urlscan.io logo urlscan.io
SecurityTrails logo

df-toys.com Open in urlscan Pro
23.227.38.66  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://df-toys.com/
Effective URL: https://df-toys.com/
Submission: On January 31 via manual from JP — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 26 HTTP transactions. The main IP is 23.227.38.66, located in Sydney, Australia and belongs to CLOUDFLARENET, US. The main domain is df-toys.com.
TLS certificate: Issued by R3 on January 28th 2022. Valid for: 3 months.
This is the only time df-toys.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 23.227.38.66 13335 (CLOUDFLAR...)
17 2a04:4e42:200... 54113 (FASTLY)
6 104.198.248.251 15169 (GOOGLE)
1 52.59.49.236 16509 (AMAZON-02)
1 13.225.230.69 16509 (AMAZON-02)
26 5
2    23.227.38.66 (Sydney, Australia)

ASN13335 (CLOUDFLARENET, US)
df-toys.com
17    2a04:4e42:200::268 (United States)

ASN54113 (FASTLY, US)
cdn.shopify.com
fonts.shopifycdn.com
6    104.198.248.251 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 251.248.198.104.bc.googleusercontent.com
monorail-edge.shopifysvc.com
1    52.59.49.236 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-49-236.eu-central-1.compute.amazonaws.com
init.grizzlyapps.com
1    13.225.230.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-230-69.jfk51.r.cloudfront.net
currency.grizzlyapps.com
Apex Domain
Subdomains		 Transfer
13 shopify.com
cdn.shopify.com — Cisco Umbrella Rank: 2302
325 KB
6 shopifysvc.com
monorail-edge.shopifysvc.com — Cisco Umbrella Rank: 3022
3 KB
4 shopifycdn.com
fonts.shopifycdn.com — Cisco Umbrella Rank: 4851
78 KB
2 grizzlyapps.com
init.grizzlyapps.com — Cisco Umbrella Rank: 38151
currency.grizzlyapps.com — Cisco Umbrella Rank: 63908
3 KB
2 df-toys.com
df-toys.com
18 KB
26 5
Domain Requested by
13 cdn.shopify.com df-toys.com
6 monorail-edge.shopifysvc.com cdn.shopify.com
4 fonts.shopifycdn.com df-toys.com
2 df-toys.com 1 redirects
1 currency.grizzlyapps.com cdn.shopify.com
1 init.grizzlyapps.com cdn.shopify.com
26 6

This site contains links to these domains. Also see Links.

Domain
df-toys.myshopify.com
www.shopify.com
Subject Issuer Validity Valid
df-toys.com
R3		 2022-01-28 -
2022-04-28		 3 months crt.sh
cdn.shopify.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-04-20 -
2022-05-22		 a year crt.sh
monorail-edge.shopifysvc.com
R3		 2022-01-30 -
2022-04-30		 3 months crt.sh
grizzlyapps.com
Amazon		 2022-01-25 -
2023-02-21		 a year crt.sh

This page contains 1 frames:

Primary Page: https://df-toys.com/
Frame ID: D6E7508380135FFE77C61068DEB575CB
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DF toys - Fidgets and Stress Reliefing ToysPayPalPayPal

