www.elfcosmetics.com Open in urlscan Pro
204.2.138.109 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.elfdosmetics.com/
Effective URL:
https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080...
Submission: On June 22 via api (June 22nd 2023, 3:23:43 pm UTC) from US — Scanned from US

Summary HTTP 158 Redirects Behaviour Indicators

Summary

This website contacted 52 IPs in 1 countries across 45 domains to perform 158 HTTP transactions. The main IP is 204.2.138.109, located in and belongs to . The main domain is www.elfcosmetics.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 8th 2022. Valid for: a year.

This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.172.228.26 167.172.228.26	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 2	52.117.247.211 52.117.247.211	36351 (SOFTLAYER) (SOFTLAYER)
2	52.116.53.146 52.116.53.146	36351 (SOFTLAYER) (SOFTLAYER)
1	52.116.53.151 52.116.53.151	36351 (SOFTLAYER) (SOFTLAYER)
1 3	192.138.218.207 192.138.218.207	14332 (SHOPZILLA) (SHOPZILLA)
3	2607:f8b0:400... 2607:f8b0:4006:817::2008	15169 (GOOGLE) (GOOGLE)
1	108.139.29.103 108.139.29.103	16509 (AMAZON-02) (AMAZON-02)
5	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2001:4998:14:... 2001:4998:14:800::1001	14777 (YAHOO) (YAHOO)
2 2	50.16.197.56 50.16.197.56	14618 (AMAZON-AES) (AMAZON-AES)
1	64.19.224.203 64.19.224.203	14332 (SHOPZILLA) (SHOPZILLA)
4	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	76.13.32.146 76.13.32.146	26101 (YAHOO-BF1) (YAHOO-BF1)
1 6	2607:f8b0:402... 2607:f8b0:4020:805::2002	() ()
7	2607:f8b0:402... 2607:f8b0:4020:805::2004	() ()
1 1	192.138.218.139 192.138.218.139	() ()
1 9	204.2.138.109 204.2.138.109	() ()
19	2606:4700::68... 2606:4700::6812:12c0	() ()
3	151.101.66.133 151.101.66.133	() ()
11	2606:4700::68... 2606:4700::6812:a972	() ()
3	2600:9000:246... 2600:9000:246d:fc00:a:b89d:a6c0:93a1	() ()
2	151.101.194.133 151.101.194.133	() ()
1	2600:9000:246... 2600:9000:246d:4a00:15:ad21:c740:93a1	() ()
1	2606:4700::68... 2606:4700::6812:1c26	() ()
3	2607:f8b0:402... 2607:f8b0:4020:807::200e	() ()
4 8	172.217.13.134 172.217.13.134	() ()
1	2600:9000:24f... 2600:9000:24f4:f800:11:85b0:d600:93a1	() ()
2 3	68.67.160.26 68.67.160.26	() ()
3	108.138.106.59 108.138.106.59	() ()
2	2607:f8b0:400... 2607:f8b0:4004:c0b::9d	() ()
4	2607:f8b0:402... 2607:f8b0:4020:807::2002	() ()
1	44.206.147.227 44.206.147.227	() ()
1 1	108.138.128.63 108.138.128.63	() ()
1	18.165.9.43 18.165.9.43	() ()
1	204.141.89.251 204.141.89.251	() ()
2	104.91.106.8 104.91.106.8	() ()
1	34.102.147.248 34.102.147.248	() ()
7	151.101.1.21 151.101.1.21	() ()
1	2600:1400:900... 2600:1400:9000::687e:774b	() ()
3	2600:9000:246... 2600:9000:246d:f800:13:d6f4:3240:93a1	() ()
1	172.217.13.162 172.217.13.162	() ()
6	23.196.3.180 23.196.3.180	() ()
1	2600:9000:246... 2600:9000:246d:3e00:a:7914:b00:93a1	() ()
1	34.120.253.250 34.120.253.250	() ()
1	18.164.116.65 18.164.116.65	() ()
1	2606:4700::68... 2606:4700::6811:190e	() ()
2	35.190.10.96 35.190.10.96	() ()
1	34.98.67.3 34.98.67.3	() ()
1	2607:f8b0:402... 2607:f8b0:4020:806::200e	() ()
1	52.7.203.140 52.7.203.140	() ()
1	2600:9000:246... 2600:9000:246c:1c00:1b:50c2:4000:93a1	() ()
2	54.198.143.186 54.198.143.186	() ()
1	151.101.193.35 151.101.193.35	() ()
3	34.98.72.95 34.98.72.95	() ()
158	52

1 167.172.228.26 (Clifton, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

www.elfdosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.117.247.211 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: d3.f7.7534.ip4.static.sl-reverse.com

myckdom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p374591.myckdom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.116.53.146 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 92.35.7434.ip4.static.sl-reverse.com

clkdeals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.116.53.151 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 97.35.7434.ip4.static.sl-reverse.com

241.trackingms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.138.218.207 (United States) 1 redirects

ASN14332 (SHOPZILLA, US)
PTR: rd.bizrate.com

go.shopyourlikes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rd.bizrate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:817::2008 (Flushing, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.139.29.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-103.jfk50.r.cloudfront.net

s5.cnnx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4998:14:800::1001 (United States)

ASN14777 (YAHOO, US)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.16.197.56 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-197-56.compute-1.amazonaws.com

loadus.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.19.224.203 (United States)

ASN14332 (SHOPZILLA, US)

pxl.connexity.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.13.32.146 (Lockport, United States)

ASN26101 (YAHOO-BF1, US)
PTR: spdc.pbp.vip.bf1.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4020:805::2002 (None, ) 1 redirects

ASN- ()

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4020:805::2004 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.138.218.139 (None, ) 1 redirects

ASN- ()

rd.connexity.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 204.2.138.109 (None, ) 1 redirects

ASN- ()

www.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2606:4700::6812:12c0 (None, )

ASN- ()

cdn.media.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.66.133 (None, )

ASN- ()

cdn-fsly.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:a972 (None, )

ASN- ()

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:246d:fc00:a:b89d:a6c0:93a1 (None, )

ASN- ()

cdn.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.133 (None, )

ASN- ()

sdk.iad-05.braze.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:246d:4a00:15:ad21:c740:93a1 (None, )

ASN- ()

st.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1c26 (None, )

ASN- ()

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4020:807::200e (None, )

ASN- ()

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.13.134 (None, ) 4 redirects

ASN- ()

9231397.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10742279.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10265292.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24f4:f800:11:85b0:d600:93a1 (None, )

ASN- ()

js.cnnx.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.160.26 (None, ) 2 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.106.59 (None, )

ASN- ()

async-px.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c0b::9d (None, )

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4020:807::2002 (None, )

ASN- ()

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.206.147.227 (None, )

ASN- ()

pixel.mediaiqdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.128.63 (None, ) 1 redirects

ASN- ()

ads.undertone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.165.9.43 (None, )

ASN- ()

evt.undertone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.141.89.251 (None, )

ASN- ()

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.91.106.8 (None, )

ASN- ()

static.ordergroove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.147.248 (None, )

ASN- ()

tag.rmp.rakuten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.1.21 (None, )

ASN- ()

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:9000::687e:774b (None, )

ASN- ()

websdk.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:246d:f800:13:d6f4:3240:93a1 (None, )

ASN- ()

cdn.usehero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.13.162 (None, )

ASN- ()

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.196.3.180 (None, )

ASN- ()

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:246d:3e00:a:7914:b00:93a1 (None, )

ASN- ()

js.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (None, )

ASN- ()

tag.wknd.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.116.65 (None, )

ASN- ()

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (None, )

ASN- ()

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.10.96 (None, )

ASN- ()

collector-pxxt4gy2ig.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (None, )

ASN- ()

ut.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:806::200e (None, )

ASN- ()

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.203.140 (None, )

ASN- ()

api.usehero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:246c:1c00:1b:50c2:4000:93a1 (None, )

ASN- ()

external-api.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.198.143.186 (None, )

ASN- ()

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.35 (None, )

ASN- ()

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.72.95 (None, )

ASN- ()

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	amplience.net cdn.media.amplience.net	2 MB
16	doubleclick.net 5 redirects googleads.g.doubleclick.net 9231397.fls.doubleclick.net 10742279.fls.doubleclick.net 10265292.fls.doubleclick.net stats.g.doubleclick.net	14 KB
12	google.com www.google.com adservice.google.com analytics.google.com	2 KB
11	cookielaw.org cdn.cookielaw.org	140 KB
9	elfcosmetics.com 1 redirects www.elfcosmetics.com	296 KB
8	paypal.com www.paypal.com t.paypal.com	228 KB
7	dynamicyield.com cdn.dynamicyield.com st.dynamicyield.com async-px.dynamicyield.com	186 KB
6	tiktok.com analytics.tiktok.com	198 KB
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	317 KB
4	usehero.com cdn.usehero.com api.usehero.com	312 KB
4	yottaa.net cdn-fsly.yottaa.net qoe-1.yottaa.net	936 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	301 B
4	bing.com bat.bing.com — Cisco Umbrella Rank: 389	13 KB
3	bounceexchange.com assets.bounceexchange.com	1 KB
3	contentsquare.net t.contentsquare.net c.contentsquare.net	79 KB
3	adnxs.com 2 redirects secure.adnxs.com	3 KB
3	google-analytics.com www.google-analytics.com	21 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	264 KB
2	px-cloud.net collector-pxxt4gy2ig.px-cloud.net	1 KB
2	jebbit.com js.jebbit.com external-api.jebbit.com	95 KB
2	ordergroove.com static.ordergroove.com	63 KB
2	undertone.com 1 redirects ads.undertone.com evt.undertone.com	1 KB
2	braze.com sdk.iad-05.braze.com	463 B
2	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 1156	879 B
2	connexity.net 1 redirects pxl.connexity.net — Cisco Umbrella Rank: 5853 rd.connexity.net	2 KB
2	exelator.com 2 redirects loadus.exelator.com — Cisco Umbrella Rank: 1428	2 KB
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 531	7 KB
2	bizrate.com rd.bizrate.com — Cisco Umbrella Rank: 66780	17 KB
2	clkdeals.com clkdeals.com — Cisco Umbrella Rank: 246408	393 B
2	myckdom.com 1 redirects myckdom.com — Cisco Umbrella Rank: 57146 p374591.myckdom.com — Cisco Umbrella Rank: 317269	2 KB
1	linksynergy.com ut.rd.linksynergy.com	391 B
1	cloudflare.com cdnjs.cloudflare.com	40 KB
1	wknd.ai tag.wknd.ai	5 KB
1	googleadservices.com www.googleadservices.com	2 KB
1	appsflyer.com websdk.appsflyer.com	12 KB
1	rakuten.com tag.rmp.rakuten.com	15 KB
1	mediaiqdigital.com pixel.mediaiqdigital.com	82 B
1	cnnx.link js.cnnx.link	1 KB
1	onetrust.com geolocation.onetrust.com	305 B
1	cnnx.io s5.cnnx.io — Cisco Umbrella Rank: 107360	540 B
1	shopyourlikes.com 1 redirects go.shopyourlikes.com — Cisco Umbrella Rank: 216881	790 B
1	trackingms.com 241.trackingms.com — Cisco Umbrella Rank: 752856	601 B
1	elfdosmetics.com 1 redirects www.elfdosmetics.com	2 KB
0	paypalobjects.com Failed www.paypalobjects.com Failed
0	ipify.org Failed api.ipify.org Failed
158	45

	Domain	Requested by
19	cdn.media.amplience.net	www.elfcosmetics.com
11	cdn.cookielaw.org	cdn-fsly.yottaa.net cdn.cookielaw.org www.elfcosmetics.com
9	www.elfcosmetics.com	1 redirects rd.bizrate.com www.elfcosmetics.com cdn-fsly.yottaa.net
7	www.paypal.com	www.elfcosmetics.com www.paypal.com
7	www.google.com	rd.bizrate.com www.elfcosmetics.com
6	analytics.tiktok.com	www.elfcosmetics.com analytics.tiktok.com
6	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com www.elfcosmetics.com
5	connect.facebook.net	rd.bizrate.com connect.facebook.net www.elfcosmetics.com
4	adservice.google.com	10265292.fls.doubleclick.net 10742279.fls.doubleclick.net 9231397.fls.doubleclick.net
4	10742279.fls.doubleclick.net	2 redirects www.googletagmanager.com
4	www.facebook.com	rd.bizrate.com
4	bat.bing.com	rd.bizrate.com bat.bing.com
3	assets.bounceexchange.com	www.elfcosmetics.com
3	cdn.usehero.com	www.elfcosmetics.com cdn.usehero.com
3	async-px.dynamicyield.com	cdn.dynamicyield.com
3	secure.adnxs.com	2 redirects www.elfcosmetics.com
3	www.google-analytics.com	www.elfcosmetics.com www.google-analytics.com
3	cdn.dynamicyield.com	www.elfcosmetics.com
3	cdn-fsly.yottaa.net	www.elfcosmetics.com
3	www.googletagmanager.com	rd.bizrate.com www.elfcosmetics.com
2	c.contentsquare.net
2	collector-pxxt4gy2ig.px-cloud.net	www.elfcosmetics.com
2	static.ordergroove.com	www.elfcosmetics.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	10265292.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	9231397.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	sdk.iad-05.braze.com	cdn-fsly.yottaa.net
2	sp.analytics.yahoo.com	rd.bizrate.com
2	loadus.exelator.com	2 redirects
2	s.yimg.com	rd.bizrate.com s.yimg.com
2	rd.bizrate.com	241.trackingms.com rd.bizrate.com
2	clkdeals.com	p374591.myckdom.com 241.trackingms.com
1	t.paypal.com
1	external-api.jebbit.com	js.jebbit.com
1	api.usehero.com	cdn.usehero.com
1	analytics.google.com	www.googletagmanager.com
1	ut.rd.linksynergy.com	www.elfcosmetics.com
1	cdnjs.cloudflare.com	www.elfcosmetics.com
1	t.contentsquare.net	www.elfcosmetics.com
1	tag.wknd.ai	www.elfcosmetics.com
1	js.jebbit.com	www.elfcosmetics.com
1	www.googleadservices.com	www.elfcosmetics.com
1	websdk.appsflyer.com	www.elfcosmetics.com
1	tag.rmp.rakuten.com	www.elfcosmetics.com
1	qoe-1.yottaa.net	www.elfcosmetics.com
1	evt.undertone.com	9231397.fls.doubleclick.net
1	ads.undertone.com	1 redirects
1	pixel.mediaiqdigital.com	www.elfcosmetics.com
1	js.cnnx.link	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	st.dynamicyield.com	www.elfcosmetics.com
1	rd.connexity.net	1 redirects
1	pxl.connexity.net	rd.bizrate.com
1	s5.cnnx.io	rd.bizrate.com
1	go.shopyourlikes.com	1 redirects
1	241.trackingms.com	p374591.myckdom.com
1	p374591.myckdom.com
1	myckdom.com	1 redirects
1	www.elfdosmetics.com	1 redirects
0	www.paypalobjects.com Failed	www.elfcosmetics.com
0	api.ipify.org Failed	cdn-fsly.yottaa.net
158	61

This site contains no links.

Subject Issuer	Validity	Valid
*.myckdom.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-03-20`	a year	crt.sh
www.clkdeals.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-07` - `2023-12-29`	a year	crt.sh
*.trackingms.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-26` - `2024-03-17`	a year	crt.sh
*.bizrate.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-19` - `2023-09-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
s1.cnnx.io Amazon RSA 2048 M01	`2023-02-28` - `2023-09-27`	7 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-03-31` - `2023-06-29`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-05-22` - `2023-07-12`	2 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-05-30` - `2023-11-22`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.elfcosmetics.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-08` - `2023-10-22`	a year	crt.sh
dm.amplience.net DigiCert TLS RSA SHA256 2020 CA1	`2022-07-20` - `2023-08-15`	a year	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2022-09-08` - `2023-10-10`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.dynamicyield.com Amazon RSA 2048 M02	`2023-02-28` - `2023-10-17`	8 months	crt.sh
*.iad-05.braze.com GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-10-23` - `2023-11-24`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
js.cnnx.link Amazon RSA 2048 M02	`2023-02-28` - `2023-09-08`	6 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.ordergroove.com Go Daddy Secure Certificate Authority - G2	`2022-08-24` - `2023-08-10`	a year	crt.sh
tag.rmp.rakuten.com GTS CA 1D4	`2023-06-06` - `2023-09-04`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-10` - `2023-11-10`	a year	crt.sh
*.appsflyer.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-22` - `2023-09-24`	a year	crt.sh
*.usehero.com Amazon RSA 2048 M01	`2023-03-01` - `2023-10-26`	8 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2023-03-13` - `2024-04-12`	a year	crt.sh
*.jebbit.com Amazon RSA 2048 M01	`2023-05-24` - `2024-06-21`	a year	crt.sh
tag.wknd.ai R3	`2023-05-24` - `2023-08-22`	3 months	crt.sh
t.contentsquare.net Amazon RSA 2048 M01	`2023-02-21` - `2023-11-11`	9 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2022-08-30` - `2023-09-29`	a year	crt.sh
*.rd.linksynergy.com ZeroSSL RSA Domain Secure Site CA	`2023-02-13` - `2024-02-13`	a year	crt.sh
api.usehero.com Amazon RSA 2048 M01	`2023-02-05` - `2024-03-05`	a year	crt.sh
dep.bf.contentsquare.net Amazon RSA 2048 M01	`2023-03-20` - `2024-04-17`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-10-19` - `2023-11-19`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2023-05-25` - `2023-08-23`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Frame ID: C2A11277EF80C5205D0CBC8D5B6F47F4
Requests: 144 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005
Frame ID: 3D024A1BCCEDA484E30A54B46078E292
Requests: 3 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=COzq4r-X1_8CFSIKaAgdkkYL_g;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005
Frame ID: E06EED6CE9BA9BC5A3489EABE069DC57
Requests: 2 HTTP requests in this frame

Frame: https://10265292.fls.doubleclick.net/activityi;dc_pre=CNDm47-X1_8CFb4OaAgdaP8ITw;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=1789741671.1687447419;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005
Frame ID: 44C94BD52E7F141185A5DB42E6D01D2A
Requests: 2 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CPvw4r-X1_8CFZ8MaAgdiUwIiA;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005
Frame ID: EDB9837C60E734BB966B5FB25EF1FBFE
Requests: 2 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.41.0&integrationType=SDK
Frame ID: E9175C042D406B85AC66865A80754ECC
Requests: 4 HTTP requests in this frame

Frame: https://cdn.usehero.com/plugin.5.44.0.js
Frame ID: DD0430FC1A58866E2B8A21ED6482125D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.elfdosmetics.com/ HTTP 302
https://myckdom.com/aS/feedclick?s=ULvdn1uz3febt1xI3YONt7YUp7aBBDBgb4wz1M5huC7Q_PmFw_FpuZ5tV7Jmg... HTTP 302
https://p374591.myckdom.com/adServe/domainClick?ai=KH3sNciCPPoYAgm9ynsJlM98ZrHj-N0rl_kLECECCYSa2U3E2kWB7... Page URL
https://241.trackingms.com/adServe/aff?oid=989963&pid=294080&subid=90447644507&dp1=442569856&dp3=UNKNOWN Page URL
https://go.shopyourlikes.com/pi/39a9f07405e997116e7281a26286308da686ac75?afId=725724&afCampaignId=MF&afPl... HTTP 302
https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm... Page URL
https://rd.connexity.net/rd2?mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac77... HTTP 302
https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=168744... Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Dynamic Yield (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

cdn\.dynamicyield\.\w+/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Rakuten (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

