aaf395c78b0cf3629.widget.js
Requested by
Host: euc-widget.freshworks.com
URL: https://euc-widget.freshworks.com/widgetBase/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dbdcc9d3e84c20297557336e91f8faf66406631e48ad95d0c06accdc597427f8

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id
vKZbRF9n.T56MxZCrLYOIUJUjeL1iToK
content-encoding
gzip
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
date
Mon, 10 Apr 2023 01:09:58 GMT
last-modified
Wed, 07 Dec 2022 10:01:52 GMT
server
AmazonS3
x-amz-cf-pop
TPE51-C1
age
240379
etag
W/"65e2021ddf17ab2612ff098996783dd4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=8640000
x-amz-cf-id
rIUuoxQoc0L1fcj-BuKdFqYtRVcDmZhoAZrlAdSeSKnY8Vmk9RA4iA==
16.0731ae61b48dca7ad8af.widget.js
euc-widget.freshworks.com/widgetBase/ Frame 26B7 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgetBase/16.0731ae61b48dca7ad8af.widget.js
Requested by
Host: euc-widget.freshworks.com
URL: https://euc-widget.freshworks.com/widgetBase/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0588ff44f0e5b1bc90667af4a0082cbf0cdbeeb8e47a2eda5919c4e14b9a074c

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 15 Mar 2023 23:05:18 GMT
content-encoding
gzip
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
x-amz-version-id
TBuTrh0.LFD6yVO_07Wiwnbdi_gXrfn8
last-modified
Wed, 07 Dec 2022 10:01:54 GMT
server
AmazonS3
x-amz-cf-pop
TPE51-C1
age
2407859
etag
W/"4b9c0d40b525a192c9d13ec6a039fdd5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=8640000
x-amz-cf-id
3AmF0Q37uNU5Wk6yaWHoB5yGRbj2aSpVc7riM6Yjqgn0W1401F4ysA==
11.cc96c9d26698db915a4e.widget.js
euc-widget.freshworks.com/widgetBase/ Frame 26B7 		649 B
1022 B 		Script
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgetBase/11.cc96c9d26698db915a4e.widget.js
Requested by
Host: euc-widget.freshworks.com
URL: https://euc-widget.freshworks.com/widgetBase/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4173bf82d1612cf1d16e88e6f361a9b047ef7a873cf01a59595df202486a45e6

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Sat, 18 Feb 2023 01:39:05 GMT
x-amz-version-id
fwlBMDWznW8xS2Ad8BIIGOmsAb6WNQv2
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
last-modified
Wed, 07 Dec 2022 10:01:52 GMT
server
AmazonS3
x-amz-cf-pop
TPE51-C1
age
4645031
etag
"97378a8dc18187654d1a50eee3085ae4"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=8640000
content-length
649
x-amz-cf-id
2cTLzE-NfqTkWaXA1ofwA6BYsbwvOaCahec38pZ2xrByfQVcyJN5tQ==
en.json
euc-widget.freshworks.com/widgetBase/locales/ Frame 26B7 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://euc-widget.freshworks.com/widgetBase/locales/en.json
Requested by
Host: euc-widget.freshworks.com
URL: https://euc-widget.freshworks.com/widgetBase/16.0731ae61b48dca7ad8af.widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-38.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a50b51ac483825c4c798132f572dc813498c9087ff4f4d4b0cafd5deba43d130