Page URL History Show full URLs

  1. http://df-toys.com/ HTTP 301
    https://df-toys.com/ Page URL

Detected technologies

Overall confidence: 25%
Detected patterns
  • <link[^>]+=['"]//cdn\.shopify\.com

Page Statistics

26
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

425 kB
Transfer

1055 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://df-toys.com/ HTTP 301
    https://df-toys.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
df-toys.com/
Redirect Chain
  • http://df-toys.com/
  • https://df-toys.com/
59 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.66 Sydney, Australia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b438bc64eb66d299db02ced0d49189d0e49b5fc09a15b092f1322fdab4fd51d
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
content-type
text/html; charset=utf-8
x-sorting-hat-podid
247
x-sorting-hat-shopid
62494343416
x-storefront-renderer-rendered
1
link
<https://cdn.shopify.com>; rel=preconnect, <https://cdn.shopify.com>; rel=preconnect; crossorigin
x-alternate-cache-key
cacheable:2c06e8c83776f9353f6cfacd6ca1325d
x-cache
miss
x-frame-options
DENY
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
strict-transport-security
max-age=7889238
x-shopid
62494343416
x-shardid
247
vary
Accept
content-language
en
x-shopify-stage
production
x-dc
gcp-us-central1,gcp-us-central1,gcp-us-central1
x-request-id
d9ee94b0-7004-4929-a0bf-862f0717595d
x-download-options
noopen
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6d6124840c6b3fdf-YYZ
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date
Mon, 31 Jan 2022 07:14:21 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Sorting-Hat-PodId
247
X-Sorting-Hat-ShopId
62494343416
X-Storefront-Renderer-Rendered
1
Location
https://df-toys.com/
X-Frame-Options
DENY
Content-Security-Policy
frame-ancestors 'none';
X-ShopId
62494343416
X-ShardId
247
Vary
Accept
X-Shopify-Stage
production
X-Dc
gcp-us-central1,gcp-us-central1,gcp-us-central1
X-Request-ID
8ecfe977-aede-45da-ae81-ee024c3009a4
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
X-Download-Options
noopen
CF-Cache-Status
DYNAMIC
Server
cloudflare
CF-RAY
6d6124834bb5f989-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
theme.css
cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/ 		184 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/theme.css?v=13661997104517498723
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
d4bdd928794076f80a152959f8a252d6a47a3c7cc28749d557ea82d9fd38e1a2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, MISS
server-timing
cdn;dur=0.956,cdnPop;desc=LGA,cdnCache;desc=HIT-CLUSTER, cdn;dur=9.729,cdnPop;desc=YUL,cdnCache;desc=MISS-CLUSTER,cdnOriginTTFB;dur=8.880,cdnOriginTTLB;dur=9.639
content-length
25834
x-xss-protection
1; mode=block
x-request-id
6e52411eeb8aed02d5e5966da4a28266
x-served-by
cache-lga21926-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.707938,VS0,VE10
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/theme.css>; rel="canonical"
x-cache-hits
1, 0
helvetica_n7.39bee04bd277a9c4e94e2fd42d53f4e3c0afb8a5.woff2
fonts.shopifycdn.com/helvetica/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.shopifycdn.com/helvetica/helvetica_n7.39bee04bd277a9c4e94e2fd42d53f4e3c0afb8a5.woff2?h1=ZGYtdG95cy5jb20&hmac=946b86a47a69f3f40a4164f812e8e77022191a20e1680082927d655ee46c929f
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
9c5529d40c44a9fc7a7325d3db1ef37b56c0a210d0c4ee3cef18e76cdaf73d79

Request headers

Referer
https://df-toys.com/
Origin
https://df-toys.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
via
1.1 varnish
age
20463658
x-guploader-uploadid
ABg5-UzrjqwHw1fr6YTTSkB6Ope_ErwDlv4-N2fKEPMGWsCdxXELGFkACbLiW8_8c_9Cu14AaVcNbH2_Nuk9RE6JY-A
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
content-length
18784
x-request-id
fed213f65aaa36f63ccd484468c713770c58961f0c397ba062ebedd81886b201
x-served-by
cache-yul12826-YUL
last-modified
Fri, 12 Mar 2021 23:12:55 GMT
server
UploadServer
x-timer
S1643613262.736782,VS0,VE0
etag
"48bdbd2fdba819c4761d8eaf7948ffce"
x-goog-hash
crc32c=VRUSUA==, md5=SL29L9uoGcR2HY6veUj/zg==
content-type
font/woff2
access-control-allow-origin
*
expires
Wed, 08 Jun 2022 10:53:26 GMT
cache-control
max-age=2629800, immutable
accept-ranges
bytes
x-cache-hits
241235
helvetica_n4.fe093fe9ca22a15354813c912484945a36b79146.woff2
fonts.shopifycdn.com/helvetica/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.shopifycdn.com/helvetica/helvetica_n4.fe093fe9ca22a15354813c912484945a36b79146.woff2?h1=ZGYtdG95cy5jb20&hmac=b185483d0952f3f9aa048e7fd478ed7890372d62d884f2576f4fff179ac8af18
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
de60693f31597c2ec2c1bd972d15900b6bb7be2bcc19db7b71bd171469b7dbe0