tag\.rmp\.rakuten\.com

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

Page Statistics

158
Requests

89 %
HTTPS

40 %
IPv6

45
Domains

61
Subdomains

52
IPs

1
Countries

5821 kB
Transfer

15002 kB
Size

23
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.elfdosmetics.com/ HTTP 302
https://myckdom.com/aS/feedclick?s=ULvdn1uz3febt1xI3YONt7YUp7aBBDBgb4wz1M5huC7Q_PmFw_FpuZ5tV7JmgQXznIFjje5HrPodK7X5QIc3n0hfs9IVa7UG37q4Cgpg75MByokIpjiFKluxNC_VCHffxlOmzgR5fh3nQoQZVtH1UcHY6z5T2K7NFT_4ZRcycYhE4SNQnhYuCq47aVe8VVuvpDyo0kGcuudEMhzzZpchcmxaAzSho9pxyqpyIidsASsYSBAQB2fMkjJtSgZQdDs018-XicrluTDqa2p45GuQe8RlWwkvJg8ArT2IKh5kVZCiCPFc_zyXZ9N7vkfsGnhdE6tJh50ePq0CWuZBF__XRfyTG5eAU8OEm0WcIk5CjctO3HgbgfoxDzKQ32MLFJfBXf_wGGB2oAAcuwcJ89KZnEeyVm8YsSx26hSR5myopA51aQM1EcJa7G2FCalHYuHH6aE1gD8L_85dDRPRco3JGvWDYV-JOCRH_ihlCAlcbsL7lBP-QtFcT0qgiHi-OjP79CM1BZ4ZkIQBQBYMDLi19EL3mJ1fMJn4e36knggGCOUrgUBC_fa-jeCAQgDPcZhHc1F94GMDmHIShZ-Myef3CBKRGHYfWP4IDJCkWbm3-JFAwHJi7WkQ6dIF4zgMVI2cClzvNqL-1RZgceDIjFgEtk7i6qVLUOOGktJw3Hvo-xHRZUnWpZwTDqb7s8TWeGOLPXnV6M2OLPD4OExbA3r81LQ3LDJ_Ra4UiTmE0jWl-0gmJEJfDIerjckG8M2JZhMh99646nWdIwOtucxeG_5h4EH0nUhDKx5AhfQ9fHccYIPW8XK2IpbhETz-4M-MQChoAAsPJtv8nraHbI6sAmMiTi1MmOP4hZorJBKg5jNdcdW0k9gkD_akWxrew9s0eFgr-bbmZuS8nXb8F4cGUA0Vmxss91eerTBazTHQ6eafX_g0FAPqK7QwuQcTyURewViJ229VGLY4kZloTbaOF9js9aCQEoPPQasWMZ7oon_RI7pJvuxakANna_kMJPwGihGUSoK7XQHAIrpPh_s77N33Ck5ge_1iHzhd62isKzxknQ5HV_0WlvjVkcZze0OPyIvq5o_Lplk0AzdLkF1ZBBrlh92dIAN9m5jYlCgHiEhZXJUsEYbIyiDvnAHU-gvE2pe8ciuPX-fdKM5NgfwC0336CZfvEzo4Uf4m6genedmwlEi7fJPfprpufkqzLDlUjqxSDjmcoqOX7qPCmGmekBdrWWXJhEJPyUEUgpVrr2IIMLL4uHxUuxVJ0pxkPIpB7QKSDUqMzsBaqoIh6s0pPikYO6m9jz3k3JaI15j8meyi4Gvss5LeeC9SYiPM9YV_o4drZUBGVM3uuEoOCQefsEKlXXDmApL_E0jfTs-ylLhx7khGz3q-Dq26s7F54JeKebuaylpqcAKMB5XXCJErnCubpA91ezGWJnTGNBZJ8qPX0h_aufLABMq5WdUrTBluRpZunlHWmX__7QAZFlltCXfWPI2pq31lqDxoaW_71CtbnC0yTSwFM-bqVvk47w7T_oIliAkiULv85T9RK64a56zj4P5s-xkFlmlESIVM0vJHV2Subypc84_Qj4roglwXw5clZULZPe8tfN9lvy55s6Gi2RkWWW0Jd9Y8jamrfWWoPGiO6H1NCxtoHQESFRFkGGdPiTyZfQpDr9d1ebl6OmkLDMaXKQZGKoUbyS0bhoCdTTFm5RapSRnE7xfgRBjYIHiR8qxPirCC-BQ0VYkvD5md4aSHTU__XKXIFAxFYbV4hWgnhW6ZgUSdV6gRNR9qDRmMfu6vX_MQ2medvysZIEC_ptPExdJ3McGJnIYm-3IOEAbd2w3cmM3Hcxoe69ovvZ0wjgAh-lLfURZ52jM6-Hyv0uj8XR1W2dcZBMBa2vTRut5Su5IxmayDUhvmgeNAewFO50zajZOuC7nmh6y2RNxf5w HTTP 302
https://p374591.myckdom.com/adServe/domainClick?ai=KH3sNciCPPoYAgm9ynsJlM98ZrHj-N0rl_kLECECCYSa2U3E2kWB7tcRSvuwOr-V7tPSf7OiZprzn3Hig8mF4FhGdKUqq2eWoKe_r3SbM0YzW8vUbE2iDs7Tejv1_e9UbxjNS0ztqciY-sGiQOkCSV22tRDsvu5tje0dlVJ5w2bi9eDmkAdZ9eQwq1Q051dLuPbZZy59kg0SittliUGUCUqBvPRUX_5Yf_1vyTLYjVsU7XNcAuIUwl5eqluxZjCfXaThdUnMcle7DZRrR8TT5Zf5CxAhAgmEp0OdqGvuTddiVnQIGgxQDiU7ugF2M-yuGRZZbQl31jyNqat9Zag8aCT4wVIzB4sUVr5zdXV-roWAvsy17o8fXSUkGzlcuYwrssyNdu1BBlbHl0cP40PY-tOuCg1e2kATdM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIDNNXbzOl0z0Fy9LbfW_6duFoOnPfBtp4E6PC1ui2TsUW0YeVoTdAMXo_8JgIlG3qFgRrt2Me9tjkMwyPjXk-M-gPD1SWVyJiQdnT7Vl1pcpD9pKOtdD02hMCwHv-3SBphbgy-daD831oMeId3YDpwXgKfHiy9A9j&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hb9C9lHPDYFUSR8aYU2ehKbdZZcf_RZW6uZ_rzdREeMmSKAs1U5YP1bcz33VX021Pveq-uKTomjw&si=1&oref=40e4dd1dffdebf956ec44f4e69a0954c&optunit=Z3ZTVPoyhs5hFIh15jir-2WSQsQHXjql&rb=xpilJuU8uhk&rr=1&isco=t&abtg=0 Page URL
https://241.trackingms.com/adServe/aff?oid=989963&pid=294080&subid=90447644507&dp1=442569856&dp3=UNKNOWN Page URL
https://go.shopyourlikes.com/pi/39a9f07405e997116e7281a26286308da686ac75?afId=725724&afCampaignId=MF&afPlacementId=186631&afRid=90447629330 HTTP 302
https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913 Page URL
https://rd.connexity.net/rd2?mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913&t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&br=16874474106883950353102030301012194&rf=af1&vsc=dau&rdrSerial=b54bee44-e87f-41c2-a00b-3a7902dfc4a1&redirectId=16874474107777942245110080301008005 HTTP 302
https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.elfdosmetics.com/ HTTP 302
https://myckdom.com/aS/feedclick?s=ULvdn1uz3febt1xI3YONt7YUp7aBBDBgb4wz1M5huC7Q_PmFw_FpuZ5tV7JmgQXznIFjje5HrPodK7X5QIc3n0hfs9IVa7UG37q4Cgpg75MByokIpjiFKluxNC_VCHffxlOmzgR5fh3nQoQZVtH1UcHY6z5T2K7NFT_4ZRcycYhE4SNQnhYuCq47aVe8VVuvpDyo0kGcuudEMhzzZpchcmxaAzSho9pxyqpyIidsASsYSBAQB2fMkjJtSgZQdDs018-XicrluTDqa2p45GuQe8RlWwkvJg8ArT2IKh5kVZCiCPFc_zyXZ9N7vkfsGnhdE6tJh50ePq0CWuZBF__XRfyTG5eAU8OEm0WcIk5CjctO3HgbgfoxDzKQ32MLFJfBXf_wGGB2oAAcuwcJ89KZnEeyVm8YsSx26hSR5myopA51aQM1EcJa7G2FCalHYuHH6aE1gD8L_85dDRPRco3JGvWDYV-JOCRH_ihlCAlcbsL7lBP-QtFcT0qgiHi-OjP79CM1BZ4ZkIQBQBYMDLi19EL3mJ1fMJn4e36knggGCOUrgUBC_fa-jeCAQgDPcZhHc1F94GMDmHIShZ-Myef3CBKRGHYfWP4IDJCkWbm3-JFAwHJi7WkQ6dIF4zgMVI2cClzvNqL-1RZgceDIjFgEtk7i6qVLUOOGktJw3Hvo-xHRZUnWpZwTDqb7s8TWeGOLPXnV6M2OLPD4OExbA3r81LQ3LDJ_Ra4UiTmE0jWl-0gmJEJfDIerjckG8M2JZhMh99646nWdIwOtucxeG_5h4EH0nUhDKx5AhfQ9fHccYIPW8XK2IpbhETz-4M-MQChoAAsPJtv8nraHbI6sAmMiTi1MmOP4hZorJBKg5jNdcdW0k9gkD_akWxrew9s0eFgr-bbmZuS8nXb8F4cGUA0Vmxss91eerTBazTHQ6eafX_g0FAPqK7QwuQcTyURewViJ229VGLY4kZloTbaOF9js9aCQEoPPQasWMZ7oon_RI7pJvuxakANna_kMJPwGihGUSoK7XQHAIrpPh_s77N33Ck5ge_1iHzhd62isKzxknQ5HV_0WlvjVkcZze0OPyIvq5o_Lplk0AzdLkF1ZBBrlh92dIAN9m5jYlCgHiEhZXJUsEYbIyiDvnAHU-gvE2pe8ciuPX-fdKM5NgfwC0336CZfvEzo4Uf4m6genedmwlEi7fJPfprpufkqzLDlUjqxSDjmcoqOX7qPCmGmekBdrWWXJhEJPyUEUgpVrr2IIMLL4uHxUuxVJ0pxkPIpB7QKSDUqMzsBaqoIh6s0pPikYO6m9jz3k3JaI15j8meyi4Gvss5LeeC9SYiPM9YV_o4drZUBGVM3uuEoOCQefsEKlXXDmApL_E0jfTs-ylLhx7khGz3q-Dq26s7F54JeKebuaylpqcAKMB5XXCJErnCubpA91ezGWJnTGNBZJ8qPX0h_aufLABMq5WdUrTBluRpZunlHWmX__7QAZFlltCXfWPI2pq31lqDxoaW_71CtbnC0yTSwFM-bqVvk47w7T_oIliAkiULv85T9RK64a56zj4P5s-xkFlmlESIVM0vJHV2Subypc84_Qj4roglwXw5clZULZPe8tfN9lvy55s6Gi2RkWWW0Jd9Y8jamrfWWoPGiO6H1NCxtoHQESFRFkGGdPiTyZfQpDr9d1ebl6OmkLDMaXKQZGKoUbyS0bhoCdTTFm5RapSRnE7xfgRBjYIHiR8qxPirCC-BQ0VYkvD5md4aSHTU__XKXIFAxFYbV4hWgnhW6ZgUSdV6gRNR9qDRmMfu6vX_MQ2medvysZIEC_ptPExdJ3McGJnIYm-3IOEAbd2w3cmM3Hcxoe69ovvZ0wjgAh-lLfURZ52jM6-Hyv0uj8XR1W2dcZBMBa2vTRut5Su5IxmayDUhvmgeNAewFO50zajZOuC7nmh6y2RNxf5w HTTP 302
https://p374591.myckdom.com/adServe/domainClick?ai=KH3sNciCPPoYAgm9ynsJlM98ZrHj-N0rl_kLECECCYSa2U3E2kWB7tcRSvuwOr-V7tPSf7OiZprzn3Hig8mF4FhGdKUqq2eWoKe_r3SbM0YzW8vUbE2iDs7Tejv1_e9UbxjNS0ztqciY-sGiQOkCSV22tRDsvu5tje0dlVJ5w2bi9eDmkAdZ9eQwq1Q051dLuPbZZy59kg0SittliUGUCUqBvPRUX_5Yf_1vyTLYjVsU7XNcAuIUwl5eqluxZjCfXaThdUnMcle7DZRrR8TT5Zf5CxAhAgmEp0OdqGvuTddiVnQIGgxQDiU7ugF2M-yuGRZZbQl31jyNqat9Zag8aCT4wVIzB4sUVr5zdXV-roWAvsy17o8fXSUkGzlcuYwrssyNdu1BBlbHl0cP40PY-tOuCg1e2kATdM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIDNNXbzOl0z0Fy9LbfW_6duFoOnPfBtp4E6PC1ui2TsUW0YeVoTdAMXo_8JgIlG3qFgRrt2Me9tjkMwyPjXk-M-gPD1SWVyJiQdnT7Vl1pcpD9pKOtdD02hMCwHv-3SBphbgy-daD831oMeId3YDpwXgKfHiy9A9j&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hb9C9lHPDYFUSR8aYU2ehKbdZZcf_RZW6uZ_rzdREeMmSKAs1U5YP1bcz33VX021Pveq-uKTomjw&si=1&oref=40e4dd1dffdebf956ec44f4e69a0954c&optunit=Z3ZTVPoyhs5hFIh15jir-2WSQsQHXjql&rb=xpilJuU8uhk&rr=1&isco=t&abtg=0

Request Chain 4

https://go.shopyourlikes.com/pi/39a9f07405e997116e7281a26286308da686ac75?afId=725724&afCampaignId=MF&afPlacementId=186631&afRid=90447629330 HTTP 302
https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913

Request Chain 11

https://loadus.exelator.com/load/?p=204&g=92&j=0 HTTP 302
https://loadus.exelator.com/load/?p=204&g=92&j=0&xl8blockcheck=1 HTTP 302
https://pxl.connexity.net/c/cse?a=R&A=292&D=6a0d&V=9&I0k=ptnrid&I0v=f11205c34ea791dabcfc4668d82ac684&b=1687447411037

Request Chain 59

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&state=client-state&hint=guest&channel_id=elf-us&code_challenge=yw04xvPDO-JdxR1ZLfvU2E7VibZbOoIiuJqv-wh14p4 HTTP 303
https://www.elfcosmetics.com/callback?usid=a0c66026-1562-440c-a0ca-5dd3a392b5df&code=jY06c1xIs19hk99pcTs2wMe2HplziXEMrS8DCJYc8RQ

Request Chain 66

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005 HTTP 302
https://9231397.fls.doubleclick.net/activityi;dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005

Request Chain 67

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005 HTTP 302
https://10742279.fls.doubleclick.net/activityi;dc_pre=COzq4r-X1_8CFSIKaAgdkkYL_g;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005

Request Chain 69

https://10265292.fls.doubleclick.net/activityi;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=1789741671.1687447419;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005 HTTP 302
https://10265292.fls.doubleclick.net/activityi;dc_pre=CNDm47-X1_8CFb4OaAgdaP8ITw;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=1789741671.1687447419;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005

Request Chain 70

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005 HTTP 302
https://10742279.fls.doubleclick.net/activityi;dc_pre=CPvw4r-X1_8CFZ8MaAgdiUwIiA;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005

Request Chain 71

https://secure.adnxs.com/px?id=1608912&seg=30774953&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1608912%26seg%3D30774953%26t%3D2

Request Chain 87

https://secure.adnxs.com/px?id=1608909&seg=30774951&redir=https%3A%2F%2Fpixel.mediaiqdigital.com%2Fpixel%3Fu1%3D%5Bu1%5D%26u3%3D%26u4%3D%26pixel_id%3D1608909%26uid%3D%24%7BUID%7D&t=2 HTTP 302
https://pixel.mediaiqdigital.com/pixel?u1=[u1]&u3=&u4=&pixel_id=1608909&uid=8743891521748779056

Request Chain 91

https://ads.undertone.com/t?trackerid=7729&cb=1784387658 HTTP 307
https://evt.undertone.com/t?trackerid=7729&cb=1784387658

Request Chain 126

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1587209352&cv=11&fst=1687447418592&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&value=0&auid=1789741671.1687447419&uamb=0&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=fGeUZMOyBcWQxAOz5aPgAg&sscte=1&crd=&eitems=ChAI8OLPpAYQh_ze4fHL_LEiEh0AL-lhNXflGC3IG3LngK5dlqU-LvXqCzxXU9CTGg&pscrd=Ek9DaEVJOE9MUHBBWVFoT204anR1Q2wtcmVBUkltQUhjTldFbTA3NjE0U0NFUzhFMm5HOHVRc0hFQmE5X2x0dXViX3pEUno0eDhtam1fdnMwGlhDaEFJOE9MUHBBWVFpYUw1OWREdTk2OUZFaTRBVFpnWjRtbE1EYVVSUFlzV0JKVDlWRVVRRWpfNUlZS3cybC1MUXRrZXRCLTVKX09oTlBIZ1J6NFhxS0FaIhMIw-C0wJfX_wIVRQhxCh2z8ggs HTTP 302
https://www.google.com/pagead/1p-conversion/698270988/?random=1587209352&cv=11&fst=1687447418592&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&value=0&auid=1789741671.1687447419&uamb=0&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJOE9MUHBBWVFoT204anR1Q2wtcmVBUkltQUhjTldFbTA3NjE0U0NFUzhFMm5HOHVRc0hFQmE5X2x0dXViX3pEUno0eDhtam1fdnMwGlhDaEFJOE9MUHBBWVFpYUw1OWREdTk2OUZFaTRBVFpnWjRtbE1EYVVSUFlzV0JKVDlWRVVRRWpfNUlZS3cybC1MUXRrZXRCLTVKX09oTlBIZ1J6NFhxS0FaIhMIw-C0wJfX_wIVRQhxCh2z8ggs&is_vtc=1&ocp_id=fGeUZMOyBcWQxAOz5aPgAg&cid=CAQSKQBygQiDnYh18s57lXlH6uACnLh1EvTlLK0JZKfG5IlrkyeNC64CovfX&eitems=ChAI8OLPpAYQh_ze4fHL_LEiEh0AL-lhNVuXwHPnW-MO01eJoGUZne0CaDuz6TEVAw&random=2272974340

158 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

domainClick
p374591.myckdom.com/adServe/
Redirect Chain

https://www.elfdosmetics.com/
https://myckdom.com/aS/feedclick?s=ULvdn1uz3febt1xI3YONt7YUp7aBBDBgb4wz1M5huC7Q_PmFw_FpuZ5tV7JmgQXznIFjje5HrPodK7X5QIc3n0hfs9IVa7UG37q4Cgpg75MByokIpjiFKluxNC_VCHffxlOmzgR5fh3nQoQZVtH1UcHY6z5T2K7NFT...
https://p374591.myckdom.com/adServe/domainClick?ai=KH3sNciCPPoYAgm9ynsJlM98ZrHj-N0rl_kLECECCYSa2U3E2kWB7tcRSvuwOr-V7tPSf7OiZprzn3Hig8mF4FhGdKUqq2eWoKe_r3SbM0YzW8vUbE2iDs7Tejv1_e9UbxjNS0ztqciY-sGiQO...

665 B
730 B

91ms
76ms

Document
text/html

52.117.247.211
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://p374591.myckdom.com/adServe/domainClick?ai=KH3sNciCPPoYAgm9ynsJlM98ZrHj-N0rl_kLECECCYSa2U3E2kWB7tcRSvuwOr-V7tPSf7OiZprzn3Hig8mF4FhGdKUqq2eWoKe_r3SbM0YzW8vUbE2iDs7Tejv1_e9UbxjNS0ztqciY-sGiQOkCSV22tRDsvu5tje0dlVJ5w2bi9eDmkAdZ9eQwq1Q051dLuPbZZy59kg0SittliUGUCUqBvPRUX_5Yf_1vyTLYjVsU7XNcAuIUwl5eqluxZjCfXaThdUnMcle7DZRrR8TT5Zf5CxAhAgmEp0OdqGvuTddiVnQIGgxQDiU7ugF2M-yuGRZZbQl31jyNqat9Zag8aCT4wVIzB4sUVr5zdXV-roWAvsy17o8fXSUkGzlcuYwrssyNdu1BBlbHl0cP40PY-tOuCg1e2kATdM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIDNNXbzOl0z0Fy9LbfW_6duFoOnPfBtp4E6PC1ui2TsUW0YeVoTdAMXo_8JgIlG3qFgRrt2Me9tjkMwyPjXk-M-gPD1SWVyJiQdnT7Vl1pcpD9pKOtdD02hMCwHv-3SBphbgy-daD831oMeId3YDpwXgKfHiy9A9j&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hb9C9lHPDYFUSR8aYU2ehKbdZZcf_RZW6uZ_rzdREeMmSKAs1U5YP1bcz33VX021Pveq-uKTomjw&si=1&oref=40e4dd1dffdebf956ec44f4e69a0954c&optunit=Z3ZTVPoyhs5hFIh15jir-2WSQsQHXjql&rb=xpilJuU8uhk&rr=1&isco=t&abtg=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.117.247.211 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: d3.f7.7534.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=ISO-8859-1
date: Thu, 22 Jun 2023 15:23:29 GMT
server: nginx
vary: Accept-Encoding

Redirect headers

content-length: 0
date: Thu, 22 Jun 2023 15:23:28 GMT
location: https://p374591.myckdom.com/adServe/domainClick?ai=KH3sNciCPPoYAgm9ynsJlM98ZrHj-N0rl_kLECECCYSa2U3E2kWB7tcRSvuwOr-V7tPSf7OiZprzn3Hig8mF4FhGdKUqq2eWoKe_r3SbM0YzW8vUbE2iDs7Tejv1_e9UbxjNS0ztqciY-sGiQOkCSV22tRDsvu5tje0dlVJ5w2bi9eDmkAdZ9eQwq1Q051dLuPbZZy59kg0SittliUGUCUqBvPRUX_5Yf_1vyTLYjVsU7XNcAuIUwl5eqluxZjCfXaThdUnMcle7DZRrR8TT5Zf5CxAhAgmEp0OdqGvuTddiVnQIGgxQDiU7ugF2M-yuGRZZbQl31jyNqat9Zag8aCT4wVIzB4sUVr5zdXV-roWAvsy17o8fXSUkGzlcuYwrssyNdu1BBlbHl0cP40PY-tOuCg1e2kATdM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIDNNXbzOl0z0Fy9LbfW_6duFoOnPfBtp4E6PC1ui2TsUW0YeVoTdAMXo_8JgIlG3qFgRrt2Me9tjkMwyPjXk-M-gPD1SWVyJiQdnT7Vl1pcpD9pKOtdD02hMCwHv-3SBphbgy-daD831oMeId3YDpwXgKfHiy9A9j&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hb9C9lHPDYFUSR8aYU2ehKbdZZcf_RZW6uZ_rzdREeMmSKAs1U5YP1bcz33VX021Pveq-uKTomjw&si=1&oref=40e4dd1dffdebf956ec44f4e69a0954c&optunit=Z3ZTVPoyhs5hFIh15jir-2WSQsQHXjql&rb=xpilJuU8uhk&rr=1&isco=t&abtg=0
server: nginx

GET
H2 200 track
clkdeals.com/adServe/ 49 B
197 B 189ms
59ms Image
image/gif 52.116.53.146
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clkdeals.com/adServe/track?subid=90447644507&prdid=2750&price=0
Requested by: Host: p374591.myckdom.com
URL: https://p374591.myckdom.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.116.53.146 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 92.35.7434.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:29 GMT
server: nginx
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
content-length: 49
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 aff Show response
241.trackingms.com/adServe/ 735 B
601 B 487ms
88ms Document
text/html 52.116.53.151
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://241.trackingms.com/adServe/aff?oid=989963&pid=294080&subid=90447644507&dp1=442569856&dp3=UNKNOWN
Requested by: Host: p374591.myckdom.com
URL: https://p374591.myckdom.com/adServe/domainClick?ai=KH3sNciCPPoYAgm9ynsJlM98ZrHj-N0rl_kLECECCYSa2U3E2kWB7tcRSvuwOr-V7tPSf7OiZprzn3Hig8mF4FhGdKUqq2eWoKe_r3SbM0YzW8vUbE2iDs7Tejv1_e9UbxjNS0ztqciY-sGiQOkCSV22tRDsvu5tje0dlVJ5w2bi9eDmkAdZ9eQwq1Q051dLuPbZZy59kg0SittliUGUCUqBvPRUX_5Yf_1vyTLYjVsU7XNcAuIUwl5eqluxZjCfXaThdUnMcle7DZRrR8TT5Zf5CxAhAgmEp0OdqGvuTddiVnQIGgxQDiU7ugF2M-yuGRZZbQl31jyNqat9Zag8aCT4wVIzB4sUVr5zdXV-roWAvsy17o8fXSUkGzlcuYwrssyNdu1BBlbHl0cP40PY-tOuCg1e2kATdM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIDNNXbzOl0z0Fy9LbfW_6duFoOnPfBtp4E6PC1ui2TsUW0YeVoTdAMXo_8JgIlG3qFgRrt2Me9tjkMwyPjXk-M-gPD1SWVyJiQdnT7Vl1pcpD9pKOtdD02hMCwHv-3SBphbgy-daD831oMeId3YDpwXgKfHiy9A9j&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hb9C9lHPDYFUSR8aYU2ehKbdZZcf_RZW6uZ_rzdREeMmSKAs1U5YP1bcz33VX021Pveq-uKTomjw&si=1&oref=40e4dd1dffdebf956ec44f4e69a0954c&optunit=Z3ZTVPoyhs5hFIh15jir-2WSQsQHXjql&rb=xpilJuU8uhk&rr=1&isco=t&abtg=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.116.53.151 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 97.35.7434.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash: 68f67143028b523655a80b0d23af0ebfe40c05532797a6193811dba3a21bbe25

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=ISO-8859-1
date: Thu, 22 Jun 2023 15:23:29 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 track
clkdeals.com/adServe/ 49 B
196 B 57ms
57ms Image
image/gif 52.116.53.146
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clkdeals.com/adServe/track?subid=90447629330&prdid=2750&price=0
Requested by: Host: 241.trackingms.com
URL: https://241.trackingms.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.116.53.146 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 92.35.7434.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:29 GMT
server: nginx
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
content-length: 49
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

rd2 Show response
rd.bizrate.com/
Redirect Chain

https://go.shopyourlikes.com/pi/39a9f07405e997116e7281a26286308da686ac75?afId=725724&afCampaignId=MF&afPlacementId=186631&afRid=90447629330
https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mi...