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:17 GMT
x-amz-version-id
2t4u0GFoHr8IYqTr2EQiixD20sQeZKZ_
content-encoding
gzip
last-modified
Wed, 07 Dec 2022 10:01:18 GMT
server
AmazonS3
via
1.1 ab2135f2fb6b6ca6e1fa8bb587853ca8.cloudfront.net (CloudFront)
x-amz-cf-pop
TPE51-C1
etag
W/"b89e0007134ac4d219df17aa6fcd289e"
vary
Accept-Encoding,Origin
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
cache-control
max-age=8640000
x-amz-cf-id
woWprRMb22zZQR1fpl27cPeGsPPWqpmpje7ilD6XTPSdrfp2eBz4SA==
1.12874401.chunk.js
tortilla.order.orderpay.com/static/js/ 		460 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/1.12874401.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
448eb68b611a08262f556b5d0e97aa01310676ae7320bc4ae73dd459e404ed34
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:10 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28928
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:47 GMT
server
AmazonS3
etag
W/"b6b4e24bd42d5e6840367f2cc475c577"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
V3sRmu5pYWMMPpsCSFTbR_7NJB5XPGf_5_d8IIwLGvq_6bHOKP1FQA==
19.792ef478.chunk.js
tortilla.order.orderpay.com/static/js/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/19.792ef478.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
abc4e9fa4489f6477b783551c587b9a04eac952f27d5ba9921205c0df4a9f398
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:10 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28928
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:48 GMT
server
AmazonS3
etag
W/"4c6e46aa550b8af05f78c2247fdc7a05"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
Cy3QuRZsHqnEjyvrhF_QI8snM8-pGQ7imErDCtmb9yLAGJR7CF2V7w==
montserrat-regular-webfont.woff2
tortilla.order.orderpay.com/fonts/ 		26 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/fonts/montserrat-regular-webfont.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9d47ed597f534045a9ff2e82881be2ee7ef72b73e0b9debd668c4bd155414809
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tortilla.order.orderpay.com/checkout/success
Origin
https://tortilla.order.orderpay.com
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:11 GMT
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28927
x-cache
Hit from cloudfront
content-length
26300
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:47 GMT
server
AmazonS3
etag
"10c7e83bce37064467b56863460d3d0d"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
x-frame-options
DENY
x-amz-cf-id
z3YUxoDpaaQ4tV8RG-zWVuq2o9ZJPGEk6absB5KqMkbZ37aHQ58u6A==
montserrat-light-webfont.woff2
tortilla.order.orderpay.com/fonts/ 		26 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/fonts/montserrat-light-webfont.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a7cdfde7c3078db50359e933a12d560020581b4b5faab52eddc9760238047ccd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tortilla.order.orderpay.com/checkout/success
Origin
https://tortilla.order.orderpay.com
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:07 GMT
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28931
x-cache
Hit from cloudfront
content-length
26424
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:47 GMT
server
AmazonS3
etag
"203ebf51d32b351ec7caed49bbb55647"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
x-frame-options
DENY
x-amz-cf-id
2LIAswt28hzSjjPFnk5jdB9LXQS1qe27dJMEKxASNAo2_x4DNQv1pQ==
0.4cc6f4bc.chunk.js
tortilla.order.orderpay.com/static/js/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/0.4cc6f4bc.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89744602b48f2d4f490bf2e93df05c21d6235518be9f61cc1746b9d551926ac2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 11:54:11 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
age
28926
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:47 GMT
server
AmazonS3
etag
W/"875be4c8c498ba7d8e2ad7301bce49b4"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
6KJ1mqRaGrOvf4N847U9qx7JIiswAhl_ahwTu2rGCYgqjM-JT_BJ8g==
8.6ccdf1b0.chunk.js
tortilla.order.orderpay.com/static/js/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/8.6ccdf1b0.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a8cd6fda1909418adbdf65a00ae383283209bcb944611a011bece76b2782ea0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:18 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:49 GMT
server
AmazonS3
etag
W/"081adb60b75e6052c56311b9031e3bab"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
t9rBqcbww6u5IE_9vXO5R1qJCllV2WMP5I8_Uf0WEL8_cv5HKEpwsg==
7.5043461e.chunk.js
tortilla.order.orderpay.com/static/js/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/7.5043461e.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6385f78be0d207efff7b4bd0ebd48f279cd25b293481a964ab1263a091039e30
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:18 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:49 GMT
server
AmazonS3
etag
W/"354eb6e3b72ef56a0059c7cf84eba9f0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
CZkimLILtTun-KRlqjtFVWVEwOKXtuqJQ8XjT1pFXf7Wgk3sfA-8jw==
31.58828c92.chunk.js
tortilla.order.orderpay.com/static/js/ 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tortilla.order.orderpay.com/static/js/31.58828c92.chunk.js
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/runtime-main.6c0bfc72.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.24.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-24-114.tpe51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
23f48ed60857e2bbd5ee081d206d2d7331e12bc5f9cfa3582029bc2745d5cbb6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/checkout/success
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:18 GMT
content-encoding
br
via
1.1 f6850e35751498c1e3b732475b1f4da4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TPE51-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Apr 2023 10:12:48 GMT
server
AmazonS3
etag
W/"a69fd458948194a3b5190232a4db1e6f"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
frLDsezt813DlFdX9vlDbnLSLRjZmquPauZgpL4ko73avpwMBAuT8g==
i
r.lr-ingest.io/ 		5 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.lr-ingest.io/i?a=taaam2%2Forderpay-web-ordering&r=5-d3c10c4e-6cf8-4487-be43-39044235755f&t=6f631c76-5f69-4f72-98e7-10d3a488a975&s=0&rs=0%2Cu&u=9fc30611-62f4-4f11-98c9-a6f27550dbc2&is=1
Requested by
Host: tortilla.order.orderpay.com
URL: https://tortilla.order.orderpay.com/static/js/14.d2d478bc.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.23.205 -, , ASN (),
Reverse DNS
Software
/ Express
Resource Hash
1389f1440c15e17472bb00d3c0333d0f47cbca5d0216291a23e8654277330198
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://tortilla.order.orderpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:56:20 GMT
strict-transport-security
max-age=15724800; includeSubDomains
etag
W/"1460-CeWhkCwXHj4vN7iVzf0aR4vYKJs"
x-powered-by
Express
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,X-Csrftoken,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,X-Logrocket-Url,X-Logrocket-Ignore,X-Logrocket-Secret,X-LogRocket-ClickHouse-Override,X-LogRocket-ClickHouse-Enabled-Queries
content-length
5216