Request headers

Referer
https://df-toys.com/
Origin
https://df-toys.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
via
1.1 varnish
age
20463782
x-guploader-uploadid
ABg5-UzD02c0m3VxFeLmJ-uiLBvYK0sujIXIgBdYA4_D8XWecypbmkVMen7-yfNTvneHKjBjMeQXlLUC-wYxhNWSX-E
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
content-length
19252
x-request-id
f1f4ec0a334af03096f8a5e03314e33a316faef8610bd639b426ff4cf860517e
x-served-by
cache-yul12826-YUL
last-modified
Fri, 12 Mar 2021 23:13:01 GMT
server
UploadServer
x-timer
S1643613262.736842,VS0,VE0
etag
"3081ae959e35d7dfa394138443e9095e"
x-goog-hash
crc32c=hyVkqg==, md5=MIGulZ4119+jlBOEQ+kJXg==
content-type
font/woff2
access-control-allow-origin
*
expires
Wed, 08 Jun 2022 10:51:19 GMT
cache-control
max-age=2629800, immutable
accept-ranges
bytes
x-cache-hits
278034
theme.js
cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/ 		147 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/theme.js?v=1620357353731639952
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
ba61b99a80578af6dc0b3849a5fdf47631c1c9f2bc1afdd3dbdafc000cbfe4bb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, MISS
server-timing
cdn;dur=1.050,cdnPop;desc=LGA,cdnCache;desc=HIT-CLUSTER, cdn;dur=9.856,cdnPop;desc=YUL,cdnCache;desc=MISS-CLUSTER,cdnOriginTTFB;dur=8.905,cdnOriginTTLB;dur=9.728
content-length
33140
x-xss-protection
1; mode=block
x-request-id
efe7101703f06f4af0e3285752d6ce66
x-served-by
cache-lga21949-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.707994,VS0,VE10
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/theme.js>; rel="canonical"
x-cache-hits
1, 0
lazysizes.js
cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/lazysizes.js?v=6309855486832407013
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
345e202180a3b8c72826eb9b48b2d1c610e60c34065794091438dbe29e343868
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, MISS
server-timing
cdn;dur=0.892,cdnPop;desc=LGA,cdnCache;desc=HIT-CLUSTER, cdn;dur=11.577,cdnPop;desc=YUL,cdnCache;desc=MISS-CLUSTER,cdnOriginTTFB;dur=10.975,cdnOriginTTLB;dur=11.493
content-length
7972
x-xss-protection
1; mode=block
x-request-id
9c13a26498c15d3149c4769372949a73
x-served-by
cache-lga21978-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.708047,VS0,VE12
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/lazysizes.js>; rel="canonical"
x-cache-hits
1, 0
load_feature-7e72fb4d14f06d60c57306b80dc146f0ecdbe4e4c0941f4f3537bee4d54314af.js
cdn.shopify.com/shopifycloud/shopify/assets/storefront/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-7e72fb4d14f06d60c57306b80dc146f0ecdbe4e4c0941f4f3537bee4d54314af.js
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12826-YUL /
Resource Hash
7e72fb4d14f06d60c57306b80dc146f0ecdbe4e4c0941f4f3537bee4d54314af
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://df-toys.com/
Origin
https://df-toys.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
server-timing
cdn;dur=0.126,cdnPop;desc=YUL,cdnCache;desc=HIT
content-length
2784
x-xss-protection
1; mode=block
x-request-id
40863c41d14decd3d009d20df3b1a890
x-served-by
cache-lga21946-LGA, cache-yul12826-YUL
server
cache-yul12826-YUL
x-timer
S1643613262.718780,VS0,VE0
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-7e72fb4d14f06d60c57306b80dc146f0ecdbe4e4c0941f4f3537bee4d54314af.js>; rel="canonical"
x-cache-hits
1, 908674
features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js
cdn.shopify.com/shopifycloud/shopify/assets/storefront/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12826-YUL /
Resource Hash
87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://df-toys.com/
Origin
https://df-toys.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
server-timing
cdn;dur=0.115,cdnPop;desc=YUL,cdnCache;desc=HIT
content-length
12298
x-xss-protection
1; mode=block
x-request-id
e2306559e74cd241e094843a1c9af675
x-served-by
cache-lga21941-LGA, cache-yul12826-YUL
server
cache-yul12826-YUL
x-timer
S1643613262.718835,VS0,VE0
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js>; rel="canonical"
x-cache-hits
1, 869952
trekkie.storefront.647c2919818f277355088162b8bd758d62aa4fb4.min.js
cdn.shopify.com/s/ 		77 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/trekkie.storefront.647c2919818f277355088162b8bd758d62aa4fb4.min.js
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
8c0a3eb6d195387da42fc53189e9a32aae778727ef7ddf261a3ad84ef17ded04
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
server-timing
cdn;dur=0.118,cdnPop;desc=YUL,cdnCache;desc=HIT
content-length
16026
x-xss-protection
1; mode=block
x-request-id
ae4549c3cedc3742adacfe174e9386a3
x-served-by
cache-lga21972-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.708124,VS0,VE0
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/trekkie.storefront.647c2919818f277355088162b8bd758d62aa4fb4.min.js>; rel="canonical"
x-cache-hits
1, 571141
shop_events_listener-53e1c676e346080489adfcb36af1739b2d334a9e308c6ff2d84d3de1bc4e6ce0.js
cdn.shopify.com/shopifycloud/shopify/assets/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-53e1c676e346080489adfcb36af1739b2d334a9e308c6ff2d84d3de1bc4e6ce0.js
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
53e1c676e346080489adfcb36af1739b2d334a9e308c6ff2d84d3de1bc4e6ce0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
server-timing
cdn;dur=0.137,cdnPop;desc=YUL,cdnCache;desc=HIT
content-length
2437
x-xss-protection
1; mode=block
x-request-id
5afb1c87ed82cfb306c03b259f543edd
x-served-by
cache-lga21946-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.724198,VS0,VE0
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-53e1c676e346080489adfcb36af1739b2d334a9e308c6ff2d84d3de1bc4e6ce0.js>; rel="canonical"
x-cache-hits
1, 907968
helvetica_o7.215fd4ca1a06214fa01e44328a1992c977700ea2.woff2
fonts.shopifycdn.com/helvetica/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.shopifycdn.com/helvetica/helvetica_o7.215fd4ca1a06214fa01e44328a1992c977700ea2.woff2?h1=ZGYtdG95cy5jb20&hmac=aab84a1353756d49b5f8498e6b06caa54c37d638fc2c2f33b5f735821ed3e544
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
0293a57ff9ff592c10f322f76c837569d9cb3e7b0d52b8226d5a52903e494f4b