15 KB
16 KB

485ms
116ms

Document
text/html

192.138.218.207
SHOPZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913
Requested by: Host: 241.trackingms.com
URL: https://241.trackingms.com/adServe/aff?oid=989963&pid=294080&subid=90447644507&dp1=442569856&dp3=UNKNOWN
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.138.218.207 , United States, ASN14332 (SHOPZILLA, US),
Reverse DNS: rd.bizrate.com
Software: nginx/1.20.1 /
Resource Hash: 4d85bbd427574d3293cb9bcc145ffdf4a45d0a36e92709623d1e097b7abb08c3

Request headers

Referer: https://241.trackingms.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache no-store
Connection: keep-alive
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Date: Thu, 22 Jun 2023 15:23:30 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP ADM DEV PSD TAI OUR IND STP PRE NAV UNI"
Pragma: no-cache
Server: nginx/1.20.1
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Date: Thu, 22 Jun 2023 15:23:30 GMT
Location: https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913
P3P: CP="NON DSP ADM DEV PSD TAI OUR IND STP PRE NAV UNI"
Server: nginx/1.20.1
Transfer-Encoding: chunked

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 185 KB
68 KB 114ms
64ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1070533785

Requested by

Host: rd.bizrate.com
URL: https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bd75fc82e0452f6367f60e8ee24f6bbeea6f03a3434f9495f6bb6c58cc72e95b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69138
x-xss-protection: 0
last-modified: Thu, 22 Jun 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 22 Jun 2023 15:23:30 GMT

GET
H/1.1 200
OK ads.js Show response
s5.cnnx.io/s2static/us/br/7010a908/br3/js/ 22 B
540 B 88ms
8ms Script
application/javascript 108.139.29.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s5.cnnx.io/s2static/us/br/7010a908/br3/js/ads.js?a=1&ad_code=1
Requested by: Host: rd.bizrate.com
URL: https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-103.jfk50.r.cloudfront.net
Software: nginx/1.20.1 /
Resource Hash: a3148adeb204b3a8581d4774b05c2c46a9dca4c18e1b183223603ebb53375799

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Thu, 15 Jun 2023 05:10:33 GMT
Via: 1.1 d50d90bbddca57e02d6288d86c88470a.cloudfront.net (CloudFront)
Last-Modified: Thu, 18 May 2023 18:51:04 GMT
Server: nginx/1.20.1
X-Amz-Cf-Pop: JFK50-P2
Age: 641577
ETag: "16-5fbfc49521600"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 22
X-Amz-Cf-Id: AtUEBzyMVeVaDyU5dwKzCXrdC1iXtfCFFuQ1w2U-C6kbLwqBB7dI2g==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 112 KB
29 KB 54ms
17ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b9d9c248d1c87f59c7f19b198c5ed7310a4bfd0f57759dd87d649b00ec9fdb5b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Jun 2023 15:23:30 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 28296
x-xss-protection: 0
pragma: public
x-fb-debug: 77xQ1yyAbYFq4BIB5CAtB09i/hAGWZicnoR+Qfq0PpG8szaiQNoXrj1Wac0sryoyIGcI59EvdELQ0wvpUiSzCw==
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 99ms
41ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 22 Jun 2023 15:23:30 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1BDBFB82A4FC4D739772F162E946B368 Ref B: EWR30EDGE0809 Ref C: 2023-06-22T15:23:30Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 18 KB
7 KB 80ms
22ms Script
application/javascript 2001:4998:14:800::1001
YAHOO

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

e4164edd6af46ad5e9c02a482bdcd2a9c3e9eb199cee06bcd12cc751ce73de87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:19 GMT
x-amz-version-id: pM_8Podf2LG1oYqe3ugSKxJX2zCnEaDh
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-request-id: HYQHEH9REAGW633C
age: 12
x-amz-server-side-encryption: AES256
x-amz-id-2: lHrS4iJi7lmHSpWh3d0cePxvzlzWbU9fuNqMywenmwsusd8iw9asVbSIFxUXNMeX15shWd0cBiAmPoODnyZY6d4/LAgQHrtr
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Fri, 12 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Wed, 07 Jun 2023 11:01:50 GMT
server: ATS
etag: "62d9fe1cc1697022ba0fe2a4d038b308-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=3600
accept-ranges: bytes

GET
H2 200 1593772137433234 Show response
connect.facebook.net/signals/config/ 301 KB
86 KB 12ms
8ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1593772137433234?v=2.9.108&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c7621595baf9ce58a14b78b77f71dd383019e7f96557d74d999b129dca6d2430

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Jun 2023 15:23:30 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88222
x-xss-protection: 0
pragma: public
x-fb-debug: QzvDfqB0ZGegm7o8NqyuKoRBTqPdWekoWSfXdR3pXZnQZrW6QVUndFEiTmEdstAtz4QPrLvM5jXYynZggjtUUw==
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

cse
pxl.connexity.net/c/
Redirect Chain

https://loadus.exelator.com/load/?p=204&g=92&j=0
https://loadus.exelator.com/load/?p=204&g=92&j=0&xl8blockcheck=1
https://pxl.connexity.net/c/cse?a=R&A=292&D=6a0d&V=9&I0k=ptnrid&I0v=f11205c34ea791dabcfc4668d82ac684&b=1687447411037

44 B
772 B

574ms
94ms

Image
image/gif

64.19.224.203
SHOPZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pxl.connexity.net/c/cse?a=R&A=292&D=6a0d&V=9&I0k=ptnrid&I0v=f11205c34ea791dabcfc4668d82ac684&b=1687447411037
Requested by: Host: rd.bizrate.com
URL: https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913
Protocol: HTTP/1.1
Server: 64.19.224.203 , United States, ASN14332 (SHOPZILLA, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 22 Jun 2023 15:23:31 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="CAO PSA OUR CURa DEVa PSDo PSAo BUS COR UNI COM",an.pp="http://www.connexity.com/privacy",an.oo="http://www.connexity.com/privacy",an.bt="N"
Content-Type: image/gif
Cache-Control: no-store, max-age=-1, post-check=0, pre-check=0
Content-Transfer-Encoding: binary
Connection: keep-alive
Expires: -1

Redirect headers

date: Thu, 22 Jun 2023 15:23:31 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://pxl.connexity.net/c/cse?a=R&A=292&D=6a0d&V=9&I0k=ptnrid&I0v=f11205c34ea791dabcfc4668d82ac684&b=1687447411037
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2 200 10135448.json Show response
s.yimg.com/wi/config/ 2 B
449 B 57ms
20ms XHR
application/json 2001:4998:14:800::1001
YAHOO

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10135448.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 14:52:18 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-request-id: 8XBQRT18N304CRFF
age: 1872
content-length: 2
x-amz-id-2: gJdi04r+0Ss8EugfdfB40GxBYeLVrjol6fuNooHaIP7JeOcRBV1Pyy+qQpoS2UqOXrAqJA4zmcU=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: public,max-age=3600

GET
H2 204 17135630.js Show response
bat.bing.com/p/action/ 0
117 B 22ms
22ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17135630.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 22 Jun 2023 15:23:30 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D767F291774C4ED983A7C31140AF0119 Ref B: EWR30EDGE0809 Ref C: 2023-06-22T15:23:30Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
303 B 64ms
63ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17135630&Ver=2&mid=26678f22-00c1-4bc3-8969-dad0293584f9&sid=be94c7b0111011ee911a037a50c994ca&vid=be95c4f0111011eeba52833197c8f417&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&r=&lt=1068&evt=pageLoad&sv=1&rn=393483

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 22 Jun 2023 15:23:30 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6B7C0517F6A34305AB81804CDF7775AF Ref B: EWR30EDGE0809 Ref C: 2023-06-22T15:23:30Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
361 B 62ms
61ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17135630&Ver=2&mid=26678f22-00c1-4bc3-8969-dad0293584f9&sid=be94c7b0111011ee911a037a50c994ca&vid=be95c4f0111011eeba52833197c8f417&vids=0&msclkid=N&pagetype=searchresults&p=https%3A%2F%2Frd.bizrate.com%2Frd2&sw=1600&sh=1200&sc=24&evt=custom&rn=354432

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 22 Jun 2023 15:23:30 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FEBD411C088C455D8C1A87F329BD8253 Ref B: EWR30EDGE0809 Ref C: 2023-06-22T15:23:30Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 32ms
9ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1593772137433234&ev=PageView&dl=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&rl=&if=false&ts=1687447411002&sw=1600&sh=1200&v=2.9.108&r=stable&ec=0&o=30&fbp=fb.1.1687447410999.905178697&it=1687447410928&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Jun 2023 15:23:31 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 32ms
10ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1593772137433234&ev=AddToCart&dl=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&rl=&if=false&ts=1687447411009&cd[content_type]=product&cd[content_ids]=%5B%22%22%5D&cd[contents]=%5B%7B%22id%22%3A%22%22%2C%22quantity%22%3A1%7D%5D&sw=1600&sh=1200&v=2.9.108&r=stable&ec=1&o=30&fbp=fb.1.1687447410999.905178697&it=1687447410928&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Jun 2023 15:23:31 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 33ms
10ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1593772137433234&ev=ViewContent&dl=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&rl=&if=false&ts=1687447411016&cd[content_type]=product&cd[content_ids]=%5B%22%22%5D&cd[contents]=%5B%7B%22id%22%3A%22%22%2C%22mid%22%3A%22316282%22%2C%22atom%22%3A%22%22%7D%5D&sw=1600&sh=1200&v=2.9.108&r=stable&ec=2&o=30&fbp=fb.1.1687447410999.905178697&it=1687447410928&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Jun 2023 15:23:31 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
633 B 93ms
26ms Image
image/gif 76.13.32.146
YAHOO-BF1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2022%20Jun%202023%2015%3A23%3A31%20GMT&n=0&.yp=10135448&f=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&enc=UTF-8&yv=1.15.0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),

Reverse DNS

spdc.pbp.vip.bf1.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Thu, 22 Jun 2023 15:23:31 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
246 B 94ms
27ms Image
image/gif 76.13.32.146
YAHOO-BF1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&.yp=10135448&f=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&enc=UTF-8&yv=1.15.0&et=custom&ea=ViewProduct&product_id=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),

Reverse DNS

spdc.pbp.vip.bf1.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Thu, 22 Jun 2023 15:23:31 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/viewthroughconversion/1070533785/ 3 KB
2 KB 907ms
848ms Script
text/javascript 2607:f8b0:4020:805::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070533785/?random=1687447411044&cv=11&fst=1687447411044&bg=ffffff&guid=ON&async=1&gtm=45be36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&hn=www.googleadservices.com&frm=0&auid=2033011660.1687447411&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1070533785

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1580
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/viewthroughconversion/1070533785/ 3 KB
2 KB 898ms
848ms Script
text/javascript 2607:f8b0:4020:805::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070533785/?random=1687447411088&cv=11&fst=1687447411088&bg=ffffff&guid=ON&async=1&gtm=45be36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&hn=www.googleadservices.com&frm=0&auid=2033011660.1687447411&uamb=0&uaw=0&data=event%3Dpage_view%3Becomm_pagetype%3Dproduct%3Becomm_prodid%3D&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1070533785

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1598
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1070533785/ 42 B
455 B 112ms
46ms Image
image/gif 2607:f8b0:4020:805::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1070533785/?random=1687447411044&cv=11&fst=1687446000000&bg=ffffff&guid=ON&async=1&gtm=45be36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&frm=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3112782836&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:32 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1070533785/ 42 B
108 B 115ms
48ms Image
image/gif 2607:f8b0:4020:805::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1070533785/?random=1687447411088&cv=11&fst=1687446000000&bg=ffffff&guid=ON&async=1&gtm=45be36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&frm=0&data=event%3Dpage_view%3Becomm_pagetype%3Dproduct%3Becomm_prodid%3D&fmt=3&is_vtc=1&random=747890665&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:32 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK interstitial-redirect-publisher-min-javascript-abtest-remarketing
rd.bizrate.com/em/ 43 B
359 B 106ms
105ms Ping
image/gif 192.138.218.207
SHOPZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://rd.bizrate.com/em/interstitial-redirect-publisher-min-javascript-abtest-remarketing
Requested by: Host: rd.bizrate.com
URL: https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.138.218.207 , United States, ASN14332 (SHOPZILLA, US),
Reverse DNS: rd.bizrate.com
Software: nginx/1.20.1 /
Resource Hash

Request headers

Referer: https://rd.bizrate.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 22 Jun 2023 15:23:32 GMT
Server: nginx/1.20.1
P3P: CP="NON DSP ADM DEV PSD TAI OUR IND STP PRE NAV UNI"
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Primary Request / Show response
www.elfcosmetics.com/
Redirect Chain

https://rd.connexity.net/rd2?mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308...
https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005

822 KB
213 KB

1905ms
1419ms

Document
text/html

204.2.138.109

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Requested by: Host: rd.bizrate.com
URL: https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.138.109 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc8d41e10511db4330dad249535baf3a245cd0737bb96419eaffff0b67f99313

Request headers

Referer: https://rd.bizrate.com/rd2?t=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3DSZ_REDIRECT_ID%26utm_term%3DSZ_REDIRECT_ID&mid=316282&dMid=316282&tokenId=18P&bId=314&bidType=11&a=b79e3374317fac778f936ee8c03726c1&af_id=725724&af_rid=90447629330&af_permalink_id=39a9f07405e997116e7281a26286308da686ac75&cobrand=1&af_placement_id=186631&afCampaignId=MF&rf_code=af1&af_assettype_id=14&af_creative_id=2913
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 0
content-encoding: gzip
content-length: 217125
content-type: text/html; charset=utf-8
date: Thu, 22 Jun 2023 15:23:34 GMT
etag: W/"b053d-Izy6jLHaALc4T1xsRcmJzVS3rOA"
vary: Accept-Encoding
via: 1.1 45645ff3269a2b885ffa1653e827d0f6.cloudfront.net (CloudFront)
x-amz-apigw-id: G7UaWFrMCYcF2qQ=
x-amz-cf-id: NckG5kotKm3lf07wBxZ-aMVclBEcv99s54E9MgOiI6puF65EsL3d6w==
x-amz-cf-pop: SFO20-C1
x-amzn-remapped-connection: close
x-amzn-remapped-content-length: 722237
x-amzn-remapped-date: Thu, 22 Jun 2023 15:23:33 GMT
x-amzn-requestid: 16bbd482-d5fb-40b5-a3b8-7163a1c05cc0
x-amzn-trace-id: Root=1-64946775-3046ac495aa90f6f75744761;Sampled=0;lineage=2b75b0e9:0
x-cache: Miss from cloudfront
x-yottaa-metrics: 2521cc028537/[1165,1129,-] 25D1cc028a6d/[-,1205.487]
x-yottaa-optimizations: ob/1000000100001000 si/25D1cc028a6d-1687441174-9485083895 tts/1687276478465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os: 200

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 22 Jun 2023 15:23:32 GMT
Location: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
P3P: CP="This is not a P3P policy. Learn why here: http://connexity.com/privacy-policy/"
Referer: https://rd.bizrate.com/
Server: nginx/1.20.1
X-Application-Context: application:7500

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 15ms
9ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1593772137433234&ev=Microdata&dl=https%3A%2F%2Frd.bizrate.com%2Frd2%3Ft%3Dhttps%253A%252F%252Fwww.elfcosmetics.com%252F%253Futm_source%253DPaid_Search%2526utm_medium%253Dcpc%2526utm_campaign%253Dconnexity%2526cnxclid%253DSZ_REDIRECT_ID%2526utm_term%253DSZ_REDIRECT_ID%26mid%3D316282%26dMid%3D316282%26tokenId%3D18P%26bId%3D314%26bidType%3D11%26a%3Db79e3374317fac778f936ee8c03726c1%26af_id%3D725724%26af_rid%3D90447629330%26af_permalink_id%3D39a9f07405e997116e7281a26286308da686ac75%26cobrand%3D1%26af_placement_id%3D186631%26afCampaignId%3DMF%26rf_code%3Daf1%26af_assettype_id%3D14%26af_creative_id%3D2913&rl=&if=false&ts=1687447412518&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.108&r=stable&ec=3&o=30&fbp=fb.1.1687447410999.905178697&it=1687447410928&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://rd.bizrate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Jun 2023 15:23:32 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST 0
bat.bing.com/actionp/ 0
0

GET
H2 200 HaloFam_D_2-1
cdn.media.amplience.net/i/elfcosmetics/ 376 KB
377 KB 105ms
24ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/HaloFam_D_2-1?fmt=auto&qlt=60

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

2709c2d323bd163455dccb7f811c320b67cbfebbd968722bf0d24727ac643045

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 12473
x-amp-srv: CF
edge-cache-tag: g3vGjV2sX,l4p5bDg2e,dfKosn_5Z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: PpJUhWq0lk
alt-svc: h3=":443"; ma=86400
content-length: 384802
x-xss-protection: 1; mode=block
x-amp-source-height: 1200
last-modified: Thu, 22 Jun 2023 11:55:41 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 2880
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45ab7b0f4f-EWR
x-amp-published: Tue, 06 Jun 2023 16:59:20 GMT

GET
H2 200 HaloFam_M_2-1
cdn.media.amplience.net/i/elfcosmetics/ 100 KB
100 KB 118ms
38ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/HaloFam_M_2-1?fmt=auto&qlt=60

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

710409116d0d001d3b9c6bb28d8e2f47d16c87a181251744f19212f2966483fc

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 12473
x-amp-srv: CF
edge-cache-tag: Q5uAHQ-ZQ,l4p5bDg2e,cX8WQvuNE
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: fuX7kv-DAr
alt-svc: h3=":443"; ma=86400
content-length: 101984
x-xss-protection: 1; mode=block
x-amp-source-height: 1520
last-modified: Thu, 22 Jun 2023 11:55:41 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 750
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45bb7d0f4f-EWR
x-amp-published: Tue, 06 Jun 2023 16:59:19 GMT

GET
H2 200 HaloFam_D_2-1
cdn.media.amplience.net/i/elfcosmetics/ 388 KB
389 KB 36ms
33ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/HaloFam_D_2-1?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

ef6653e294df9149fb2362d65f4cafdaba521dffae28928fef89cdcb191e7e4a

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 77938
x-amp-srv: CF
edge-cache-tag: 7pHCsdikO,l4p5bDg2e,mF-g78ke7,dfKosn_5Z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: Ipmvg3jRy3
alt-svc: h3=":443"; ma=86400
content-length: 397674
x-xss-protection: 1; mode=block
x-amp-source-height: 1200
last-modified: Wed, 21 Jun 2023 17:44:36 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 2880
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dba40f4f-EWR
x-amp-published: Tue, 06 Jun 2023 16:59:20 GMT

GET
H2 200 HaloFam_D_2-2
cdn.media.amplience.net/i/elfcosmetics/ 363 KB
364 KB 36ms
33ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/HaloFam_D_2-2?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