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| dataLayer object| AppleID object| fwSettings function| FreshworksWidget object| google_tag_manager object| google_tag_data object| webpackJsonporderpay-web-ordering object| FwBootstrap function| _lrMutationObserver object| __SDKCONFIG__ object| regeneratorRuntime object| __SENTRY__ object| androidWebview function| _lrXMLHttpRequest function| _LRLogger boolean| _lr_loaded function| onYouTubeIframeAPIReady object| gaGlobal function| Pusher

6 Cookies

Domain/Path Name / Value
tortilla.order.orderpay.com/checkout Name: clientId
Value: cb594898-045d-4a81-8735-6322e7a4df6b
.order.orderpay.com/ Name: b3JkZXIub3JkZXJwYXkuY29t-_lr_tabs_-taaam2%2Forderpay-web-ordering
Value: {%22sessionID%22:0%2C%22recordingID%22:%225-d3c10c4e-6cf8-4487-be43-39044235755f%22%2C%22lastActivity%22:1681329376103}
.order.orderpay.com/ Name: b3JkZXIub3JkZXJwYXkuY29t-_lr_hb_-taaam2%2Forderpay-web-ordering
Value: {%22heartbeat%22:1681329376104}
.order.orderpay.com/ Name: b3JkZXIub3JkZXJwYXkuY29t-_lr_uf_-taaam2
Value: dcce5473-5481-4123-81d5-ea5470e38fc8
.orderpay.com/ Name: _ga
Value: GA1.1.856111673.1681329376
.orderpay.com/ Name: _ga_5MVYLWVQJ2
Value: GS1.1.1681329376.1.0.1681329376.0.0.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-8UeaTFgONeDJAHWACmm1HGmT0BL27RM3l9sUHU6si2w=' 'sha256-LC7zufkJVnVcGzIdvLutXl7tN7Ctpecbz6VpXRbdC0A=' data: https://*.orderpay.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://euc-widget.freshworks.com https://maps.googleapis.com https://polyfill.io https://appleid.cdn-apple.com https://cdn.lr-ingest.io https://js.stripe.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-in-prod.com ; style-src 'self' data: 'unsafe-inline' https://euc-widget.freshworks.com ; img-src * data: ; connect-src * ; media-src ; object-src ; prefetch-src * ; worker-src 'self' https://js.stripe.com https://hooks.stripe.com blob: ; frame-src 'self' https://*.google.com https://js.stripe.com https://hooks.stripe.com https://www.gstatic.com blob: ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; base-uri 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