Request headers

Referer
https://df-toys.com/
Origin
https://df-toys.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
via
1.1 varnish
age
20463446
x-guploader-uploadid
ABg5-UznpTvEQgsB0DOaLs3ugdtYEQIQbw1qy6JMblwlUf2cRbIgCaC1pfJrm79Re_DqNhghi7THzYr_Zk2md6CqdY8
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
content-length
19996
x-request-id
91f759edef6b973bf95fca7c848fc08213ab081a13f91a37b24611b6831c2722
x-served-by
cache-yul12826-YUL
last-modified
Fri, 12 Mar 2021 23:13:02 GMT
server
UploadServer
x-timer
S1643613262.736904,VS0,VE0
etag
"137a13ea27f86838fe9716f142bc394c"
x-goog-hash
crc32c=VYEfUA==, md5=E3oT6if4aDj+lxbxQrw5TA==
content-type
font/woff2
access-control-allow-origin
*
expires
Wed, 08 Jun 2022 10:56:54 GMT
cache-control
max-age=2629800, immutable
accept-ranges
bytes
x-cache-hits
26924
helvetica_o4.f9832a0fc1ee8fc5a359636e410d6941e1e4ca03.woff2
fonts.shopifycdn.com/helvetica/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.shopifycdn.com/helvetica/helvetica_o4.f9832a0fc1ee8fc5a359636e410d6941e1e4ca03.woff2?h1=ZGYtdG95cy5jb20&hmac=464bcc85bf5d5b4867269003e115e7a5b70158e08dc083a877c8642f35bb5dd8
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
d8589996007b2539afd944b637a56b5ae05ac1c043002518530f2bc4f491584e