2031f50d243b7b5e2ca61a6397f38b4d343466452d672b5757882bffdcff9452

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 36343
x-amp-srv: CF
edge-cache-tag: KTSzd2yzS,l4p5bDg2e,mF-g78ke7,fID900x-m
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: txKiwSWUis
alt-svc: h3=":443"; ma=86400
content-length: 372154
x-xss-protection: 1; mode=block
x-amp-source-height: 1200
last-modified: Thu, 22 Jun 2023 05:17:51 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 2880
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dba60f4f-EWR
x-amp-published: Tue, 06 Jun 2023 16:59:19 GMT

GET
H2 200 HaloFam_D_2-3
cdn.media.amplience.net/i/elfcosmetics/ 325 KB
325 KB 37ms
35ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/HaloFam_D_2-3?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

d72fd60408cb643b1fca3c304182cce805dad66d265eb09a03bb13d0d7aee8c4

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 77938
x-amp-srv: CF
edge-cache-tag: l6uuBy1Hs,l4p5bDg2e,mF-g78ke7,NcUZHVShB
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: 3SjTie63m1
alt-svc: h3=":443"; ma=86400
content-length: 332690
x-xss-protection: 1; mode=block
x-amp-source-height: 1200
last-modified: Wed, 21 Jun 2023 17:44:36 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 2880
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dba90f4f-EWR
x-amp-published: Tue, 06 Jun 2023 16:59:19 GMT

GET
H2 200 HaloFam_D_2-4
cdn.media.amplience.net/i/elfcosmetics/ 327 KB
328 KB 35ms
32ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/HaloFam_D_2-4?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

8ad6b9ce3429f2f6ea0d9cef2b87649f3f0d58771505a71bdf2cac31d914929b

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 36343
x-amp-srv: CF
edge-cache-tag: QJt6HASbi,l4p5bDg2e,mF-g78ke7,dQHCTQsmC
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: LQXOit_kgL
alt-svc: h3=":443"; ma=86400
content-length: 334934
x-xss-protection: 1; mode=block
x-amp-source-height: 1200
last-modified: Thu, 22 Jun 2023 05:17:51 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 2880
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dbab0f4f-EWR
x-amp-published: Tue, 06 Jun 2023 16:59:20 GMT

GET
H2 200 HaloFam_D_1
cdn.media.amplience.net/i/elfcosmetics/ 172 KB
173 KB 46ms
43ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/HaloFam_D_1?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

5ef794cecd5d4878b6e1d723ea82a5eea4c7488299c859ada1605b4fedbec8e6

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 50030
x-amp-srv: CF
edge-cache-tag: zxUA5jvPg,l4p5bDg2e,mF-g78ke7,dYn1XBan8
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: IH6SNhybtB
alt-svc: h3=":443"; ma=86400
content-length: 176556
x-xss-protection: 1; mode=block
x-amp-source-height: 374
last-modified: Thu, 22 Jun 2023 01:29:44 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 1010
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dbac0f4f-EWR
x-amp-published: Tue, 06 Jun 2023 16:59:19 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 2023-06-NEWARRIVALS_V1_D_1
cdn.media.amplience.net/i/elfcosmetics/ 38 KB
38 KB 37ms
35ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/2023-06-NEWARRIVALS_V1_D_1?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

0307f57034ea4316bfa71dbe559a6a2d6b5a8f000d960f56556af721f14ed5d1

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 77938
x-amp-srv: CF
edge-cache-tag: YckvlHcik,l4p5bDg2e,mF-g78ke7,9w-M9iEJ0
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: 2Nae3IeNf5
alt-svc: h3=":443"; ma=86400
content-length: 38602
x-xss-protection: 1; mode=block
x-amp-source-height: 840
last-modified: Wed, 21 Jun 2023 17:44:36 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 3200
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dbae0f4f-EWR
x-amp-published: Thu, 08 Jun 2023 19:22:51 GMT

GET
H2 200 2023-06-NEWARRIVALS_V1_D_2
cdn.media.amplience.net/i/elfcosmetics/ 24 KB
24 KB 36ms
34ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/2023-06-NEWARRIVALS_V1_D_2?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

692ab68cef0aba36ce1f25764ec529a7f464273dd84241c838b1bbe3e61fa0fb

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 50030
x-amp-srv: CF
edge-cache-tag: Ch0A8Hp-i,l4p5bDg2e,mF-g78ke7,xrnjObYV7
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: Bya_aQgxCE
alt-svc: h3=":443"; ma=86400
content-length: 24246
x-xss-protection: 1; mode=block
x-amp-source-height: 840
last-modified: Thu, 22 Jun 2023 01:29:44 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 3200
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dbaf0f4f-EWR
x-amp-published: Thu, 08 Jun 2023 19:22:51 GMT

GET
H2 200 2023-06-NEWARRIVALS_V1_D_3
cdn.media.amplience.net/i/elfcosmetics/ 50 KB
51 KB 37ms
36ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/2023-06-NEWARRIVALS_V1_D_3?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

710d19bac43aa1f1b6fe40669564f027738bde2e5d2c87a55da421d6672eb71f

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 14883
x-amp-srv: CF
edge-cache-tag: MX0vXfDGE,l4p5bDg2e,mF-g78ke7,ETCSTNABq
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: lkYUR5iVmX
alt-svc: h3=":443"; ma=86400
content-length: 51608
x-xss-protection: 1; mode=block
x-amp-source-height: 840
last-modified: Thu, 22 Jun 2023 11:15:31 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 3200
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dbb00f4f-EWR
x-amp-published: Thu, 08 Jun 2023 19:22:52 GMT

GET
H2 200 2023-06-NEWARRIVALS_V1_D_4
cdn.media.amplience.net/i/elfcosmetics/ 35 KB
36 KB 35ms
34ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/2023-06-NEWARRIVALS_V1_D_4?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

08d43f5e6b0bd3e896e1d623ae1e41a37743a31475abc95bebe7bdfe2eee253e

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 78313
x-amp-srv: CF
edge-cache-tag: _6tSTtpRQ,l4p5bDg2e,mF-g78ke7,-evi43AtI
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: kf6LmTMhns
alt-svc: h3=":443"; ma=86400
content-length: 36258
x-xss-protection: 1; mode=block
x-amp-source-height: 840
last-modified: Wed, 21 Jun 2023 17:38:21 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 3200
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dbb10f4f-EWR
x-amp-published: Thu, 08 Jun 2023 19:22:51 GMT

GET
H2 200 2023-06-NEWARRIVALS_V1_D_5
cdn.media.amplience.net/i/elfcosmetics/ 23 KB
24 KB 42ms
41ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/2023-06-NEWARRIVALS_V1_D_5?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

6a2dbd2fdfcb06e1b82ff03a2d96b4189212111eeaac5fb861ef1cc6c2ac2857

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 77938
x-amp-srv: CF
edge-cache-tag: 62YBAeuoN,l4p5bDg2e,mF-g78ke7,PEWxZ20dF
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: P5Ycuzug5l
alt-svc: h3=":443"; ma=86400
content-length: 23902
x-xss-protection: 1; mode=block
x-amp-source-height: 840
last-modified: Wed, 21 Jun 2023 17:44:36 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 3200
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e45dbb20f4f-EWR
x-amp-published: Thu, 08 Jun 2023 19:18:55 GMT

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b

Request headers

Referer
Origin: https://www.elfcosmetics.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd

Request headers

Referer
Origin: https://www.elfcosmetics.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 vendor.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/ 2 MB
605 KB 218ms
19ms Script
application/javascript 151.101.66.133

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/vendor.js?yocs=F_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 36c70d0afe98b01d67b3dd9312ceabddac1ee24c3fcb43049e49e2bcd48d0e1a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: g.2JPtQM9GWR8vBAjwD7OuY1xrOR.pGp
via: 1.1 38c3a3fca02036ddde350ee8c151e43c.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Thu, 22 Jun 2023 15:23:35 GMT
x-amz-cf-pop: ORD52-C3
age: 71785
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1100 si/2611cc028372-1683767543-1491348729 tts/1687276478465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Miss from cloudfront, HIT
x-amz-meta-deploy: 495503
content-length: 618624
x-amz-meta-bundle: 9288
x-served-by: cache-lga21931-LGA
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1687447415.027103,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2621cc0283f1/[35,-,1687375613293] 2611cc028372/[-,348.072]
accept-ranges: bytes
x-amz-cf-id: uI395m-pQBH4N04iXQp9-Pbykz-UnE2qk2Ee7Njxnh5PRzuIunhNBQ==
x-cache-hits: 39

GET
H2 200 main.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/ 1 MB
329 KB 248ms
50ms Script
application/javascript 151.101.66.133

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/main.js?yocs=F_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 476ed3b103bc44510ec6fc58f719d0c509545f9708e1939e1ce69c7fe88b4b1d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: QK0AoSW8BHiOA9R849ktt.zPcoDmtmgD
via: 1.1 be1019ab7169805c3c0f394c00896b58.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Thu, 22 Jun 2023 15:23:35 GMT
x-amz-cf-pop: ORD52-C3
age: 71793
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1101 si/2611cc028371-1684860158-1215642808 tts/1687276478465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Miss from cloudfront, HIT
x-amz-meta-deploy: 495503
content-length: 335930
x-amz-meta-bundle: 9288
x-served-by: cache-lga21931-LGA
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1687447415.027166,VS0,VE3
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2621cc8d586e/[20,-,1687375612927] 2611cc028371/[hit]
accept-ranges: bytes
x-amz-cf-id: U11QQ9aReSQ4QUvIEIyZ23_Dyx-Rkd7CYU7iCy1qBNyWG8Ek39u49w==
x-cache-hits: 1

GET
H2 200 pages-home.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/ 3 KB
2 KB 251ms
53ms Script
application/javascript 151.101.66.133

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/pages-home.js?yocs=F_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1a8000cba90ab70a9629e371c509f699b2d1ab1e70415b033b49c4f1fc1a4d23

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: LnaaM6CTtt8PPgDk_FeQNZY0mG50iF2p
via: 1.1 edfd10c592a6866f13503e27961f8302.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Thu, 22 Jun 2023 15:23:35 GMT
x-amz-cf-pop: ORD52-C3
age: 71794
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1101 si/2611cc028371-1684860158-1215642796 tts/1687276478465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Miss from cloudfront, HIT
x-amz-meta-deploy: 495503
content-length: 1556
x-amz-meta-bundle: 9288
x-served-by: cache-lga21931-LGA
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1687447415.027080,VS0,VE5
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2621cc028333/[6,-,1687375612760] 2611cc028371/[hit]
accept-ranges: bytes
x-amz-cf-id: EhFc6mjDci6cjwKdaJuChdL_zGozUJtHBU4lFNAwENXg6oS6UOH7Gg==
x-cache-hits: 1

GET
H2 200 haloGlowFam_D_IMAGE4
cdn.media.amplience.net/i/elfcosmetics/ 14 KB
14 KB 31ms
28ms Image
image/jpeg 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/haloGlowFam_D_IMAGE4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

ccdbf46730591775a4e70269ab627c82beb311312eff3810a6793fad993738eb

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 905
x-amp-srv: CF
edge-cache-tag: eTw3uqfSX,l4p5bDg2e,JGdy5BGG8
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: X4WsZD9boh
alt-svc: h3=":443"; ma=86400
content-length: 14000
x-xss-protection: 1; mode=block
x-amp-source-height: 532
last-modified: Thu, 22 Jun 2023 15:08:29 GMT
cf-bgj: h2pri
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 532
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e46cc950f4f-EWR
x-amp-published: Mon, 22 May 2023 18:59:27 GMT

GET
H2 200 haloGlowFam_D_IMAGE5
cdn.media.amplience.net/i/elfcosmetics/ 22 KB
22 KB 39ms
37ms Image
image/jpeg 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/haloGlowFam_D_IMAGE5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

fb65df3addf9cb9646d6cd110d58ccd03d36491425d6759651126aea244bd1af

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 905
x-amp-srv: CF
edge-cache-tag: whii1a1Of,l4p5bDg2e,h3N9Hn4ub
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: zaPqcly7Bc
alt-svc: h3=":443"; ma=86400
content-length: 22201
x-xss-protection: 1; mode=block
x-amp-source-height: 532
last-modified: Thu, 22 Jun 2023 15:08:29 GMT
cf-bgj: h2pri
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 533
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e46cc970f4f-EWR
x-amp-published: Mon, 22 May 2023 18:59:27 GMT

GET
H2 200 haloGlowFam_D_IMAGE6
cdn.media.amplience.net/i/elfcosmetics/ 22 KB
22 KB 31ms
29ms Image
image/jpeg 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/haloGlowFam_D_IMAGE6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

347017da772d5dc046c1c5764366b21ba07c6ee0944489b9ba057d6909d7d7c4

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 83951
x-amp-srv: CF
edge-cache-tag: YePh6mmvz,l4p5bDg2e,MVbv8JxxS
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: f2b9IF-xer
alt-svc: h3=":443"; ma=86400
content-length: 22138
x-xss-protection: 1; mode=block
x-amp-source-height: 532
last-modified: Wed, 21 Jun 2023 16:04:23 GMT
cf-bgj: h2pri
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 532
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e46cc980f4f-EWR
x-amp-published: Mon, 22 May 2023 18:59:27 GMT

GET
H2 200 haloGlowFam_D_IMAGE7
cdn.media.amplience.net/i/elfcosmetics/ 17 KB
17 KB 36ms
34ms Image
image/jpeg 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/haloGlowFam_D_IMAGE7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

8a5a02f58a7f7c659cb7e35bd6c573c7392a7ea7842ec3904e7f08b6ead9c719

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 905
x-amp-srv: CF
edge-cache-tag: h6AaAmOdy,l4p5bDg2e,G0xIWsIWS
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: evFDU26qlb
alt-svc: h3=":443"; ma=86400
content-length: 17261
x-xss-protection: 1; mode=block
x-amp-source-height: 531
last-modified: Thu, 22 Jun 2023 15:08:29 GMT
cf-bgj: h2pri
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 532
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e46cc9a0f4f-EWR
x-amp-published: Mon, 22 May 2023 18:59:27 GMT

GET
H2 200 haloGlowFam_D_IMAGE8
cdn.media.amplience.net/i/elfcosmetics/ 82 KB
82 KB 32ms
30ms Image
image/jpeg 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/haloGlowFam_D_IMAGE8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

4e17ed6694cd82df23fc10365f94c89f16d4a1f47892ee2af9166988f2a9f0d0

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 83951
x-amp-srv: CF
edge-cache-tag: haDWq5kBA,l4p5bDg2e,DvINWQJcA
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: ogvNHH2Qfi
alt-svc: h3=":443"; ma=86400
content-length: 83900
x-xss-protection: 1; mode=block
x-amp-source-height: 530
last-modified: Wed, 21 Jun 2023 16:04:23 GMT
cf-bgj: h2pri
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 532
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e46cc9b0f4f-EWR
x-amp-published: Mon, 22 May 2023 18:59:27 GMT

GET
H2 200 haloGlowFam_D_IMAGE9
cdn.media.amplience.net/i/elfcosmetics/ 97 KB
97 KB 36ms
34ms Image
image/jpeg 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/haloGlowFam_D_IMAGE9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

96e0d25a66bc90dc6fde0804468853149915f75723654b61a369900b4adf3d94

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:34 GMT
cf-cache-status: HIT
age: 56601
x-amp-srv: CF
edge-cache-tag: mpraj11ku,l4p5bDg2e,mqJnB3N3M
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: nRifAAHlsf
alt-svc: h3=":443"; ma=86400
content-length: 99106
x-xss-protection: 1; mode=block
x-amp-source-height: 531
last-modified: Wed, 21 Jun 2023 23:40:13 GMT
cf-bgj: h2pri
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 532
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e46cc9c0f4f-EWR
x-amp-published: Mon, 22 May 2023 18:59:27 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/1f50a3fb-5968-4020-b0fc-abfb8475288a-test/ 6 KB
2 KB 123ms
85ms Script
application/x-javascript 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1f50a3fb-5968-4020-b0fc-abfb8475288a-test/OtAutoBlock.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/main.js?yocs=F_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

cfb97a9e2be03bf9bc1dee523f313c5142afcde7181633af8d6ff9b5db23e8f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-md5: csbF7mTs7Sc5mLZKWTo6LQ==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2001
x-ms-lease-status: unlocked
last-modified: Thu, 08 Dec 2022 23:55:10 GMT
server: cloudflare
etag: 0x8DAD977A41CE1E0
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: a5cf2cd0-d01e-0039-541d-a59842000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7db57e52fdad1831-EWR

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 56ms
19ms Script
application/javascript 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/main.js?yocs=F_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

0be44b8963766e88bfb1034f5cf93deb8710ec30e7a54537ff463951c5976234

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 0mEq0pw2uQHv5iDD8WI5Bw==
age: 76351
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6759
x-ms-lease-status: unlocked
last-modified: Tue, 20 Jun 2023 16:31:25 GMT
server: cloudflare
etag: 0x8DB71ABCA4FED50
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 83c3568d-a01e-00b5-58b0-a3d519000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7db57e52fdb01831-EWR

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 374 KB
109 KB 45ms
40ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce3a84387f58a66cd2db655ee4ae265e900ae781ec390a5acfd477e6b4eb3b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111510
x-xss-protection: 0
last-modified: Thu, 22 Jun 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 22 Jun 2023 15:23:36 GMT

GET
H2 200 api_dynamic.js Show response
cdn.dynamicyield.com/api/8772046/ 241 KB
26 KB 219ms
96ms Script
application/javascript 2600:9000:246d:fc00:a:b89d:a6c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:246d:fc00:a:b89d:a6c0:93a1 -, , ASN (),
Reverse DNS
Software: DYCDN /
Resource Hash: 83df8f5e0b40e899be2fda448877ba73fae2e3a00a1cac3f5f249eadcb4a1246

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:37 GMT
content-encoding: gzip
via: 1.1 8b0e655fd57eb56de6cd1d8b9f2238d4.cloudfront.net (CloudFront)
last-modified: Thu, 22 Jun 2023 14:14:50 GMT
server: DYCDN
x-amz-cf-pop: PIT50-P2
x-amz-server-side-encryption: AES256
etag: W/"6c4076348eade6a73cc962483d94a54e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: o7tYpbucuGCA7g_35tcBDxjFbn1zIMFPTh7bI_SFUMu-FAilIE6IDA==

GET
H2 200 api_static.js Show response
cdn.dynamicyield.com/api/8772046/ 298 KB
87 KB 152ms
29ms Script
application/javascript 2600:9000:246d:fc00:a:b89d:a6c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:246d:fc00:a:b89d:a6c0:93a1 -, , ASN (),
Reverse DNS
Software: DYCDN /
Resource Hash: 189c3553dfb03e8dddb4a714cf9907e058b7b41478220834d2e2005f1e0dcd89

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 11:30:54 GMT
content-encoding: gzip
via: 1.1 8b0e655fd57eb56de6cd1d8b9f2238d4.cloudfront.net (CloudFront)
last-modified: Sun, 18 Jun 2023 15:44:52 GMT
server: DYCDN
age: 13963
x-amz-cf-pop: PIT50-P2
x-amz-server-side-encryption: AES256
etag: W/"471c5b7848f8ddff0219aff660759ecb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: rYIaT7CcSUqXEbq9z-jSEP5SlSXqUsT5qqR-Tz7k9y6BiZrwynTeDw==

GET /
api.ipify.org/ 0
0

GET
H2

200

callback Show response
www.elfcosmetics.com/
Redirect Chain

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
https://www.elfcosmetics.com/callback?usid=a0c66026-1562-440c-a0ca-5dd3a392b5df&code=jY06c1xIs19hk99pcTs2wMe2HplziXEMrS8DCJYc8RQ

0
863 B

342ms
341ms

XHR
application/json

204.2.138.109

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/callback?usid=a0c66026-1562-440c-a0ca-5dd3a392b5df&code=jY06c1xIs19hk99pcTs2wMe2HplziXEMrS8DCJYc8RQ
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Server: 204.2.138.109 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:38 GMT
via: 1.1 cfa15842f57761e1aba6ea8338d380d4.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 0
x-amz-cf-pop: SFO20-C1
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: 3abd9df9-e785-4457-bf61-e267633cb8a7
x-yottaa-optimizations: ob/1000 si/25D1cc028a6d-1687441174-9485083975 tts/1687276478465 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: G7UbGH0viYcFn6A=
content-length: 0
x-yottaa-forcecache: true
x-amzn-trace-id: Root=1-64946779-5a0e835c6063e91a11fd6a12;Sampled=0;lineage=2b75b0e9:0
content-type: application/json
cache-control: public, max-age=604800
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028a8e/[203,202,-] 25D1cc028a6d/[-,204.710]
x-amzn-remapped-date: Thu, 22 Jun 2023 15:23:38 GMT
x-amz-cf-id: mk76vJic5nSubJekieEmJhPudtH0wLGtdxAnaeltDWTWu5BtPseoZg==

Redirect headers

date: Thu, 22 Jun 2023 15:23:37 GMT
x-correlation-id: 7db57e57cdccd009
via: 1.1 c2354f8128e4d7b61eb5ba62ca8e4aea.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SFO20-C1
age: 0
x-yottaa-optimizations: ob/0 si/25D1cc028a6d-1687441174-9485083971 tts/1687276478465 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
content-length: 0
pragma: no-cache
x-ratelimit-1m-remaining: 23409, 824624
x-ratelimit-1m-reset: 22374, 22372
x-ratelimit-1m-limit: 24000, 850000
vary: Accept-Encoding
location: https://www.elfcosmetics.com/callback?usid=a0c66026-1562-440c-a0ca-5dd3a392b5df&code=jY06c1xIs19hk99pcTs2wMe2HplziXEMrS8DCJYc8RQ
cache-control: no-store
x-yottaa-os: 303
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&state=client-state&hint=guest&channel_id=elf-us&code_challenge=yw04xvPDO-JdxR1ZLfvU2E7VibZbOoIiuJqv-wh14p4
x-yottaa-metrics: 2521cc028a8c/[158,154,-] 25D1cc028a6d/[-,158.594]
cf-ray: 7db57e57cdccd009-SJC
x-amz-cf-id: oHHYgn6Uy4_TrGy6dFBpQzlPWAKU4AGUIV_LO-vUQPWe1qE8c3JsAg==