appleid.cdn-apple.com
cdn.lr-ingest.io
device-gateway.orderpay.com
euc-widget.freshworks.com
o379234.ingest.sentry.io
polyfill.io
r.lr-ingest.io
tortilla.order.orderpay.com
www.google-analytics.com
www.googletagmanager.com
104.103.146.207
104.198.23.205
13.35.24.114
13.35.24.38
2404:6800:4003:c03::61
2404:6800:4003:c04::66
2606:4700:3030::ac43:c17e
2a04:4e42:400::282
34.120.195.249
54.194.138.233
0588ff44f0e5b1bc90667af4a0082cbf0cdbeeb8e47a2eda5919c4e14b9a074c
1389f1440c15e17472bb00d3c0333d0f47cbca5d0216291a23e8654277330198
23f48ed60857e2bbd5ee081d206d2d7331e12bc5f9cfa3582029bc2745d5cbb6
2aa6c61578a4147f09a683d8f0c4d307b15b76ba30b07d26c971a9574f2fe578
4173bf82d1612cf1d16e88e6f361a9b047ef7a873cf01a59595df202486a45e6
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
448eb68b611a08262f556b5d0e97aa01310676ae7320bc4ae73dd459e404ed34
4d3ecdae5602d3581d8fd07b3fec84bfec3c771e62b44f30e61b455be9d0d551
4e8724a684f4facb5a12d31cd35fd4b77c5326b347fa132ef5056b39c02151dd
502137a1d4c724143a37adaf8501eae0764ae499b274e219ca99693f6e8d3a17
563b7f21113c021f558c27610d7302a6d05d54c101f0586797d8fbaef6239014
5a9b938d2f1ee3c846554bf58a7aa414ff56f5157a96f7261efa37796346517e
60e60bf2583cf7444b00a4b0b8d46de5fd5816f768fc72fd71c643357132df69
6385f78be0d207efff7b4bd0ebd48f279cd25b293481a964ab1263a091039e30
6a8cd6fda1909418adbdf65a00ae383283209bcb944611a011bece76b2782ea0
6ad4cc299b926505db96ea4e20e3f22a74453f9b7b26d2032d9e4990b3e0d32b
6ff0b378858c99ff18691c8c55c5b132f23973cffb51e582cabe997bfdc1d110
7fa8c2c7e7223cb5d08846c6dcc2ad3e7752a2da67b922ea35373236ae153215
89744602b48f2d4f490bf2e93df05c21d6235518be9f61cc1746b9d551926ac2
8ebacbb21c44df912cc37daa17af49222ae6978d9c64a75361d828dd05a59d65
9c68880ba917336089d7e84f0778205bae3a901fb59a1fd9b2747ea853774004
9d47ed597f534045a9ff2e82881be2ee7ef72b73e0b9debd668c4bd155414809
9eef2b2d8b9f1b2c62e3c8134eedf1007098154025d986f38efd395d0a87ee5e
a50b51ac483825c4c798132f572dc813498c9087ff4f4d4b0cafd5deba43d130
a7cdfde7c3078db50359e933a12d560020581b4b5faab52eddc9760238047ccd
abc4e9fa4489f6477b783551c587b9a04eac952f27d5ba9921205c0df4a9f398
ae98b7a56d3449bcceae376a6cded29acf983b54d88774c21fa97397238b9885
b48189ed59463628a5629340d7f0480b0fd4fb7991dfef6da4b92ba1c18e74b5
b4c5c0e54e922f68803f8e9c6e96460984a199e74a4199ccfd07e0cc1e9d7da4
bad3ba937a031311e64ce8be12fc2d79f9c11110c16886fff44304c4c85b1c66
c825e83c8a5908f65a21f88308aae6081ceb6e60b5ee6af89a6bdea806acf76f
d7c71b2481b8bf479f8224ce14231b6ec1800a45c9fe3762109d66788d05e977
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
dbdcc9d3e84c20297557336e91f8faf66406631e48ad95d0c06accdc597427f8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f173eae04e7f1b5a805d7db7fbc0b0d6eb1142b2c887eefd98b04458179178f5
f56d149faa31742bd9103994d43c1f42ab312c00f812a135d38e427830781dfc
f8457040a75e8377ae87008f38eb3eb7ac1a06d2766f624bd79e36f12f0ca3d9
fd899442c2e228b75ababfc6183c7829fd72af587f4333908d230bedfa0fd576