Request headers

Referer
https://df-toys.com/
Origin
https://df-toys.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
via
1.1 varnish
age
20463652
x-guploader-uploadid
ABg5-Uzbq2ShiPEkHh2_1g7w9EG2c4nxOiSwWVdKNp3SLIeSLgxAAKluO1ZIUJgwQ7R2-tnk7cbLWTwUOaKsXChn3QM
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
content-length
20468
x-request-id
aef7fd95b55756d0cae3642317c5de45fccc4f9698a21c1cc4b08d6326964551
x-served-by
cache-yul12826-YUL
last-modified
Fri, 12 Mar 2021 23:12:52 GMT
server
UploadServer
x-timer
S1643613262.779334,VS0,VE0
etag
"0db3f39099bc84f6562b0e3ab5253bd6"
x-goog-hash
crc32c=t1lqAw==, md5=DbPzkJm8hPZWKw46tSU71g==
content-type
font/woff2
access-control-allow-origin
*
expires
Wed, 08 Jun 2022 10:53:31 GMT
cache-control
max-age=2629800, immutable
accept-ranges
bytes
x-cache-hits
100047
produce_batch
monorail-edge.shopifysvc.com/unstable/ 		0
472 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.647c2919818f277355088162b8bd758d62aa4fb4.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.248.251 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
251.248.198.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://df-toys.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
x-dc
gcp-us-central1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://df-toys.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
ef472af0-6851-4482-a77c-2becf5756173
shopify-boomerang-1.0.0.min.js
cdn.shopify.com/shopifycloud/boomerang/ 		58 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
05e860282448aa41ddb62c2aac9a52419bca04935f242b171553cbe69b5e9b2f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
MISS, HIT
server-timing
cdn;dur=0.142,cdnPop;desc=YUL,cdnCache;desc=HIT
content-length
17403
x-xss-protection
1; mode=block
x-request-id
f5815b451df217df0aea6f176212deeb
x-served-by
cache-lga21933-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.936016,VS0,VE0
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=3600, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js>; rel="canonical"
x-cache-hits
1, 453101
produce_batch
monorail-edge.shopifysvc.com/unstable/ 		0
473 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.647c2919818f277355088162b8bd758d62aa4fb4.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.248.251 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
251.248.198.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://df-toys.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
x-dc
gcp-us-central1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://df-toys.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
c3be87d8-58c8-47c4-a00f-280d7cc48ef1
produce_batch
monorail-edge.shopifysvc.com/unstable/ 		0
472 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.647c2919818f277355088162b8bd758d62aa4fb4.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.248.251 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
251.248.198.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://df-toys.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
x-dc
gcp-us-central1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://df-toys.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
9431f61f-f449-42c0-b58c-62f42c21cb26
produce_batch
monorail-edge.shopifysvc.com/unstable/ 		0
472 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.647c2919818f277355088162b8bd758d62aa4fb4.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.248.251 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
251.248.198.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://df-toys.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
x-dc
gcp-us-central1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://df-toys.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
629782f9-7d18-4c6e-8802-d31988bfa618
111_360x.png
cdn.shopify.com/s/files/1/0624/9434/3416/files/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/s/files/1/0624/9434/3416/files/111_360x.png?v=1643365977
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
13d0aefc6c86b9658ab1d1bb54a9f99014b785b041cca86d0ab81259cb64ce05
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, MISS
server-timing
cdn;dur=1.004,cdnPop;desc=LGA,cdnCache;desc=HIT-CLUSTER, cdn;dur=9.698,cdnPop;desc=YUL,cdnCache;desc=MISS-CLUSTER,cdnOriginTTFB;dur=8.990,cdnOriginTTLB;dur=9.627