POST
H2 201 / Show response
sdk.iad-05.braze.com/api/v3/data/ 323 B
463 B 161ms
160ms XHR
application/json 151.101.194.133

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/vendor.js?yocs=F_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 -, , ASN (),

Reverse DNS

Software

Resource Hash

feaed7d61395f2ed0c2a6e3db3747fa5c0a97143003efeb38032ac87440a71cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest: true
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-type: application/json
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest

Response headers

date: Thu, 22 Jun 2023 15:23:37 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: ee304cb2-a23d-4354-b92f-4542378992dd
x-served-by: cache-lga21944-LGA
x-runtime: 0.133318
etag: W/"feaed7d61395f2ed0c2a6e3db3747fa5"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 /
sdk.iad-05.braze.com/api/v3/data/ Frame 0
0 112ms
28ms Preflight 151.101.194.133

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Thu, 22 Jun 2023 15:23:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-lga21944-LGA

GET
H2 200 1f50a3fb-5968-4020-b0fc-abfb8475288a-test.json Show response
cdn.cookielaw.org/consent/1f50a3fb-5968-4020-b0fc-abfb8475288a-test/ 4 KB
2 KB 124ms
92ms XHR
application/x-javascript 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1f50a3fb-5968-4020-b0fc-abfb8475288a-test/1f50a3fb-5968-4020-b0fc-abfb8475288a-test.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

2bcf390b3aec616dd67b8b17527642c5c6d67cff7376d135308e137e8f4db6d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-md5: vzXm+A2CyHeldfK5kuCtCA==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1603
x-ms-lease-status: unlocked
last-modified: Wed, 21 Dec 2022 14:03:19 GMT
server: cloudflare
etag: 0x8DAE35C1D6E4852
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 668f6375-301e-0011-5f1d-a5effd000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7db57e59ad580fa9-EWR

GET
H2 200 st Show response
st.dynamicyield.com/ 114 KB
10 KB 170ms
44ms Script
text/javascript 2600:9000:246d:4a00:15:ad21:c740:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=ew4mz3tgezklyein2tya8frjjgxgg97i&ref=https%3A%2F%2Frd.bizrate.com%2F&scriptVersion=1.176.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22HOMEPAGE%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:246d:4a00:15:ad21:c740:93a1 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fbf7f1570824ce63dbca86c4d191157942f89544220473cdcb1919a355c3407d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:38 GMT
content-encoding: gzip
via: 1.1 298bfd7d0e5de775164fa161b32e71de.cloudfront.net (CloudFront)
x-amz-cf-pop: PIT50-P2
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control: no-cache
x-amz-cf-id: BjpoQ7AflrpwP6o2-qDG8VXuzVY73Fl9Ahu-M2KZMC4wBi_vDuICLw==
expires: Thu, 22 Jun 2023 15:23:37 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
305 B 83ms
35ms XHR
application/json 2606:4700::6812:1c26

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c26 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7db57e5e5ddf43bc-EWR
access-control-allow-headers: Content-Type

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 83ms
19ms Script
text/javascript 2607:f8b0:4020:807::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 22 Jun 2023 14:39:17 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2661
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 22 Jun 2023 16:39:17 GMT

GET
H2

200

activityi;dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;u... Show response
9231397.fls.doubleclick.net/ Frame 3D02
Redirect Chain

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=...
https://9231397.fls.doubleclick.net/activityi;dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Sear...

787 B
756 B

230ms
228ms

Document
text/html

172.217.13.134

General

Check archive.org

Show headers Download Go to

Full URL

https://9231397.fls.doubleclick.net/activityi;dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.134 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

1c05145d647f2d2c1ade6fa13e8c17e7040d6453418ec35c6058ebaf4ef2c845

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 418
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jun 2023 15:23:38 GMT
expires: Thu, 22 Jun 2023 15:23:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jun 2023 15:23:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9231397.fls.doubleclick.net/activityi;dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=COzq4r-X1_8CFSIKaAgdkkYL_g;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3... Show response
10742279.fls.doubleclick.net/ Frame E06E
Redirect Chain

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_sourc...
https://10742279.fls.doubleclick.net/activityi;dc_pre=COzq4r-X1_8CFSIKaAgdkkYL_g;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fw...

828 B
651 B

854ms
853ms

Document
text/html

172.217.13.134

General

Check archive.org

Show headers Download Go to

Full URL

https://10742279.fls.doubleclick.net/activityi;dc_pre=COzq4r-X1_8CFSIKaAgdkkYL_g;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.134 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

5512d21e4851b96efa38e3ae231ef0702628aa5d3ce860042407bede1bd370e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 353
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jun 2023 15:23:38 GMT
expires: Thu, 22 Jun 2023 15:23:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jun 2023 15:23:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10742279.fls.doubleclick.net/activityi;dc_pre=COzq4r-X1_8CFSIKaAgdkkYL_g;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cnxtag-min.js Show response
js.cnnx.link/roi/ 2 KB
1 KB 95ms
18ms Script
text/javascript 2600:9000:24f4:f800:11:85b0:d600:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f4:f800:11:85b0:d600:93a1 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d30617b516a30062ca314c2c5f7fe5b9b37b6cc76b1a965b5199862197301608

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:16:03 GMT
via: 1.1 google, 1.1 035e691ec6c773baa108d5dd3cdf6b28.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: IAD55-P3
age: 455
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=600
x-amz-cf-id: -Q-VXFfm0k-1R9MtiGKZ4dg31hfLQhS1GgNsGXmgRqe3jUo60w1Gdg==

GET
H2

200

activityi;dc_pre=CNDm47-X1_8CFb4OaAgdaP8ITw;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=1789741671.1687447419;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https... Show response
10265292.fls.doubleclick.net/ Frame 44C9
Redirect Chain

https://10265292.fls.doubleclick.net/activityi;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=1789741671.1687447419;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=ht...
https://10265292.fls.doubleclick.net/activityi;dc_pre=CNDm47-X1_8CFb4OaAgdaP8ITw;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=1789741671.1687447419;uaa=;uab=;uafvl=;uam...

615 B
684 B

52ms
50ms

Document
text/html

172.217.13.134

General

Check archive.org

Show headers Download Go to

Full URL

https://10265292.fls.doubleclick.net/activityi;dc_pre=CNDm47-X1_8CFb4OaAgdaP8ITw;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=1789741671.1687447419;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.134 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

c1c59b688b729503dabda26d630bd5918d2d0edd0f59aef4b236951289ade5ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 346
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jun 2023 15:23:38 GMT
expires: Thu, 22 Jun 2023 15:23:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jun 2023 15:23:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10265292.fls.doubleclick.net/activityi;dc_pre=CNDm47-X1_8CFb4OaAgdaP8ITw;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=1789741671.1687447419;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=CPvw4r-X1_8CFZ8MaAgdiUwIiA;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3... Show response
10742279.fls.doubleclick.net/ Frame EDB9
Redirect Chain

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_sourc...
https://10742279.fls.doubleclick.net/activityi;dc_pre=CPvw4r-X1_8CFZ8MaAgdiUwIiA;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fw...

828 B
690 B

181ms
180ms

Document
text/html

172.217.13.134

General

Check archive.org

Show headers Download Go to

Full URL

https://10742279.fls.doubleclick.net/activityi;dc_pre=CPvw4r-X1_8CFZ8MaAgdiUwIiA;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.134 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

279ed7486a7793aadadf8e72031f37b1bb2115c71a7b4b6a8b27131015f3b270

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 352
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jun 2023 15:23:38 GMT
expires: Thu, 22 Jun 2023 15:23:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jun 2023 15:23:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10742279.fls.doubleclick.net/activityi;dc_pre=CPvw4r-X1_8CFZ8MaAgdiUwIiA;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1608912&seg=30774953&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1608912%26seg%3D30774953%26t%3D2

43 B
1 KB

31ms
30ms

Image
image/gif

68.67.160.26

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1608912%26seg%3D30774953%26t%3D2

Requested by

Protocol

HTTP/1.1

Server

68.67.160.26 -, , ASN (),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 22 Jun 2023 15:23:38 GMT
AN-X-Request-Uuid: a12c1fcb-c96d-471b-b61e-77768d766746
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 5.181.234.132; 5.181.234.132; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 22 Jun 2023 15:23:38 GMT
AN-X-Request-Uuid: 99b5b8ae-be2b-407a-a3b8-001869d3b373
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1608912%26seg%3D30774953%26t%3D2
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 5.181.234.132; 5.181.234.132; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 token Show response
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 2 KB
2 KB 290ms
289ms XHR
application/json 204.2.138.109

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/vendor.js?yocs=F_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.138.109 -, , ASN (),

Reverse DNS

Software

Resource Hash

1269d33bcdde87822b0972bff57ff4a298fe893b9369ba45cd73e5e5970e616e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
accept-language: en-US,en;q=0.9
x-pwa-request: true
authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 22 Jun 2023 15:23:38 GMT
content-encoding: gzip
x-correlation-id: 7db57e5f986c9809
cf-cache-status: DYNAMIC
via: 1.1 8a7696c9764ab79132ce2754e8e20bec.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SFO20-C1
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc028a6d-1687441174-9485083993 tts/1687276478465 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
pragma: no-cache
x-ratelimit-1m-remaining: 23374, 823708
x-ratelimit-1m-reset: 21135, 21134
vary: Accept-Encoding, User-Agent
x-ratelimit-1m-limit: 24000, 850000
content-type: application/json
cache-control: no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics: 2521cc028596/[159,158,-] 25D1cc028a6d/[-,160.410]
cf-ray: 7db57e5f986c9809-SJC
x-amz-cf-id: fxOE13uqzr9J0l09KCik4nteK6phl7BSWaj21Fimc8kX9jLrng8fYQ==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/ 383 KB
92 KB 22ms
22ms Script
application/javascript 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uPFqyxtrxGqJsyAvB7RnSg==
age: 73663
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93482
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:45 GMT
server: cloudflare
etag: 0x8DADC66BDFA5EC7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: da60ad71-a01e-00f1-2de1-5a0975000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7db57e5ef8d61831-EWR

GET
H2 200 dy-coll-min.js Show response
cdn.dynamicyield.com/scripts/1.176.0/ 199 KB
62 KB 27ms
25ms Script
application/javascript 2600:9000:246d:fc00:a:b89d:a6c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/scripts/1.176.0/dy-coll-min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:246d:fc00:a:b89d:a6c0:93a1 -, , ASN (),
Reverse DNS
Software: DYCDN /
Resource Hash: 8d45dd50af1abd06acdc8a31d3953997137b8a2e1797a003a733f840c0beeaa9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 04 Jun 2023 08:18:30 GMT
content-encoding: gzip
via: 1.1 8b0e655fd57eb56de6cd1d8b9f2238d4.cloudfront.net (CloudFront)
last-modified: Wed, 31 May 2023 13:41:57 GMT
server: DYCDN
age: 1580709
x-amz-cf-pop: PIT50-P2
etag: W/"761c38f1b487c1da78272789d9be2534"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: fgsye3xF__2H54NJw3OMViZqyw2JYqyIEiJ6be4E2Y1mn9AMVbTSig==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
212 B 42ms
41ms XHR
text/plain 2607:f8b0:4020:807::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=811045223&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&dr=https%3A%2F%2Frd.bizrate.com%2F&ul=en-us&de=UTF-8&dt=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=329833797&gjid=899839532&cid=1678934446.1687447419&tid=UA-432816-1&_gid=190648762.1687447419&_r=1&_slc=1&gtm=45He36e2n81WL3STMX&z=665469322

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 uia Show response
async-px.dynamicyield.com/ 0
384 B 112ms
21ms XHR
text/plain 108.138.106.59

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/uia?cnst=1&_=1687447418819
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.176.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.106.59 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:38 GMT
via: 1.1 f359087e1d20f17f76b31eb5ffbbd450.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: TgPGquNJ1y4YCtYgz-6Y5NJQ9adYzk0ufnFlcfpvPRJCBZCWAXAu4Q==
expires: 0

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/1f50a3fb-5968-4020-b0fc-abfb8475288a-test/6386b06d-c3b6-4f6c-9451-50dc9ede229d/ 36 KB
9 KB 87ms
87ms Fetch
application/x-javascript 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1f50a3fb-5968-4020-b0fc-abfb8475288a-test/6386b06d-c3b6-4f6c-9451-50dc9ede229d/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

e1db65105cc7ffef21f85ac58b8f18474cbc8271c391cd7754270ca0c543b673

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-md5: o1j4LdnI0wwkuk8sz5Gg3w==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8929
x-ms-lease-status: unlocked
last-modified: Wed, 21 Dec 2022 14:03:23 GMT
server: cloudflare
etag: 0x8DAE35C1F92372A
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 668f642f-301e-0011-031d-a5effd000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7db57e5fda820fa9-EWR

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
350 B 65ms
25ms XHR
text/plain 2607:f8b0:4004:c0b::9d

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=1678934446.1687447419&jid=329833797&gjid=899839532&_gid=190648762.1687447419&_u=YEBAAEAAAAAAACAAI~&z=1900370350

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9d -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 22 Jun 2023 15:23:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 84ms
20ms Fetch 108.138.106.59

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=176377&uid=5525916993579149178&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=0ccaeb388a8c7bb574bc81d82f70bb1f&expSes=88035&aud=1004392.1092373.1167402.1274296.1324059.1426804.1443347.1846919.884367.884372.884385.884387.998337.1182144.799438.799443&expVisitId=-1059800174749077661&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1687447418848&rri=2367650
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.176.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.106.59 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:38 GMT
via: 1.1 f359087e1d20f17f76b31eb5ffbbd450.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: jvxo5fzJUNkXa4Ezyq9GC_srMWUk9yfWRRjJV0rMyvBoPgTTNL7uFg==
expires: 0

GET
H2 200 dc_pre=CNDm47-X1_8CFb4OaAgdaP8ITw;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=*;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%...
adservice.google.com/ddm/fls/z/ Frame 44C9 42 B
401 B 103ms
45ms Image
image/gif 2607:f8b0:4020:807::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNDm47-X1_8CFb4OaAgdaP8ITw;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=*;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005

Requested by

Host: 10265292.fls.doubleclick.net
URL: https://10265292.fls.doubleclick.net/activityi;dc_pre=CNDm47-X1_8CFb4OaAgdaP8ITw;src=10265292;type=conte0;cat=homep0;ord=7139523187206;gtm=45He36e2;auiddc=1789741671.1687447419;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://10265292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 batch
async-px.dynamicyield.com/ 0
384 B 41ms
20ms Ping
text/plain 108.138.106.59

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/batch?cnst=1&_=1687447418904_359481
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.176.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.106.59 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:38 GMT
via: 1.1 f359087e1d20f17f76b31eb5ffbbd450.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: olJHtWo615NEkv3OzdM0ldv-52Ce4Mnl4vi2Bgq_vJ7Lj8ZMxbq5Wg==
expires: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 43ms
42ms Image
image/gif 2607:f8b0:4020:805::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=1678934446.1687447419&jid=329833797&_u=YEBAAEAAAAAAACAAI~&z=200251294

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 13 KB
3 KB 16ms
15ms Fetch
application/json 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: vO8A/abKpoPacUrvSk9OSw==
age: 40286
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B7AF38D0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ce2a4a9a-801e-00a9-14e1-5a0d0e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7db57e608b130fa9-EWR

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 62 KB
15 KB 16ms
16ms Fetch
application/json 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: MDgKSvnSO+c999jgSnUf4g==
age: 76796
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14749
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B80F4BC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f7508a78-001e-0116-5f0b-9d5f2d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7db57e609b140fa9-EWR

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 21 KB
4 KB 17ms
17ms Fetch
text/css 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 79822
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 0482d303-f01e-0043-2fe1-5af20f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7db57e609b150fa9-EWR

GET
H2 200 dc_pre=CPvw4r-X1_8CFZ8MaAgdiUwIiA;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcp...
adservice.google.com/ddm/fls/z/ Frame EDB9 42 B
107 B 44ms
43ms Image
image/gif 2607:f8b0:4020:807::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPvw4r-X1_8CFZ8MaAgdiUwIiA;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005

Requested by

Host: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;dc_pre=CPvw4r-X1_8CFZ8MaAgdiUwIiA;src=10742279;type=elf8j0;cat=glo_flhp;ord=4444386928003;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://10742279.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
pixel.mediaiqdigital.com/
Redirect Chain

https://secure.adnxs.com/px?id=1608909&seg=30774951&redir=https%3A%2F%2Fpixel.mediaiqdigital.com%2Fpixel%3Fu1%3D%5Bu1%5D%26u3%3D%26u4%3D%26pixel_id%3D1608909%26uid%3D%24%7BUID%7D&t=2
https://pixel.mediaiqdigital.com/pixel?u1=[u1]&u3=&u4=&pixel_id=1608909&uid=8743891521748779056

2 B
82 B

59ms
11ms

Image
application/json

44.206.147.227

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mediaiqdigital.com/pixel?u1=[u1]&u3=&u4=&pixel_id=1608909&uid=8743891521748779056
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Server: 44.206.147.227 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:39 GMT
content-length: 2
content-type: application/json; charset=utf-8

Redirect headers

Pragma: no-cache
Date: Thu, 22 Jun 2023 15:23:38 GMT
AN-X-Request-Uuid: a6a98572-ed7f-48cd-89fe-aacabf14f736
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://pixel.mediaiqdigital.com/pixel?u1=[u1]&u3=&u4=&pixel_id=1608909&uid=8743891521748779056
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 5.181.234.132; 5.181.234.132; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
623 B 15ms
14ms Image
image/svg+xml 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 72743
x-ms-lease-status: unlocked
last-modified: Tue, 20 Jun 2023 16:31:27 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 527d0d22-401e-011a-140d-a4b1dc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7db57e60eaac1831-EWR

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 34ms
33ms Image
image/png 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 66899
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Tue, 20 Jun 2023 16:31:27 GMT
server: cloudflare
etag: 0x8DB71ABCBE08EE4
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 61da5eca-f01e-002e-3bc1-a35821000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7db57e613b011831-EWR

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 18ms
17ms Image
image/svg+xml 2606:4700::6812:a972

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Jun 2023 15:23:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 49520
x-ms-lease-status: unlocked
last-modified: Tue, 20 Jun 2023 16:31:27 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 010402d8-e01e-0171-0ba1-a3ec8a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7db57e613b021831-EWR

GET
H2

204

t
evt.undertone.com/ Frame 3D02
Redirect Chain

https://ads.undertone.com/t?trackerid=7729&cb=1784387658
https://evt.undertone.com/t?trackerid=7729&cb=1784387658

0
697 B

147ms
34ms

Image
text/plain

18.165.9.43

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evt.undertone.com/t?trackerid=7729&cb=1784387658
Requested by: Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?
Protocol: H2
Server: 18.165.9.43 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://9231397.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:39 GMT
via: 1.1 11712d2cc9cad75bbd6a8829f85808ac.cloudfront.net (CloudFront)
server: istio-envoy
x-amz-cf-pop: PIT50-P1
x-cache: Miss from cloudfront
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin: https://9231397.fls.doubleclick.net/
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
x-amz-cf-id: 7VuBr8jWPdgiVqOVFZg6QMOrbM8ajlIOGzu1kRCzKVlEBiAPvEJh5g==
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Thu, 22 Jun 2023 15:23:38 GMT
via: 1.1 1631ac35bac9cbaaa7c65e1bf3666d7a.cloudfront.net (CloudFront)
server: istio-envoy
accept-ch: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop: JFK50-P4
x-cache: Miss from cloudfront
location: https://evt.undertone.com/t?trackerid=7729&cb=1784387658
x-envoy-upstream-service-time: 0
content-length: 0
x-amz-cf-id: CZERe45EJ_BCL3ijuyGIgEFHrlnxCwELlaRIrEwjmj2Oe1Z-IKjKaw==

GET
H3 200 dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=*;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;ua...
adservice.google.com/ddm/fls/z/ Frame 3D02 42 B
63 B 44ms
44ms Image
image/gif 2607:f8b0:4020:807::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=*;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005

Requested by

Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CNbg4r-X1_8CFYMKaAgdTWIO_Q;src=9231397;type=retarget;cat=globa0;ord=7370093100467;gtm=45He36e2;auiddc=1789741671.1687447419;u6=%2F;u10=Paid_Search;u12=connexity;u8=undefined;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://9231397.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 sessions Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 0
1 KB 253ms
251ms XHR
text/plain 204.2.138.109

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/vendor.js?yocs=F_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.138.109 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJlNWVhOWMzNy0zNzJhLTQ5N2EtYjVjOS0zZDQ2OGRjOTUwYWQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmEwYzY2MDI2LTE1NjItNDQwYy1hMGNhLTVkZDNhMzkyYjVkZiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTY4NzQ0NzM4OCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWN3cmFIbEh3VWtId1JrcnMwa0dZWWxiYUg6OmNoaWQ6ICIsImV4cCI6MTY4NzQ0OTIxOCwiaWF0IjoxNjg3NDQ3NDE4LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NDA2MzgyMzczMTY0MDY5In0.mLIKEE2oL-8dFPEEgjcsJZ6rzYv0NEDFi4BQn59pnCsind8PoprGhYpFgfQ4-MgYQ3QbsCAadw_ZhAvhUxSQfA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:39 GMT
via: 1.1 1b76276e9fd9c7bd637ed463cc0a5976.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: SFO20-C1
age: 0
x-yottaa-optimizations: ob/0 si/25D1cc028a6d-1687441174-9485084016 tts/1687276478465 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
pragma: no-cache
allow: OPTIONS,POST
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2521cc028537/[130,129,-] 25D1cc028a6d/[-,131.224]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges: bytes
cf-ray: 7db57e621d111668-SJC
x-dw-request-base-id: DIM9-HtnlGQBAAB_
x-amz-cf-id: ajddmbNxc_OcxvxkMUIx3ec8U60Yy0kOjgV39FR4zkZRqxOgnqjKQg==
x-yottaa-os: 204
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 shoppercontext Show response
www.elfcosmetics.com/api/v1/ 60 B
975 B 1099ms
1098ms XHR
application/json 204.2.138.109

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/vendor.js?yocs=F_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.138.109 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f7a11721a7ed2b9591137afe1a31f31747fe31111e9af6bc21ad1f06f5ffd4d

Request headers

Referer: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJlNWVhOWMzNy0zNzJhLTQ5N2EtYjVjOS0zZDQ2OGRjOTUwYWQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmEwYzY2MDI2LTE1NjItNDQwYy1hMGNhLTVkZDNhMzkyYjVkZiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTY4NzQ0NzM4OCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWN3cmFIbEh3VWtId1JrcnMwa0dZWWxiYUg6OmNoaWQ6ICIsImV4cCI6MTY4NzQ0OTIxOCwiaWF0IjoxNjg3NDQ3NDE4LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NDA2MzgyMzczMTY0MDY5In0.mLIKEE2oL-8dFPEEgjcsJZ6rzYv0NEDFi4BQn59pnCsind8PoprGhYpFgfQ4-MgYQ3QbsCAadw_ZhAvhUxSQfA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
content-type: application/json

Response headers

date: Thu, 22 Jun 2023 15:23:40 GMT
via: 1.1 11c8673f8a48dc627eaa83c99e9efedc.cloudfront.net (CloudFront)
content-encoding: gzip
x-amzn-remapped-content-length: 60
x-amz-cf-pop: SFO20-C1
age: 0
x-amzn-remapped-connection: close
x-yottaa-optimizations: ob/1000 si/25D1cc028a6d-1687441174-9485084017 tts/1687276478465 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-amzn-requestid: b427de96-40ca-47da-92bd-d31581c1fdce
x-cache: Miss from cloudfront
x-amz-apigw-id: G7UbTGn4CYcFbsA=
content-length: 83
etag: W/"3c-MOB9b6WqQ7uz4ISFVFGSw4Z4FPY"
x-amzn-trace-id: Root=1-6494677b-67c4e6f60966641728de4761;Sampled=0;lineage=2b75b0e9:0
content-type: application/json; charset=utf-8
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028536/[968,967,-] 25D1cc028a6d/[-,969.795]
x-amzn-remapped-date: Thu, 22 Jun 2023 15:23:40 GMT
x-amz-cf-id: 7QdyrCvz-i2BE0M6zEKMiBPRt9lzh2Thif0JSt67-sR2bL6vwHpArw==

GET
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/acwraHlHwUkHwRkrs0kGYYlbaH/ 16 B
1 KB 608ms
607ms XHR
application/json 204.2.138.109

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/acwraHlHwUkHwRkrs0kGYYlbaH/baskets?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/vendor.js?yocs=F_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.138.109 -, , ASN (),

Reverse DNS

Software

Resource Hash

45a53939b0fa7df06e02e10297440c1001e71bd0b645a645bb03b414819cb0ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
accept-language: en-US,en;q=0.9
x-pwa-request: true
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJlNWVhOWMzNy0zNzJhLTQ5N2EtYjVjOS0zZDQ2OGRjOTUwYWQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmEwYzY2MDI2LTE1NjItNDQwYy1hMGNhLTVkZDNhMzkyYjVkZiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTY4NzQ0NzM4OCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWN3cmFIbEh3VWtId1JrcnMwa0dZWWxiYUg6OmNoaWQ6ICIsImV4cCI6MTY4NzQ0OTIxOCwiaWF0IjoxNjg3NDQ3NDE4LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NDA2MzgyMzczMTY0MDY5In0.mLIKEE2oL-8dFPEEgjcsJZ6rzYv0NEDFi4BQn59pnCsind8PoprGhYpFgfQ4-MgYQ3QbsCAadw_ZhAvhUxSQfA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:40 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
x-correlation-id: 7db57e64893a1736
via: 1.1 88734c1b1a8053ae83daf0f85731c788.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO20-C1
x-yottaa-optimizations: ob/1000 si/25D1cc028a6d-1687441174-9485084023 tts/1687276478465 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-cache: Miss from cloudfront
age: 0
content-length: 42
x-xss-protection: 1; mode=block
vary: Accept-Encoding
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
x-frame-options: SAMEORIGIN
x-yottaa-metrics: 2521cc028534/[454,452,-] 25D1cc028a6d/[-,455.918]
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/acwraHlHwUkHwRkrs0kGYYlbaH/baskets?siteId=elf-us
x-ratelimit-remaining: 4591
x-ratelimit-limit: 4600
accept-ranges: bytes
cf-ray: 7db57e64893a1736-SJC
x-amz-cf-id: 8B-zfADWZOGplq1SQo_Fyk-yG93e_1ep3GqVqXKXKyGS1CWhWFDg3Q==
x-yottaa-os: 200

GET
H3 200 dc_pre=COzq4r-X1_8CFSIKaAgdkkYL_g;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcp...
adservice.google.com/ddm/fls/z/ Frame E06E 42 B
63 B 52ms
51ms Image
image/gif 2607:f8b0:4020:807::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COzq4r-X1_8CFSIKaAgdkkYL_g;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005

Requested by

Host: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;dc_pre=COzq4r-X1_8CFSIKaAgdkkYL_g;src=10742279;type=elf8j0;cat=glo_flap;ord=3846017456871;gtm=45He36e2;auiddc=1789741671.1687447419;u1=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005?

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://10742279.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 init.js Show response
www.elfcosmetics.com/XT4Gy2ig/ 164 KB
73 KB 301ms
300ms Script
application/javascript 204.2.138.109

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.138.109 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0378a645135b5fad164b74ac57bc9f68576ea14406e9de438ce8b22ec6bfb76

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:39 GMT
content-encoding: gzip
etag: "28f52-Kug73SmPiyWstREwTCf5IC5thEw"
active-cdn: Akamai
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
x-yottaa-metrics: 25D1cc028a6d/[-,125.527]
x-px-hash: OWI5NjJmNjVlOGQ0YWI0ZjMzMmM0N2M3NTA0YjcxOTk2MThmYzdkMDUwYTAwM2VmMTVlYzFlNzcyMzRiZTk1NA==
x-yottaa-optimizations: ob/0 si/25D1cc028a6d-1687441174-9485084028 tts/1687447419887 ti/0 ai/5a0c9b7632f01c35d42101b2

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
20ms Image
image/gif 2607:f8b0:4020:807::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=811045223&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&dr=https%3A%2F%2Frd.bizrate.com%2F&ul=en-us&de=UTF-8&dt=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=25%25&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=1678934446.1687447419&tid=UA-432816-1&_gid=190648762.1687447419&gtm=45He36e2n81WL3STMX&cd4=1&cd8=&cd9=0&cd14=homepage&cd19=&cd21=US&z=759134757

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 01:16:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50828
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
191 B 127ms
57ms Ping
text/json 204.141.89.251

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.141.89.251 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 22 Jun 2023 15:23:39 GMT
access-control-expose-headers: X-Results-Data-Source
access-control-allow-credentials: true
cache-control: no-cache
timing-allow-origin: *
content-type: text/json

GET
H/1.1 200
OK main.js Show response
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 272 KB
57 KB 155ms
22ms Script
text/javascript 104.91.106.8

General

Check archive.org

Show headers Download Go to

Full URL

https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.91.106.8 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

8dea6b2240fed7b9dccb7a71b05a27a2b41908306b12c498c2c718856568a3cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip
Date: Thu, 22 Jun 2023 15:23:39 GMT
Last-Modified: Mon, 22 May 2023 13:58:04 GMT
Server: Apache
ETag: "22004f-4412b-5fc48a8e49847"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 57612
Expires: Thu, 22 Jun 2023 15:38:39 GMT

GET
H2 200 110221.ct.js Show response
tag.rmp.rakuten.com/ 47 KB
15 KB 68ms
23ms Script
text/javascript 34.102.147.248

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.rmp.rakuten.com/110221.ct.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.147.248 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:39 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 22 Jun 2023 15:23:39 GMT
x-cache: hit
x-samesite: secure
content-type: text/javascript
cache-control: max-age=86400
x-dyn: 0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 js Show response
www.paypal.com/sdk/ 381 KB
108 KB 92ms
26ms Script
application/javascript 151.101.1.21

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 -, , ASN (),

Reverse DNS

Software

Resource Hash

f983d0417df7858b3bd80f1614a86ab25c9a361121105d73c48437a961ddb410

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-rsgcUBnvkZJbnLKzX0KNBJV5gO3QhghLJkGTQ4e5U6cIJb+7' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rsgcUBnvkZJbnLKzX0KNBJV5gO3QhghLJkGTQ4e5U6cIJb+7' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-rsgcUBnvkZJbnLKzX0KNBJV5gO3QhghLJkGTQ4e5U6cIJb+7' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rsgcUBnvkZJbnLKzX0KNBJV5gO3QhghLJkGTQ4e5U6cIJb+7' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 22 Jun 2023 15:23:39 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 10394
x-cache: HIT, HIT
p3p: true
paypal-debug-id: f636881206648
server-timing: "traceparent;desc="00-0000000000000000000f636881206648-505c65143115affe-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 108838
x-xss-protection: 1; mode=block
x-served-by: cache-iad-kcgs7200103-IAD, cache-lga21928-LGA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f636881206648-b7002a45a8b29048-01
x-timer: S1687447420.946406,VS0,VE1
etag: W/"1a926-Z08mjCWYKVfTM7tPDp0GP+FcwuU"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 14202, 4757

GET
H/1.1 200
OK / Show response
websdk.appsflyer.com/ 38 KB
12 KB 105ms
18ms Script
application/javascript 2600:1400:9000::687e:774b

General

Check archive.org

Show headers Download Go to

Full URL: https://websdk.appsflyer.com/?st=banners&
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:9000::687e:774b -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Thu, 22 Jun 2023 15:23:39 GMT
Content-Encoding: gzip
x-amz-request-id: 2YB2S79F7M1AYA0H
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 11792
x-amz-id-2: zv8gjwupVIE8rjvpBDLtKTftzWpNC38nKXy5SoA9M4CleAIvm2p/AV+zJcIejoEzSUvSi4VBbsk=
Last-Modified: Wed, 14 Jun 2023 06:58:45 GMT
Server: AmazonS3
ETag: "5a676288bcea03bd05e483bc4ce066ae"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2171
Accept-Ranges: bytes
X-DataStream-Cache-Status: 1
Expires: Thu, 22 Jun 2023 15:59:50 GMT

GET
H2 200 loader.js Show response
cdn.usehero.com/ 90 KB
27 KB 211ms
24ms Script
application/javascript 2600:9000:246d:f800:13:d6f4:3240:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.usehero.com/loader.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:246d:f800:13:d6f4:3240:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28e6b19288d298a5cd1e4e2ea1a52e5034f9adb621963e7908891401c4c5f770

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 14:58:39 GMT
content-encoding: gzip
via: 1.1 298bfd7d0e5de775164fa161b32e71de.cloudfront.net (CloudFront)
last-modified: Mon, 24 Apr 2023 09:02:00 GMT
server: AmazonS3
x-amz-cf-pop: PIT50-P2
age: 1506
x-amz-server-side-encryption: AES256
etag: W/"a04087d4349eddeb24e25f1a9b8f7392"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: fkB1tkkEpt7_sV4e76YRq34jG457Tldm2bqvqj8KbUKd16PwD7YkjQ==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/ 3 KB
1 KB 262ms
260ms Script
text/javascript 2607:f8b0:4020:805::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/?random=1687447418585&cv=11&fst=1687447418585&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&hn=www.googleadservices.com&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&auid=1789741671.1687447419&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

96f9ccb38f340b5924d4d680e251bdba4d7666c2b6ab89d13f7592da9082242f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1425
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/698270988/ 3 KB
2 KB 178ms
75ms Script
text/javascript 172.217.13.162

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/698270988/?random=1687447418592&cv=11&fst=1687447418592&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&value=0&bttype=purchase&auid=1789741671.1687447419&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.162 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

31d9ab7fd36728a0af58c751174d1f6f41ae36f0cf044adc3af961f24df31ca7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1748
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/ 3 KB
1 KB 205ms
187ms Script
text/javascript 2607:f8b0:4020:805::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/?random=1687447418630&cv=11&fst=1687447418630&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&hn=www.googleadservices.com&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&auid=1789741671.1687447419&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

472353a3ee7eabf8260338c79d87478f9a32cad9400d6ced40f09e112fae45df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1453
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/ 3 KB
1 KB 166ms
148ms Script
text/javascript 2607:f8b0:4020:805::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1687447418631&cv=11&fst=1687447418631&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&hn=www.googleadservices.com&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&auid=1789741671.1687447419&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

bcdc28f35dead64b54b18ed2f65344120a16144315970aecd9c974b362ebfea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1453
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 112 KB
28 KB 41ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b9d9c248d1c87f59c7f19b198c5ed7310a4bfd0f57759dd87d649b00ec9fdb5b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Jun 2023 15:23:40 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 28296
x-xss-protection: 0
pragma: public
x-fb-debug: 2BaGUxVrVByye1nIAm7p93AFlv38XFhMAjE+fBWq+PnInmzD5l9bIgNGKI2lRoCV79N+KsxRq0YDlXmugB8Pdg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 3 KB
2 KB 136ms
28ms Script
application/javascript 23.196.3.180

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.196.3.180 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 70a9fc601a501dd70eb7dc61e1b9acc6b9f8eff942155337d64d71ee4c71c880

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-akamai-request-id: 73f00ce
date: Thu, 22 Jun 2023 15:23:40 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-196-2-180.deploy.akamaitechnologies.com (AkamaiGHost/11.1.2-48827901) (-)
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=13
content-length: 1379
pragma: no-cache
server: nginx
x-tt-logid: 202306221523407BB701AE1DC512CF9B65
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 13,23.196.2.180
x-tt-trace-host: 0180e0563fd48d5bb1dbc36bedbaa7d77436b75638901c6677359ff585c8e52f156b678fc9bf9fc7ec6f70bec6281492dd223bf1867f8b54b38ae2a7e6b3cf5ab283678cb35f927ef75165a2a46a08ef60ac9fe9187a61c9c55772fc28b20281b4
expires: Thu, 22 Jun 2023 15:23:40 GMT

GET
H2 200 widget.js Show response
js.jebbit.com/companion/v1/ 94 KB
95 KB 176ms
29ms Script
application/javascript 2600:9000:246d:3e00:a:7914:b00:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:246d:3e00:a:7914:b00:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8be37d67656b32b9042de5b3d92c08c111f6f2aca2eed87af7511974b3cfd256

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 05:42:05 GMT
x-amz-version-id: 2Yquka66ZwhiXyEcimCG.nQlksAMRsKf
via: 1.1 e390b58f4068fa19907d58bb09d89366.cloudfront.net (CloudFront)
last-modified: Tue, 23 May 2023 18:08:43 GMT
server: AmazonS3
x-amz-cf-pop: PIT50-P2
age: 34896
etag: "ce8a081f0599d2a2aca098419dc5e8fa"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 96581
x-amz-cf-id: C7GEW1imlBqsmQvEpO_jVifkO1Mphz31Xn13rLkFmNo3BO1z8d1ADA==

GET
H2 200 i.js Show response
tag.wknd.ai/4142/ 14 KB
5 KB 120ms
12ms Script
text/plain 34.120.253.250

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/4142/i.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: 52ca51ba50f30f67165f513f067d404599a282673eeef2f3cdd805d89a2122dd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:22:23 GMT
content-encoding: gzip
via: 1.1 google
age: 77
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4720
server: istio-envoy
etag: f1bf93ac321429
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 261 KB
87 KB 86ms
61ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d1f4a16b9a9937fc5f54319087933fc87d5a89f328acdd0ea67fd8017828d998

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89264
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 22 Jun 2023 15:23:40 GMT

GET
H2 200 1a8bfa042c9c5.js Show response
t.contentsquare.net/uxa/ 366 KB
79 KB 82ms
11ms Script
application/javascript 18.164.116.65

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.116.65 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25ead3adcd6b8bc328ca607264c011d787f4f3327d73a84a8319ead700043fb7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:11:02 GMT
content-encoding: br
via: 1.1 00266a01055b9f1e1ad959f077c1d96a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P6
age: 0
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 79856
last-modified: Thu, 22 Jun 2023 15:09:33 GMT
server: AmazonS3
etag: "2c21245c9a2e237f027d4a584f1bedd6"
vary: Origin
content-type: application/javascript;charset=utf-8
cache-control: max-age=900
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: kQxV4FFFnpOVXdKLOe1NffQeUSmAhoKDi8_m9FQpU3GCi8mtz1xwvg==

GET
H2 200 swiper.js Show response
cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/js/ 268 KB
40 KB 83ms
19ms Script
application/javascript 2606:4700::6811:190e

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/js/swiper.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

2e6fdfe0de25d903ebf13597e3ac3615fb3c50df486cdf1da967650fcabae659

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 9156838
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 39981
last-modified: Mon, 04 May 2020 16:04:02 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03cf2-43186"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8UFTeAqC7kOAvxRyoCYCHr0PjrSADIdRXByAkssMJt1OITPgGJWkpFD1MHS19HeOi5ECrkMsXHVEueL%2BscCx7xhkfpeeOcnh%2Fgrk3Q1jtaqGDfgmcYJWnVzTvS91xEy3Vr8BGog7N20C4lq8XBUKzSMf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7db57e67d9f0421b-EWR
expires: Tue, 11 Jun 2024 15:23:40 GMT

GET
H2 200 sdk.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 73ms
43ms Script
application/javascript 23.196.3.180

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRR4GA0I9JJBU29G8GF0
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.196.3.180 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: cb0586bb284d25fcf033043a119c0e316b486309464ed8e8a900cc2264fcc762

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-akamai-request-id: 6fc41b64.73f00cf
date: Thu, 22 Jun 2023 15:23:40 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-196-2-180.deploy.akamaitechnologies.com (AkamaiGHost/11.1.2-48827901) (-)
x-parent-response-time: 30,23.196.2.180
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=21, inner; dur=3
content-length: 2052
pragma: no-cache
server: nginx
x-tt-logid: 202306221523402245CDD75BA5BCC05107
x-cache-remote: TCP_MISS from a23-218-222-68.deploy.akamaitechnologies.com (AkamaiGHost/11.1.2-48827901) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 21,23.218.222.68
x-tt-trace-host: 0180e0563fd48d5bb1dbc36bedbaa7d774ad88527a146b3aae0785d95a037c9de999ac9a928037e7bfba9481ad83c6c739f9f18db8a34bdcd2b1817b694277f9bac83151386a971a863f199673f475122ee8ce9ba16704c68ad49cf157503809e4bbfbb39ade6b3493b88af3aeef54d2a0
expires: Thu, 22 Jun 2023 15:23:40 GMT

GET
H2 200 local Show response
www.paypal.com/credit-presentment/experiments/ Frame E917 5 KB
2 KB 27ms
26ms Document
text/html 151.101.1.21

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.41.0&integrationType=SDK

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 -, , ASN (),

Reverse DNS

Software

Resource Hash

14930c1a6dc59897ee7cab253021ab190f61456cdb8f52d94a59e8a9fe7bec2d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'sha256-5KyKaNwywZ6Y1o5QO7b21PO/SZT3yPriDaEwz0ZS+/4=' 'sha256-rv/dzGq+AtXohIRdYGvIMVViq5Tmm5n1EpTlPiFO05w=' 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-expose-headers: Server-Timing
age: 1706
cache-control: s-maxage=86400, max-age=0
content-encoding: gzip
content-length: 1460
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-5KyKaNwywZ6Y1o5QO7b21PO/SZT3yPriDaEwz0ZS+/4=' 'sha256-rv/dzGq+AtXohIRdYGvIMVViq5Tmm5n1EpTlPiFO05w=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type: text/html; charset=utf-8
date: Thu, 22 Jun 2023 15:23:40 GMT
dc: ccg11-origin-www-1.paypal.com
edge-cache-tag: up-treatments-zoid
etag: W/"135f-xHr0gpQndjMptwyG8ERKqA3cvqI"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f961418d98945
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: "traceparent;desc="00-0000000000000000000f961418d98945-98566da7a755c1f2-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f961418d98945-b9a4e1b5cdf1d1e1-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 276, 430
x-served-by: cache-iad-kcgs7200077-IAD, cache-lga21928-LGA
x-timer: S1687447420.283479,VS0,VE1
x-xss-protection: 1; mode=block

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 13 KB
6 KB 23ms
23ms Script
application/x-javascript 151.101.1.21

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.378&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&vault=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 -, , ASN (),

Reverse DNS

Software

Resource Hash

d2d4be2f237523bdc178e33accae416221573d3b5910bca41768ae5925fa5a59

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-+OOVlBUVaReYnTEN9ha47Y+1UL98v4ZNOGDnkgtBIy4MmD+Q' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-+OOVlBUVaReYnTEN9ha47Y+1UL98v4ZNOGDnkgtBIy4MmD+Q' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 22 Jun 2023 15:23:40 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 82530
x-cache: HIT, HIT
paypal-debug-id: f1672181e7372
server-timing: "traceparent;desc="00-0000000000000000000f1672181e7372-4b6992fc311717e4-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4767
x-xss-protection: 1; mode=block
x-served-by: cache-iad-kiad7000099-IAD, cache-lga21928-LGA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f1672181e7372-438611443d91e543-01
x-timer: S1687447420.283518,VS0,VE1
etag: W/"3560-PHmg7LCChGDkPYxaeOVK3dkrgl4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: bytes
x-cache-hits: 3149, 12