content-length
21940
x-xss-protection
1; mode=block
x-request-id
0a60f306fffd9737a66afa7e59bdc7f4
x-served-by
cache-lga21967-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.959840,VS0,VE10
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0624/9434/3416/files/111_360x.png>; rel="canonical"
x-cache-hits
1, 0
S155bac1284a54dcf811732eb5b4bf11bM_ccexpress_1_540x.png
cdn.shopify.com/s/files/1/0624/9434/3416/files/ 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/s/files/1/0624/9434/3416/files/S155bac1284a54dcf811732eb5b4bf11bM_ccexpress_1_540x.png?v=1643373169
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
32ba640c12b335158a6a8102a6b0991e6091ae78daf6bf09677d517acf50fb2c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, MISS
server-timing
cdn;dur=1.356,cdnPop;desc=LGA,cdnCache;desc=HIT-CLUSTER, cdn;dur=12.619,cdnPop;desc=YUL,cdnCache;desc=MISS-CLUSTER,cdnOriginTTFB;dur=11.593,cdnOriginTTLB;dur=12.528
content-length
62202
x-xss-protection
1; mode=block
x-request-id
b41442dc071624c86e1ec8f1535d84ee
x-served-by
cache-lga21948-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.959876,VS0,VE13
date
Mon, 31 Jan 2022 07:14:21 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0624/9434/3416/files/S155bac1284a54dcf811732eb5b4bf11bM_ccexpress_1_540x.png>; rel="canonical"
x-cache-hits
1, 0
produce_batch
monorail-edge.shopifysvc.com/unstable/ 		0
472 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.647c2919818f277355088162b8bd758d62aa4fb4.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.248.251 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
251.248.198.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://df-toys.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 31 Jan 2022 07:14:21 GMT
x-dc
gcp-us-central1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://df-toys.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
1a935924-8487-4b28-b590-99974e3c987c
ginit.js
cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/ 		145 B
498 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/ginit.js?v=1643372049&shop=df-toys.myshopify.com
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
274d5fb85509cc335d9dea719ca7f235db565cdc0a2b7b7580e9e14215dcf0b6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, MISS
server-timing
cdn;dur=99.628,cdnPop;desc=LGA,cdnCache;desc=HIT-CLUSTER, cdn;dur=108.264,cdnPop;desc=YUL,cdnCache;desc=MISS-CLUSTER,cdnOriginTTFB;dur=107.582,cdnOriginTTLB;dur=108.184
content-length
124
x-xss-protection
1; mode=block
x-request-id
a9c6f1f073e0392bddac573d4efc9601
x-served-by
cache-lga21971-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.992068,VS0,VE108
date
Mon, 31 Jan 2022 07:14:22 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/ginit.js>; rel="canonical"
x-cache-hits
1, 0
doubly.js
cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/ 		228 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/doubly.js?v=1643372060&shop=df-toys.myshopify.com
Requested by
Host: df-toys.com
URL: https://df-toys.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
fd95a87cd67d6fc547c77c3bd61dc3282c241df17907f160ce13b555da1c7b59
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, MISS
server-timing
cdn;dur=1.153,cdnPop;desc=LGA,cdnCache;desc=HIT-CLUSTER, cdn;dur=10.142,cdnPop;desc=YUL,cdnCache;desc=MISS-CLUSTER,cdnOriginTTFB;dur=9.197,cdnOriginTTLB;dur=10.062
content-length
58060
x-xss-protection
1; mode=block
x-request-id
c67ed6a1c9627cfb1e386eb099574e1f
x-served-by
cache-lga21950-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.993402,VS0,VE10
date
Mon, 31 Jan 2022 07:14:22 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/doubly.js>; rel="canonical"
x-cache-hits
1, 0
9e32c84f0db4f7b1eb40c32bdb0bdea9
init.grizzlyapps.com/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://init.grizzlyapps.com/9e32c84f0db4f7b1eb40c32bdb0bdea9
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-53e1c676e346080489adfcb36af1739b2d334a9e308c6ff2d84d3de1bc4e6ce0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.59.49.236 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-59-49-236.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b84ee29ddcf5e3a9014a1536d20ca398a0ddb624bcd7cfda6bc18b9efb9966bd

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://df-toys.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 07:14:22 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
OPTIONS, GET
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=10800
83d400c612f9a099fab8f76dcab73a48
currency.grizzlyapps.com/ 		44 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://currency.grizzlyapps.com/83d400c612f9a099fab8f76dcab73a48
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-53e1c676e346080489adfcb36af1739b2d334a9e308c6ff2d84d3de1bc4e6ce0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.230.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-230-69.jfk51.r.cloudfront.net
Software
nginx /
Resource Hash
d99331726b14c1bb004c968f45d8fb4be701dfec9d0461631bd9fc368a7c8170
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src https://cdn.shopify.com/s/assets/proximanova-light-webfont-e6430437995babc47dc22c8802bfb453.woff https://cdn.shopify.com/s/assets/proximanova-light-webfont-69a1a87422762da58ae3d6c3f063006b.ttf; form-action 'self'; frame-ancestors 'self' https://*.myshopify.com; img-src 'self' data:; script-src 'self' 'unsafe-inline' https://cdn.shopify.com/s/assets/external/app.js https://cdn.shopify.com/s/javascripts/tricorder/trekkie.easdk.min.js; style-src 'self' 'unsafe-inline'
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://df-toys.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 07:14:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
JFK51-C1
via
1.1 086617c9385713660fb060f989a2a626.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
server
nginx
x-download-options
noopen
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
content-security-policy
default-src 'self'; font-src https://cdn.shopify.com/s/assets/proximanova-light-webfont-e6430437995babc47dc22c8802bfb453.woff https://cdn.shopify.com/s/assets/proximanova-light-webfont-69a1a87422762da58ae3d6c3f063006b.ttf; form-action 'self'; frame-ancestors 'self' https://*.myshopify.com; img-src 'self' data:; script-src 'self' 'unsafe-inline' https://cdn.shopify.com/s/assets/external/app.js https://cdn.shopify.com/s/javascripts/tricorder/trekkie.easdk.min.js; style-src 'self' 'unsafe-inline'
x-amz-cf-id
eB-8bUJJp5WglrFiRbwg5B2vP_PNH86QQNq7iMYMrsUYydbnR0X3_A==
currency-flags.png
cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/currency-flags.png?v=1643372053
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12827-YUL /
Resource Hash
93346fb89758bb4256b7b9ca3e2e5fb92e6310d286e6ebe4a2d116540947f9b4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://df-toys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, MISS
server-timing
cdn;dur=1.306,cdnPop;desc=LGA,cdnCache;desc=HIT-CLUSTER, cdn;dur=12.484,cdnPop;desc=YUL,cdnCache;desc=MISS-CLUSTER,cdnOriginTTFB;dur=11.466,cdnOriginTTLB;dur=12.416
content-length
65580
x-xss-protection
1; mode=block
x-request-id
ccb651e6801d99437d79635d59ad303d
x-served-by
cache-lga21939-LGA, cache-yul12827-YUL
server
cache-yul12827-YUL
x-timer
S1643613262.397240,VS0,VE12
date
Mon, 31 Jan 2022 07:14:22 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0624/9434/3416/t/3/assets/currency-flags.png>; rel="canonical"
x-cache-hits
1, 0
produce
monorail-edge.shopifysvc.com/v1/ 		0
472 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.248.251 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
251.248.198.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://df-toys.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 31 Jan 2022 07:14:23 GMT
x-dc
gcp-us-central1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://df-toys.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
2743b908-08e0-4e46-a95a-8b0b7b45d850