GET
H/1.1 200
OK en-us.js Show response
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/vendors~offers/locale/ 61 KB
7 KB 18ms
14ms Script
text/javascript 104.91.106.8

General

Check archive.org

Show headers Download Go to

Full URL

https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/vendors~offers/locale/en-us.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.91.106.8 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

dfc983293c9baf693a719da3c69be679cbe8aea18c8f35a7abfef41f14800e9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip
Date: Thu, 22 Jun 2023 15:23:40 GMT
Last-Modified: Mon, 22 May 2023 13:58:04 GMT
Server: Apache
ETag: "220100-f346-5fc48a8e4a017"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6295
Expires: Thu, 22 Jun 2023 15:38:40 GMT

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1019 B
1 KB 367ms
364ms XHR
application/json 151.101.1.21

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 -, , ASN (),

Reverse DNS

Software

Resource Hash

ff5ecb47d9c91dbc5d0479fded7574252c95601160e31ffd3b82807de3f20e75

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
content-type: application/json

Response headers

date: Thu, 22 Jun 2023 15:23:40 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS, MISS
paypal-debug-id: f4347952eeaa5
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-iad-kjyo7100161-IAD, cache-lga21937-LGA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f4347952eeaa5-b01433fbb53c760e-01
x-timer: S1687447421.784152,VS0,VE102
etag: W/"3fb-XEogI59ASEdC3qrglWh1jS+KiZc"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: none
x-cache-hits: 0, 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 149ms
111ms Preflight 151.101.1.21

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Thu, 22 Jun 2023 15:23:40 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f114756443491
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f114756443491-970335a81c25a109-01
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-iad-kjyo7100087-IAD, cache-lga21937-LGA
x-timer: S1687447420.422916,VS0,VE91

GET
H3 200 1638306756445368 Show response
connect.facebook.net/signals/config/ 311 KB
88 KB 17ms
10ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1638306756445368?v=2.9.108&r=stable

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f8731a865cc1c16ab41c929f24d07658ecca3e8c9121a09c2b47e2f2d19166ea

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Jun 2023 15:23:40 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 90309
x-xss-protection: 0
pragma: public
x-fb-debug: s71Go+FsduQClzMg5lOXEAHMGAu+8E8GmVcAQRvdqLNriCFIggvPE0K81HMQXE+i/S2DUndavrtg32ykcAtE1Q==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 540 B
796 B 113ms
47ms XHR
application/json 35.190.10.96

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 522cbab9fd89a705460042fc0bd7ee66f914fdf0ab14ddc64623ec53362bca35

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 22 Jun 2023 15:23:39 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 540

GET
H2 200 jsp Show response
ut.rd.linksynergy.com/ 148 B
391 B 68ms
20ms Script
text/plain 34.98.67.3

General

Check archive.org

Show headers Download Go to

Full URL: https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.3 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aca646c8064506f5d8fe2f67a5b01148cbf65bd18ae115b2c5be1ba1efe76f1c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: text/plain; charset=utf-8
date: Thu, 22 Jun 2023 15:23:40 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148
x-samesite: secure

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame E917 381 KB
108 KB 21ms
21ms Script
application/javascript 151.101.1.21

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.41.0&integrationType=SDK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 -, , ASN (),

Reverse DNS

Software

Resource Hash

f983d0417df7858b3bd80f1614a86ab25c9a361121105d73c48437a961ddb410

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-rsgcUBnvkZJbnLKzX0KNBJV5gO3QhghLJkGTQ4e5U6cIJb+7' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rsgcUBnvkZJbnLKzX0KNBJV5gO3QhghLJkGTQ4e5U6cIJb+7' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.41.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-rsgcUBnvkZJbnLKzX0KNBJV5gO3QhghLJkGTQ4e5U6cIJb+7' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rsgcUBnvkZJbnLKzX0KNBJV5gO3QhghLJkGTQ4e5U6cIJb+7' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 22 Jun 2023 15:23:40 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 10395
x-cache: HIT, HIT
p3p: true
paypal-debug-id: f636881206648
server-timing: "traceparent;desc="00-0000000000000000000f636881206648-505c65143115affe-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 108838
x-xss-protection: 1; mode=block
x-served-by: cache-iad-kcgs7200103-IAD, cache-lga21928-LGA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f636881206648-b7002a45a8b29048-01
x-timer: S1687447420.484226,VS0,VE2
etag: W/"1a926-Z08mjCWYKVfTM7tPDp0GP+FcwuU"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 14202, 4758

GET
H3

200

/
www.google.com/pagead/1p-conversion/698270988/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1587209352&cv=11&fst=1687447418592&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww....
https://www.google.com/pagead/1p-conversion/698270988/?random=1587209352&cv=11&fst=1687447418592&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3...

42 B
64 B

54ms
54ms

Image
image/gif

2607:f8b0:4020:805::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/698270988/?random=1587209352&cv=11&fst=1687447418592&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&value=0&auid=1789741671.1687447419&uamb=0&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJOE9MUHBBWVFoT204anR1Q2wtcmVBUkltQUhjTldFbTA3NjE0U0NFUzhFMm5HOHVRc0hFQmE5X2x0dXViX3pEUno0eDhtam1fdnMwGlhDaEFJOE9MUHBBWVFpYUw1OWREdTk2OUZFaTRBVFpnWjRtbE1EYVVSUFlzV0JKVDlWRVVRRWpfNUlZS3cybC1MUXRrZXRCLTVKX09oTlBIZ1J6NFhxS0FaIhMIw-C0wJfX_wIVRQhxCh2z8ggs&is_vtc=1&ocp_id=fGeUZMOyBcWQxAOz5aPgAg&cid=CAQSKQBygQiDnYh18s57lXlH6uACnLh1EvTlLK0JZKfG5IlrkyeNC64CovfX&eitems=ChAI8OLPpAYQh_ze4fHL_LEiEh0AL-lhNVuXwHPnW-MO01eJoGUZne0CaDuz6TEVAw&random=2272974340

Protocol

Server

2607:f8b0:4020:805::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://www.google.com/pagead/1p-conversion/698270988/?random=1587209352&cv=11&fst=1687447418592&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&value=0&auid=1789741671.1687447419&uamb=0&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJOE9MUHBBWVFoT204anR1Q2wtcmVBUkltQUhjTldFbTA3NjE0U0NFUzhFMm5HOHVRc0hFQmE5X2x0dXViX3pEUno0eDhtam1fdnMwGlhDaEFJOE9MUHBBWVFpYUw1OWREdTk2OUZFaTRBVFpnWjRtbE1EYVVSUFlzV0JKVDlWRVVRRWpfNUlZS3cybC1MUXRrZXRCLTVKX09oTlBIZ1J6NFhxS0FaIhMIw-C0wJfX_wIVRQhxCh2z8ggs&is_vtc=1&ocp_id=fGeUZMOyBcWQxAOz5aPgAg&cid=CAQSKQBygQiDnYh18s57lXlH6uACnLh1EvTlLK0JZKfG5IlrkyeNC64CovfX&eitems=ChAI8OLPpAYQh_ze4fHL_LEiEh0AL-lhNVuXwHPnW-MO01eJoGUZne0CaDuz6TEVAw&random=2272974340
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
257 B 109ms
42ms Ping
text/plain 2607:f8b0:4020:806::200e

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je36e2&_p=811045223&_gaz=1&cid=1678934446.1687447419&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1687447420&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&dr=https%3A%2F%2Frd.bizrate.com%2F&dt=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4020:806::200e -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 29ms
28ms Ping
text/plain 2607:f8b0:4004:c0b::9d

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=1678934446.1687447419&gtm=45je36e2&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c0b::9d -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MWE4ZjFkYTAyMQ.js
analytics.tiktok.com/i18n/pixel/static/ 310 KB
82 KB 22ms
21ms Script
application/javascript 23.196.3.180

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE4ZjFkYTAyMQ.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.196.3.180 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-akamai-request-id: 73f064f
date: Thu, 22 Jun 2023 15:23:40 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20230615120913B885CDC9E7E02819845A
vary: Accept-Encoding
x-cache: TCP_HIT from a23-196-2-180.deploy.akamaitechnologies.com (AkamaiGHost/11.1.2-48827901) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01c1f25bb0fdca8475ec9a4c62233896c83e8f3d736b44a0bdd8bf1d0c744c76ecdae37a4851d6a42e3192aa912768619b47023b838a927e634aed5fc8b06276157d74892f94a5bc690d9853b6253d0d94535a0cdf6d67c803fec91b95c3c2f389
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=14
content-length: 83526

GET
H2 200 display Show response
api.usehero.com/webplugin/ 162 B
859 B 213ms
60ms XHR
application/json 52.7.203.140

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&state=untouched&outboundFeature=

Requested by

Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.7.203.140 -, , ASN (),

Reverse DNS

Software

Resource Hash

49176e40db8c4604cd4943827d3f33e08354459e8f6bb78bf231b18b9dd7bc22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:40 GMT
strict-transport-security: max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
surrogate-control: no-store
x-dns-prefetch-control: off
x-time-zone: America/New_York
klarna-correlation-id: 34c1d5ab-ac70-4c9d-a9ec-03c4945fae16
x-envoy-upstream-service-time: 29
x-geo-longitude: -74.00000
content-length: 162
x-xss-protection: 1; mode=block
x-request-id: 34c1d5ab-ac70-4c9d-a9ec-03c4945fae16
pragma: no-cache
referrer-policy: same-origin
etag: W/"a2-b0+CSkzliLpEWWhNdKeKPOZRXJM"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-geo-zip: 10013
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-country: US
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city: New York
x-geo-latitude: 40.71570
x-accuracy: 20
expires: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/698270988/ 42 B
64 B 95ms
73ms Image
image/gif 2607:f8b0:4020:805::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/698270988/?random=1687447418631&cv=11&fst=1687446000000&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&random=2063948090&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10812184462/ 42 B
64 B 96ms
73ms Image
image/gif 2607:f8b0:4020:805::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10812184462/?random=1687447418585&cv=11&fst=1687446000000&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&fmt=3&is_vtc=1&random=304066300&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/865242110/ 42 B
64 B 97ms
75ms Image
image/gif 2607:f8b0:4020:805::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/865242110/?random=1687447418630&cv=11&fst=1687446000000&bg=ffffff&guid=ON&async=1&gtm=45He36e2&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ref=https%3A%2F%2Frd.bizrate.com%2F&frm=0&tiba=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&random=2579359581&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK 05ff12ee-4caf-4908-ba1a-fe1ee6cd3337
https://www.elfcosmetics.com/ 56 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.elfcosmetics.com/05ff12ee-4caf-4908-ba1a-fe1ee6cd3337
Requested by: Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 065bf2a3ba9ebfe8819d9b727d20bd5c9ce3e0cb9fd927beda94f9ebd9f460e0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Length: 57451
Content-Type: text/css

GET
H2 200 launcher_configs Show response
external-api.jebbit.com/moments/v2/ 2 B
488 B 204ms
62ms XHR
application/json 2600:9000:246c:1c00:1b:50c2:4000:93a1

General

Check archive.org

Show headers Download Go to

Full URL

https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRiUzRnV0bV9zb3VyY2UlM0RQYWlkX1NlYXJjaCUyNnV0bV9tZWRpdW0lM0RjcGMlMjZ1dG1fY2FtcGFpZ24lM0Rjb25uZXhpdHklMjZjbnhjbGlkJTNEMTY4NzQ0NzQxMDc3Nzc5NDIyNDUxMTAwODAzMDEwMDgwMDUlMjZ1dG1fdGVybSUzRDE2ODc0NDc0MTA3Nzc3OTQyMjQ1MTEwMDgwMzAxMDA4MDA1&completedLightboxCampaigns=W10=&jebbitCookies=

Requested by

Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:246c:1c00:1b:50c2:4000:93a1 -, , ASN (),

Reverse DNS

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 d7e99b1ceef033bc118c8a8400682206.cloudfront.net (CloudFront)
x-amz-cf-pop: PIT50-P1
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
content-length: 2
x-xss-protection: 1; mode=block
x-amz-cf-id: iNRLYc6faYRAp085Jab73wKmH_ZYJ7XGLOL7rdFrZi6OwlHUk7WDqA==

GET
H2 204 pageview
c.contentsquare.net/ 0
320 B 169ms
28ms Image
text/plain 54.198.143.186

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?pid=1926&uu=d6f5de82-40c9-a29a-d684-2226e2c26e6f&sn=1&hd=1687447420&pn=1&dw=1600&dh=3356&ww=1600&wh=1200&sw=1600&sh=1200&dr=https%3A%2F%2Frd.bizrate.com%2F&url=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&uc=0&la=en-US&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22homepage%22%5D%2C%226%22%3A%5B%22Logged%20in%20status%22%2C%22true%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22homepage%22%5D%2C%226%22%3A%5B%22Logged%20in%20status%22%2C%22true%22%5D%7D&v=13.22.0&pvt=n&dt=95&ex=&r=582127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.198.143.186 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:41 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

POST
H2 200 baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 3 KB
2 KB 479ms
476ms XHR
application/json 204.2.138.109

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.97/mobify/bundle/9288/vendor.js?yocs=F_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.138.109 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJlNWVhOWMzNy0zNzJhLTQ5N2EtYjVjOS0zZDQ2OGRjOTUwYWQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmEwYzY2MDI2LTE1NjItNDQwYy1hMGNhLTVkZDNhMzkyYjVkZiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTY4NzQ0NzM4OCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWN3cmFIbEh3VWtId1JrcnMwa0dZWWxiYUg6OmNoaWQ6ICIsImV4cCI6MTY4NzQ0OTIxOCwiaWF0IjoxNjg3NDQ3NDE4LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NDA2MzgyMzczMTY0MDY5In0.mLIKEE2oL-8dFPEEgjcsJZ6rzYv0NEDFi4BQn59pnCsind8PoprGhYpFgfQ4-MgYQ3QbsCAadw_ZhAvhUxSQfA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
content-type: application/json

Response headers

date: Thu, 22 Jun 2023 15:23:41 GMT
via: 1.1 f9d4b21c935c23e15cfc47b3d33e44e6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: SFO20-C1
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc028a6d-1687441174-9485084064 tts/1687276478465 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
content-length: 1053
pragma: no-cache
etag: 6fb25b4f990dd29cf4b6b32e5dc8bff82e95e8aa8612fb99498425b8f89e37bd
allow: OPTIONS,POST
content-type: application/json;charset=UTF-8
x-dw-resource-state: 6fb25b4f990dd29cf4b6b32e5dc8bff82e95e8aa8612fb99498425b8f89e37bd
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2521cc028a82/[354,353,-] 25D1cc028a6d/[-,355.470]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges: bytes
cf-ray: 7db57e6dfc6c17d8-SJC
x-dw-request-base-id: lGWXQH1nlGQBAAB_
x-amz-cf-id: drRe8R-J6_EM5N7mCPRH07pAoKwl-emVz9B6-HjaIC3Bjxc4SEtP2Q==
x-yottaa-os: 200
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 main.MWE4ZjFkYTAyMA.js
analytics.tiktok.com/i18n/pixel/static/ 293 KB
80 KB 18ms
17ms Script
application/javascript 23.196.3.180

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE4ZjFkYTAyMA.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.196.3.180 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-akamai-request-id: 73f0be8
date: Thu, 22 Jun 2023 15:23:41 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20230615120911E6531DDC23C37BDC4D4F
vary: Accept-Encoding
x-cache: TCP_HIT from a23-196-2-180.deploy.akamaitechnologies.com (AkamaiGHost/11.1.2-48827901) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0187f4aaa5badf2fef368944f53d46b992ea3290f133e3affd8f442541c99224bdf002e6b700cc7f2ed17631901aa3a37aa3e0b1efa85c17eb0c89e474d3080fbb6d05e85650fccd7732999068fb796bdb9d8afda559e9ee24caedbd84d8f3dfe4
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=2
content-length: 81416

GET
H2 200 ts
t.paypal.com/ 42 B
823 B 182ms
117ms Image
image/gif 151.101.193.35

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Affordable%20Drugstore%20Makeup%20%26%20Skincare%20Products%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1687447421255&g=0&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&ru=https%3A%2F%2Frd.bizrate.com%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.35 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Thu, 22 Jun 2023 15:23:41 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 3ebcbe10dbb63
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-iad-kiad7000149-IAD, cache-lga21959-LGA
pragma: no-cache
correlation-id: 3ebcbe10dbb63
traceparent: 00-00000000000000000003ebcbe10dbb63-e85b785166b5c4ae-01
x-timer: S1687447421.335026,VS0,VE94
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 15:23:41 GMT

GET
BLOB 200
OK 7a483afd-4d2d-4132-865d-a94324ad9dbf
https://www.elfcosmetics.com/ 11 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.elfcosmetics.com/7a483afd-4d2d-4132-865d-a94324ad9dbf
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d3033903e78ce63da8ea8f60cd626f6b8c7b062a6b21c67a1581f903344a5f9

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Length: 11040
Content-Type: application/javascript

GET
H2 200 plugin.5.44.0.js
cdn.usehero.com/ Frame DD04 243 KB
77 KB 25ms
25ms Script
application/javascript 2600:9000:246d:f800:13:d6f4:3240:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.usehero.com/plugin.5.44.0.js
Requested by: Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:246d:f800:13:d6f4:3240:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:01:42 GMT
content-encoding: gzip
via: 1.1 298bfd7d0e5de775164fa161b32e71de.cloudfront.net (CloudFront)
last-modified: Mon, 24 Apr 2023 09:02:00 GMT
server: AmazonS3
x-amz-cf-pop: PIT50-P2
age: 1321
x-amz-server-side-encryption: AES256
etag: W/"678de2463b54797b99dc709d66ce0060"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: fGPdd_pJDk2qrbObb-nit1_1wGWFKh2m8tt3TDMYibyQwCaH6PdqGQ==

GET
H3 200 2023-06-NEWARRIVALS_V1_D_3
cdn.media.amplience.net/i/elfcosmetics/ 50 KB
51 KB 47ms
46ms Image
image/webp 2606:4700::6812:12c0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/2023-06-NEWARRIVALS_V1_D_3?%24Desktop%24=&fmt=auto

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12c0 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:23:41 GMT
cf-cache-status: HIT
age: 14890
x-amp-srv: CF
edge-cache-tag: MX0vXfDGE,l4p5bDg2e,mF-g78ke7,ETCSTNABq
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: lkYUR5iVmX
alt-svc: h3=":443"; ma=86400
content-length: 51608
x-xss-protection: 1; mode=block
x-amp-source-height: 840
last-modified: Thu, 22 Jun 2023 11:15:31 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 3200
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 7db57e6f48b70ca8-EWR
x-amp-published: Thu, 08 Jun 2023 19:22:52 GMT

GET
H2 200 runtime_b4ad65fa381da0648767eee58152de5e.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 2 KB
1 KB 59ms
15ms Script
text/javascript 34.98.72.95

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_b4ad65fa381da0648767eee58152de5e.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 09:56:09 GMT
content-encoding: br
age: 19652
x-guploader-uploadid: ADPycdt3BpW7zLH1F-7eYaX9TNIQjN__MeqHGau8dNhWNvcnwbbolbiAWe3-wX8cGx7nky4tJrj73a6wWRKKcY9mNXpHmQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 677
last-modified: Fri, 16 Jun 2023 16:59:39 GMT
server: UploadServer
etag: "eefae9361af612ce4ba4df40b85e8e22"
x-goog-generation: 1683121199273331
x-goog-hash: crc32c=/u+Zbg==, md5=7vrpNhr2Es5LpN9AuF6OIg==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=3600
x-goog-stored-content-length: 677
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 hash
www.paypal.com/credit-presentment/experiments/ Frame E917 40 B
1 KB 139ms
134ms Fetch
text/html 151.101.1.21

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_5db87ce78f_mtu6mjm6nde

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.41.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Thu, 22 Jun 2023 15:23:41 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 0
edge-cache-tag: up-treatments-hash
x-cache: MISS, MISS
paypal-debug-id: f434795607c40
server-timing: "traceparent;desc="00-0000000000000000000f434795607c40-18b8d68c2cf0ddde-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 57
x-xss-protection: 1; mode=block
x-served-by: cache-iad-kjyo7100030-IAD, cache-lga21928-LGA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f434795607c40-4178eadc95b5d9c0-01
x-timer: S1687447421.461813,VS0,VE119
etag: W/"28-G8XGdn/JyVHOrBYGBPST79JRyM0"
vary: Accept-Encoding
content-type: text/html; charset=utf-8
access-control-expose-headers: Server-Timing
cache-control: s-maxage=86400, max-age=0
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 204 dvar
c.contentsquare.net/ 0
319 B 25ms
25ms Image
text/plain 54.198.143.186

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=13.22.0&pid=1926&pn=1&sn=1&uu=d6f5de82-40c9-a29a-d684-2226e2c26e6f&dv=H4sIAAAAAAAAAz3LMQ7CMAyF4atEmTkBG6SAkGCiS6fITa1iybGrJIVWiLuTLozv1%2Fc%2B9o4DzdHubZiC3dmHzilgnRPQ4DNCCs%2BaHcQaRtmciuBCZa35cPRN5y%2BsPbBxKiUpmxZzqa5ZBSIF0xHyYE7LhIlQAub%2F76Zvc5WCsnGnzNBrgkIvNGfiUr2M9vsDJXXoSaMAAAA%3D&ct=2&r=467748
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.198.143.186 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:41 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H3 200 1585410264807282
connect.facebook.net/signals/config/ 300 KB
86 KB 12ms
11ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1585410264807282?v=2.9.108&r=stable