Verdicts & Comments Add Verdict or Comment

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| onLoadStylesheet object| theme undefined| scripts undefined| polyfill object| Shopify object| __st boolean| ShopifyPaypalV4VisibilityTracking object| meta string| attr object| ShopifyAnalytics object| trekkie object| selectors function| onYouTubeIframeAPIReady function| removeImageLoadingAnimation object| slate function| Modals function| gm_authFailure object| __core-js_shared__ object| core object| recoverHeading object| recoverEmail object| loginHeading object| lazySizesConfig object| lazySizes object| _visit object| BOOMR number| BOOMR_onload number| visuallyReady boolean| loadjQueryGrizzly boolean| forceJqueryLoad undefined| vernums function| jQueryGrizzly object| DoublyGlobalCurrency boolean| catchXHR string| CurrenciesJSON function| $ boolean| initBestCurrencyConverter function| Cookies

10 Cookies

Domain/Path Name / Value
df-toys.com/ Name: secure_customer_sig
Value:
.df-toys.com/ Name: _orig_referrer
Value:
.df-toys.com/ Name: _landing_page
Value: %2F
.df-toys.com/ Name: _y
Value: b6b30c5a-05d4-41a9-80fc-f8c895dd60fe
.df-toys.com/ Name: _s
Value: fbcf444c-6bc6-4c66-862b-54bb6192416f
.df-toys.com/ Name: _shopify_y
Value: b6b30c5a-05d4-41a9-80fc-f8c895dd60fe
.df-toys.com/ Name: _shopify_s
Value: fbcf444c-6bc6-4c66-862b-54bb6192416f
.df-toys.com/ Name: _shopify_sa_t
Value: 2022-01-31T07%3A14%3A21.913Z
.df-toys.com/ Name: _shopify_sa_p
Value:
.df-toys.com/ Name: _g1643372046
Value: Q0FE

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.shopify.com
currency.grizzlyapps.com
df-toys.com
fonts.shopifycdn.com
init.grizzlyapps.com
monorail-edge.shopifysvc.com
104.198.248.251
13.225.230.69
23.227.38.66
2a04:4e42:200::268
52.59.49.236
0293a57ff9ff592c10f322f76c837569d9cb3e7b0d52b8226d5a52903e494f4b
05e860282448aa41ddb62c2aac9a52419bca04935f242b171553cbe69b5e9b2f
13d0aefc6c86b9658ab1d1bb54a9f99014b785b041cca86d0ab81259cb64ce05
1b438bc64eb66d299db02ced0d49189d0e49b5fc09a15b092f1322fdab4fd51d
274d5fb85509cc335d9dea719ca7f235db565cdc0a2b7b7580e9e14215dcf0b6
32ba640c12b335158a6a8102a6b0991e6091ae78daf6bf09677d517acf50fb2c
345e202180a3b8c72826eb9b48b2d1c610e60c34065794091438dbe29e343868
53e1c676e346080489adfcb36af1739b2d334a9e308c6ff2d84d3de1bc4e6ce0
7e72fb4d14f06d60c57306b80dc146f0ecdbe4e4c0941f4f3537bee4d54314af
87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae
8c0a3eb6d195387da42fc53189e9a32aae778727ef7ddf261a3ad84ef17ded04
93346fb89758bb4256b7b9ca3e2e5fb92e6310d286e6ebe4a2d116540947f9b4
9c5529d40c44a9fc7a7325d3db1ef37b56c0a210d0c4ee3cef18e76cdaf73d79
b84ee29ddcf5e3a9014a1536d20ca398a0ddb624bcd7cfda6bc18b9efb9966bd
ba61b99a80578af6dc0b3849a5fdf47631c1c9f2bc1afdd3dbdafc000cbfe4bb
d4bdd928794076f80a152959f8a252d6a47a3c7cc28749d557ea82d9fd38e1a2
d8589996007b2539afd944b637a56b5ae05ac1c043002518530f2bc4f491584e
d99331726b14c1bb004c968f45d8fb4be701dfec9d0461631bd9fc368a7c8170
de60693f31597c2ec2c1bd972d15900b6bb7be2bcc19db7b71bd171469b7dbe0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fd95a87cd67d6fc547c77c3bd61dc3282c241df17907f160ce13b555da1c7b59