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Jun 2023 15:23:41 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88021
x-xss-protection: 0
pragma: public
x-fb-debug: wPxTR0UDdWfWlTsNI/ZryuXgLFptmL6cuXaTiRpltp8Bn1SIXhxd/ZGyaScfBv6wgUooGL+dVOWTNZL/lG5B8A==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 identify_f7fa8.js
analytics.tiktok.com/i18n/pixel/static/ 114 KB
31 KB 23ms
22ms Script
application/javascript 23.196.3.180

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_f7fa8.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.196.3.180 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-akamai-request-id: 73f0f43
date: Thu, 22 Jun 2023 15:23:41 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20230615120911ED9FE25713CD56A2EC86
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-196-2-180.deploy.akamaitechnologies.com (AkamaiGHost/11.1.2-48827901) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 015adbeff4cefbec4ce29e5f92fe3b2f00e4e411eb1e6c545c5757173892f676a10d620f5f7f63a06a594acaca2070d12558dfee56e4e0c10a127803c398af82a6361712ae7ec7099e797b12a427a3755ed18debd5a9b6a27d205fc27be0645567
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=8
content-length: 30791

POST pixel
analytics.tiktok.com/api/v2/ 0
0

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
549 B 94ms
94ms Ping
text/plain 23.196.3.180

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE4ZjFkYTAyMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.196.3.180 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 22 Jun 2023 15:23:41 GMT
x-akamai-request-id: 73f101b
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 20230622152341DF34313A9A1D33A5675E
x-cache: TCP_MISS from a23-196-2-180.deploy.akamaitechnologies.com (AkamaiGHost/11.1.2-48827901) (-)
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 51,23.196.2.180
x-tt-trace-host: 0180e0563fd48d5bb1dbc36bedbaa7d77436b75638901c6677359ff585c8e52f1553f8053f7dfb208cae12f330f51951b1a4bd0618f6f8136b15cdf39bd17a1467da5aaea32bfa7eb1e5e803830b6b4ef67664d1bdb4e902139430045ab70c7fce
server-timing: inner; dur=41, cdn-cache; desc=MISS, edge; dur=7, origin; dur=51
content-length: 0
expires: Thu, 22 Jun 2023 15:23:41 GMT

GET
H2 200 chunk.716.4b8723ea06c507b268d8.js
cdn.usehero.com/ Frame DD04 809 KB
207 KB 22ms
22ms Script
application/javascript 2600:9000:246d:f800:13:d6f4:3240:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.usehero.com/chunk.716.4b8723ea06c507b268d8.js
Requested by: Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.44.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:246d:f800:13:d6f4:3240:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 15:21:56 GMT
content-encoding: gzip
via: 1.1 298bfd7d0e5de775164fa161b32e71de.cloudfront.net (CloudFront)
last-modified: Mon, 24 Apr 2023 09:02:00 GMT
server: AmazonS3
x-amz-cf-pop: PIT50-P2
age: 908
x-amz-server-side-encryption: AES256
etag: W/"aa28de2ff9294da3f8ff319813cae33b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: JD63jzd5FbTfsDzQYOYnEL_vt5SQTfBpqT0VeGmRvbwhhqmFwS02LQ==

POST logger
www.paypal.com/xoplatform/logger/api/ Frame E917 0
0

POST
H2 200 collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 572 B
637 B 66ms
64ms XHR
application/json 35.190.10.96

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 22 Jun 2023 15:23:41 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 572

GET muse.js
www.paypalobjects.com/muse/ 0
0

GET
H2 200 main-v2_243804a7a16a269e5cbfa28db2382900.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 566 KB
0 16ms
15ms Script
text/javascript 34.98.72.95

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_243804a7a16a269e5cbfa28db2382900.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 00:00:19 GMT
content-encoding: br
age: 55402
x-guploader-uploadid: ADPycduWBA_YBoyUg3AWPsJoHIpnP7efkBG49IlUGrZL1myWOAgmnarbca6JEtNVbkkdc_a4fktpronWmhi26I0E-R8nRQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112175
last-modified: Fri, 16 Jun 2023 16:59:23 GMT
server: UploadServer
etag: "92c4fb0272c248676b63d837c52a30b0"
x-goog-generation: 1686934763519939
x-goog-hash: crc32c=s5IZ3g==, md5=ksT7AnLCSGdrY9g3xSowsA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=3600
x-goog-stored-content-length: 112175
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 cjs_min_75b47138b6892356b3673aaacdf8c6b2.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 73 KB
0 25ms
25ms Script
text/javascript 34.98.72.95

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_75b47138b6892356b3673aaacdf8c6b2.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/?utm_source=Paid_Search&utm_medium=cpc&utm_campaign=connexity&cnxclid=16874474107777942245110080301008005&utm_term=16874474107777942245110080301008005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 00:38:57 GMT
content-encoding: gzip
age: 53084
x-guploader-uploadid: ADPycdv870CfO1uuogFRaUH5SszOvdHSalKY0uX71npEkQUonm3D-h1Le8YaX8sR3T6cLCfkyMwGrp_426xKs4ykh4VYTw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26395
last-modified: Wed, 14 Jun 2023 15:59:23 GMT
server: UploadServer
etag: "56bbf39c785e00478116108489dbb019"
x-goog-generation: 1686758363051834
x-goog-hash: crc32c=/wxHAg==, md5=VrvznHheAEeBFhCEiduwGQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=3600,no-transform
x-goog-stored-content-length: 26395
accept-ranges: bytes
content-type: text/javascript; charset=utf-8

GET /
www.facebook.com/tr/ 0
0

GET PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bat.bing.com
URL: https://bat.bing.com/actionp/0?ti=17135630&Ver=2&mid=26678f22-00c1-4bc3-8969-dad0293584f9&sid=be94c7b0111011ee911a037a50c994ca&vid=be95c4f0111011eeba52833197c8f417&vids=0&msclkid=N&evt=pageHide

Domain: api.ipify.org
URL: https://api.ipify.org/?format=json

Domain: api.ipify.org
URL: https://api.ipify.org/?format=json

Domain: analytics.tiktok.com
URL: https://analytics.tiktok.com/api/v2/pixel

Domain: analytics.tiktok.com
URL: https://analytics.tiktok.com/api/v2/pixel

Domain: www.paypal.com
URL: https://www.paypal.com/xoplatform/logger/api/logger

Domain: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js

Domain: www.facebook.com
URL: https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&rl=https%3A%2F%2Frd.bizrate.com%2F&if=false&ts=1687447421896&sw=1600&sh=1200&v=2.9.108&r=stable&ec=0&o=30&fbp=fb.1.1687447421878.1956088976&ic=fbpixel&it=1687447420398&coo=false&dpo=LDU&dpoco=0&dpost=0&exp=c1&rqm=GET

Domain: www.facebook.com
URL: https://www.facebook.com/tr/?id=1585410264807282&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2F%3Futm_source%3DPaid_Search%26utm_medium%3Dcpc%26utm_campaign%3Dconnexity%26cnxclid%3D16874474107777942245110080301008005%26utm_term%3D16874474107777942245110080301008005&rl=https%3A%2F%2Frd.bizrate.com%2F&if=false&ts=1687447421899&sw=1600&sh=1200&v=2.9.108&r=stable&ec=0&o=30&fbp=fb.1.1687447421878.1956088976&ic=fbpixel&it=1687447420398&coo=false&dpo=LDU&dpoco=0&dpost=0&exp=c3&rqm=GET

Domain: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.myckdom.com/	1970-01-20 17:03:19	Name: rhid Value: 83363632299
.myckdom.com/	1970-01-20 12:44:11	Name: loi Value: ad_1194587_off_638358_aff_12590_cid_374591-ELFDOSMETICS.COM_ts_1687447409
241.trackingms.com/	1970-01-20 17:03:19	Name: rhid Value: 83363623910
.bizrate.com/	1970-01-20 12:45:33	Name: sessionid Value: 620331294861844610
.bizrate.com/	1970-01-20 22:20:07	Name: br Value: 16874474106883950353102030301012194
.bizrate.com/	1970-01-20 12:45:33	Name: _data Value: _time%3A%3Astart_time%3D1687447410%3Btimestamp%3D1687447410%7Ctracker%3A%3Ahtcnt%3D1%3Brf%3Daf1%3Brf2%3D%3Bvsc%3Ddau%3Baf_id%3D725724%3Baf_assettype_id%3D14%3Baf_creative_id%3D2913%3Baf_placement_id%3D186631%7Cdnt%3A%3Aon%3D0%3Bsrc%3D0
.bizrate.com/	1970-01-20 12:45:33	Name: rng Value: 8481910
.bizrate.com/	1970-01-20 13:27:19	Name: redirect_data Value: eyJvIjpbXSwibSI6WzMxNjI4Ml0sImMiOltdLCJiIjpbXX0=
.bizrate.com/	1970-01-20 13:27:19	Name: roi_cookie Value: 16874474107777942245110080301008005%7C316282
.bizrate.com/	1970-01-20 13:27:19	Name: roi_mid_attr Value: 316282%3A316282
.bizrate.com/	1970-01-20 12:45:33	Name: _uetsid Value: be94c7b0111011ee911a037a50c994ca
.bizrate.com/	1970-01-20 22:05:43	Name: _uetvid Value: be95c4f0111011eeba52833197c8f417
.bizrate.com/	1970-01-20 14:53:43	Name: _fbp Value: fb.1.1687447410999.905178697
.exelator.com/	1970-01-20 15:36:55	Name: EE Value: "f11205c34ea791dabcfc4668d82ac684"
.bat.bing.com/	1970-01-20 12:54:12	Name: MR Value: 0
.bing.com/	1970-01-20 22:05:43	Name: MUID Value: 22FA378921FD667A246724B1208F6746
.exelator.com/	1970-01-20 15:36:55	Name: ud Value: "eJxrXxzq6XKLQSHN0NDIwDTZ2CQ10dzSMCUxKTkt2cTMzCLFwigx2czCZHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDQZEl%252BUWb6otDgxUUpaQyLSopPBR8pvAUAspoq8A%253D%253D"
.bizrate.com/	1970-01-20 14:53:43	Name: _gcl_au Value: 1.1.2033011660.1687447411
.yahoo.com/	1970-01-20 21:30:05	Name: A3 Value: d=AQABBHNnlGQCEAqAjMuunbBpdfHycndUTWkFEgEBAQG4lWSeZNxH0iMA_eMAAA&S=AQAAAgwmAhygqIeNz7CGOaBPbS4
.connexity.net/	1970-01-20 22:20:07	Name: COu Value: e86d543df967e2e9-075c4b0be1ad0cd7-20639956bae20601
.doubleclick.net/	1970-01-20 12:44:08	Name: test_cookie Value: CheckForPermission
.connexity.net/	1970-01-20 22:20:07	Name: br Value: 16874474106883950353102030301012194
.connexity.net/	1970-01-20 13:27:19	Name: rf Value: af1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10265292.fls.doubleclick.net
10742279.fls.doubleclick.net
241.trackingms.com
9231397.fls.doubleclick.net
ads.undertone.com
adservice.google.com
analytics.google.com
analytics.tiktok.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.usehero.com
cdnjs.cloudflare.com
clkdeals.com
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
evt.undertone.com
external-api.jebbit.com
geolocation.onetrust.com
go.shopyourlikes.com
googleads.g.doubleclick.net
js.cnnx.link
js.jebbit.com
loadus.exelator.com
myckdom.com
p374591.myckdom.com
pixel.mediaiqdigital.com
pxl.connexity.net
qoe-1.yottaa.net
rd.bizrate.com
rd.connexity.net
s.yimg.com
s5.cnnx.io
sdk.iad-05.braze.com
secure.adnxs.com
sp.analytics.yahoo.com
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
ut.rd.linksynergy.com
websdk.appsflyer.com
www.elfcosmetics.com
www.elfdosmetics.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
analytics.tiktok.com
api.ipify.org
bat.bing.com
www.elfcosmetics.com
www.facebook.com
www.paypal.com
www.paypalobjects.com
104.91.106.8
108.138.106.59
108.138.128.63
108.139.29.103
151.101.1.21
151.101.193.35
151.101.194.133
151.101.66.133
167.172.228.26
172.217.13.134
172.217.13.162
18.164.116.65
18.165.9.43
192.138.218.139
192.138.218.207
2001:4998:14:800::1001
204.141.89.251
204.2.138.109
23.196.3.180
2600:1400:9000::687e:774b
2600:9000:246c:1c00:1b:50c2:4000:93a1
2600:9000:246d:3e00:a:7914:b00:93a1
2600:9000:246d:4a00:15:ad21:c740:93a1
2600:9000:246d:f800:13:d6f4:3240:93a1
2600:9000:246d:fc00:a:b89d:a6c0:93a1
2600:9000:24f4:f800:11:85b0:d600:93a1
2606:4700::6811:190e
2606:4700::6812:12c0
2606:4700::6812:1c26
2606:4700::6812:a972
2607:f8b0:4004:c0b::9d
2607:f8b0:4006:817::2008
2607:f8b0:4020:805::2002
2607:f8b0:4020:805::2004
2607:f8b0:4020:806::200e
2607:f8b0:4020:807::2002
2607:f8b0:4020:807::200e
2620:1ec:c11::200
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
34.102.147.248
34.120.253.250
34.98.67.3
34.98.72.95
35.190.10.96
44.206.147.227
50.16.197.56
52.116.53.146
52.116.53.151
52.117.247.211
52.7.203.140
54.198.143.186
64.19.224.203
68.67.160.26
76.13.32.146
0307f57034ea4316bfa71dbe559a6a2d6b5a8f000d960f56556af721f14ed5d1
065bf2a3ba9ebfe8819d9b727d20bd5c9ce3e0cb9fd927beda94f9ebd9f460e0
08d43f5e6b0bd3e896e1d623ae1e41a37743a31475abc95bebe7bdfe2eee253e
0be44b8963766e88bfb1034f5cf93deb8710ec30e7a54537ff463951c5976234
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
1269d33bcdde87822b0972bff57ff4a298fe893b9369ba45cd73e5e5970e616e
14930c1a6dc59897ee7cab253021ab190f61456cdb8f52d94a59e8a9fe7bec2d
189c3553dfb03e8dddb4a714cf9907e058b7b41478220834d2e2005f1e0dcd89
1a8000cba90ab70a9629e371c509f699b2d1ab1e70415b033b49c4f1fc1a4d23
1c05145d647f2d2c1ade6fa13e8c17e7040d6453418ec35c6058ebaf4ef2c845
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
2031f50d243b7b5e2ca61a6397f38b4d343466452d672b5757882bffdcff9452
25ead3adcd6b8bc328ca607264c011d787f4f3327d73a84a8319ead700043fb7
2709c2d323bd163455dccb7f811c320b67cbfebbd968722bf0d24727ac643045
279ed7486a7793aadadf8e72031f37b1bb2115c71a7b4b6a8b27131015f3b270
28e6b19288d298a5cd1e4e2ea1a52e5034f9adb621963e7908891401c4c5f770
2bcf390b3aec616dd67b8b17527642c5c6d67cff7376d135308e137e8f4db6d9
2e6fdfe0de25d903ebf13597e3ac3615fb3c50df486cdf1da967650fcabae659
31d9ab7fd36728a0af58c751174d1f6f41ae36f0cf044adc3af961f24df31ca7
347017da772d5dc046c1c5764366b21ba07c6ee0944489b9ba057d6909d7d7c4
36c70d0afe98b01d67b3dd9312ceabddac1ee24c3fcb43049e49e2bcd48d0e1a
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45a53939b0fa7df06e02e10297440c1001e71bd0b645a645bb03b414819cb0ea
472353a3ee7eabf8260338c79d87478f9a32cad9400d6ced40f09e112fae45df
476ed3b103bc44510ec6fc58f719d0c509545f9708e1939e1ce69c7fe88b4b1d
49176e40db8c4604cd4943827d3f33e08354459e8f6bb78bf231b18b9dd7bc22
49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d85bbd427574d3293cb9bcc145ffdf4a45d0a36e92709623d1e097b7abb08c3
4e17ed6694cd82df23fc10365f94c89f16d4a1f47892ee2af9166988f2a9f0d0
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
522cbab9fd89a705460042fc0bd7ee66f914fdf0ab14ddc64623ec53362bca35
52ca51ba50f30f67165f513f067d404599a282673eeef2f3cdd805d89a2122dd
5512d21e4851b96efa38e3ae231ef0702628aa5d3ce860042407bede1bd370e4
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
5ef794cecd5d4878b6e1d723ea82a5eea4c7488299c859ada1605b4fedbec8e6
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
68f67143028b523655a80b0d23af0ebfe40c05532797a6193811dba3a21bbe25
692ab68cef0aba36ce1f25764ec529a7f464273dd84241c838b1bbe3e61fa0fb
6a2dbd2fdfcb06e1b82ff03a2d96b4189212111eeaac5fb861ef1cc6c2ac2857
70a9fc601a501dd70eb7dc61e1b9acc6b9f8eff942155337d64d71ee4c71c880
710409116d0d001d3b9c6bb28d8e2f47d16c87a181251744f19212f2966483fc
710d19bac43aa1f1b6fe40669564f027738bde2e5d2c87a55da421d6672eb71f
7d3033903e78ce63da8ea8f60cd626f6b8c7b062a6b21c67a1581f903344a5f9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83df8f5e0b40e899be2fda448877ba73fae2e3a00a1cac3f5f249eadcb4a1246
8a5a02f58a7f7c659cb7e35bd6c573c7392a7ea7842ec3904e7f08b6ead9c719
8ad6b9ce3429f2f6ea0d9cef2b87649f3f0d58771505a71bdf2cac31d914929b
8be37d67656b32b9042de5b3d92c08c111f6f2aca2eed87af7511974b3cfd256
8d45dd50af1abd06acdc8a31d3953997137b8a2e1797a003a733f840c0beeaa9
8dea6b2240fed7b9dccb7a71b05a27a2b41908306b12c498c2c718856568a3cd
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
96e0d25a66bc90dc6fde0804468853149915f75723654b61a369900b4adf3d94
96f9ccb38f340b5924d4d680e251bdba4d7666c2b6ab89d13f7592da9082242f
9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973
9f7a11721a7ed2b9591137afe1a31f31747fe31111e9af6bc21ad1f06f5ffd4d
a3148adeb204b3a8581d4774b05c2c46a9dca4c18e1b183223603ebb53375799
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
aca646c8064506f5d8fe2f67a5b01148cbf65bd18ae115b2c5be1ba1efe76f1c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b9d9c248d1c87f59c7f19b198c5ed7310a4bfd0f57759dd87d649b00ec9fdb5b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcdc28f35dead64b54b18ed2f65344120a16144315970aecd9c974b362ebfea4
bd75fc82e0452f6367f60e8ee24f6bbeea6f03a3434f9495f6bb6c58cc72e95b
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c
c1c59b688b729503dabda26d630bd5918d2d0edd0f59aef4b236951289ade5ea
c7621595baf9ce58a14b78b77f71dd383019e7f96557d74d999b129dca6d2430
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb0586bb284d25fcf033043a119c0e316b486309464ed8e8a900cc2264fcc762
ccdbf46730591775a4e70269ab627c82beb311312eff3810a6793fad993738eb
ce3a84387f58a66cd2db655ee4ae265e900ae781ec390a5acfd477e6b4eb3b11
cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4
cfb97a9e2be03bf9bc1dee523f313c5142afcde7181633af8d6ff9b5db23e8f3
d0378a645135b5fad164b74ac57bc9f68576ea14406e9de438ce8b22ec6bfb76
d1f4a16b9a9937fc5f54319087933fc87d5a89f328acdd0ea67fd8017828d998
d2d4be2f237523bdc178e33accae416221573d3b5910bca41768ae5925fa5a59
d30617b516a30062ca314c2c5f7fe5b9b37b6cc76b1a965b5199862197301608
d72fd60408cb643b1fca3c304182cce805dad66d265eb09a03bb13d0d7aee8c4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfc983293c9baf693a719da3c69be679cbe8aea18c8f35a7abfef41f14800e9c
e1db65105cc7ffef21f85ac58b8f18474cbc8271c391cd7754270ca0c543b673
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4164edd6af46ad5e9c02a482bdcd2a9c3e9eb199cee06bcd12cc751ce73de87
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6653e294df9149fb2362d65f4cafdaba521dffae28928fef89cdcb191e7e4a
f8731a865cc1c16ab41c929f24d07658ecca3e8c9121a09c2b47e2f2d19166ea
f983d0417df7858b3bd80f1614a86ab25c9a361121105d73c48437a961ddb410
fb65df3addf9cb9646d6cd110d58ccd03d36491425d6759651126aea244bd1af
fbf7f1570824ce63dbca86c4d191157942f89544220473cdcb1919a355c3407d
fc8d41e10511db4330dad249535baf3a245cd0737bb96419eaffff0b67f99313
feaed7d61395f2ed0c2a6e3db3747fa5c0a97143003efeb38032ac87440a71cf
ff5ecb47d9c91dbc5d0479fded7574252c95601160e31ffd3b82807de3f20e75

www.elfcosmetics.com Open in urlscan Pro 204.2.138.109 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

158 Requests

89 %HTTPS

40 %IPv6

45 Domains

61 Subdomains

52 IPs

1 Countries

5821 kBTransfer

15002 kBSize

23 Cookies

0 Outgoing links

Page URL History

Redirected requests

158 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

www.elfcosmetics.com Open in urlscan Pro
204.2.138.109 Public Scan

Screenshot
Live screenshot

Full Image

158
Requests

89 %
HTTPS

40 %
IPv6

45
Domains

61
Subdomains

52
IPs

1
Countries

5821 kB
Transfer

15002 kB
Size

23
Cookies

158 HTTP transactions
3 data transactions