urlscan.io logo urlscan.io
SecurityTrails logo

shop.app Open in urlscan Pro
23.227.38.33  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://shop-accounts-staging.shopifycloud.com/
Effective URL: https://shop.app/
Submission: On October 11 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 28 HTTP transactions. The main IP is 23.227.38.33, located in Canada and belongs to CLOUDFLARENET, US. The main domain is shop.app.
TLS certificate: Issued by R3 on September 27th 2021. Valid for: 3 months.
This is the only time shop.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.75.215.233 396982 (GOOGLE-PR...)
4 23.227.38.33 13335 (CLOUDFLAR...)
21 2a04:4e42::268 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
1 104.198.248.251 15169 (GOOGLE)
28 4
1    34.75.215.233 (North Charleston, United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 233.215.75.34.bc.googleusercontent.com
shop-accounts-staging.shopifycloud.com
4    23.227.38.33 (Canada)

ASN13335 (CLOUDFLARENET, US)
PTR: checkout.shopify.com
shop.app
21    2a04:4e42::268 (United States)

ASN54113 (FASTLY, US)
cdn.shopify.com
2    2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    104.198.248.251 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 251.248.198.104.bc.googleusercontent.com
monorail-edge.shopifysvc.com
Domain Requested by
21 cdn.shopify.com shop.app
cdn.shopify.com
4 shop.app shop.app
2 www.google-analytics.com cdn.shopify.com
www.google-analytics.com
1 monorail-edge.shopifysvc.com cdn.shopify.com
1 shop-accounts-staging.shopifycloud.com 1 redirects
28 5

This site contains links to these domains. Also see Links.

Domain
www.shopify.com
qvay.app.link
twitter.com
instagram.com
Subject Issuer Validity Valid
shop.app
R3		 2021-09-27 -
2021-12-26		 3 months crt.sh
cdn.shopify.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-04-20 -
2022-05-22		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
monorail-edge.shopifysvc.com
R3		 2021-10-04 -
2022-01-02		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://shop.app/
Frame ID: DA6551013DD902B2D5062B99B378F3A8
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Shop is a new online shopping assistant that makes every part of your experience better.ShopifyOpen Main NavigationHomeClose Main Navigation

Page URL History Show full URLs

  1. https://shop-accounts-staging.shopifycloud.com/ HTTP 302
    https://shop.app/ Page URL

Detected technologies

Overall confidence: 75%
Detected patterns
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

28
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

349 kB
Transfer

1680 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://shop-accounts-staging.shopifycloud.com/ HTTP 302
    https://shop.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
shop.app/
Redirect Chain
  • https://shop-accounts-staging.shopifycloud.com/
  • https://shop.app/
31 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.33 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
checkout.shopify.com
Software
cloudflare /
Resource Hash
ed71b71d28bf55a702ed6e7db958a6d82cf23f28e6a2a777e285d9aaef5ae398
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' https: data:; child-src blob:; script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-/GcDhkqAjihKAncTuvgzyw=='; style-src 'self' 'unsafe-inline' cdn.shopify.com sdks.shopifycdn.com fonts.googleapis.com; media-src 'self' blob: data: cdn.shopify.com embedwistia-a.akamaihd.net; img-src 'self' data: blob: api.mapbox.com cdn.shopify.com embedwistia-a.akamaihd.net fast.wistia.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com www.google-analytics.com maps.googleapis.com maps.gstatic.com; connect-src 'self' https: api.mapbox.com distillery.wistia.com events.mapbox.com monorail-edge.shopifysvc.com pipedream.wistia.com *.bugsnag.com arrive-server.shopifycloud.com; frame-src fast.wistia.com www.google.com www.gstatic.com www.recaptcha.net; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4

Request headers

:method
GET
:authority
shop.app
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Mon, 11 Oct 2021 13:36:19 GMT
content-type
text/html; charset=utf-8
x-sorting-hat-podid
-1
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block; report=/xss-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
x-content-type-options
nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
referrer-policy
strict-origin-when-cross-origin
accept-ch
Save-Data
etag
W/"ed71b71d28bf55a702ed6e7db958a6d8"
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; font-src 'self' https: data:; child-src blob:; script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-/GcDhkqAjihKAncTuvgzyw=='; style-src 'self' 'unsafe-inline' cdn.shopify.com sdks.shopifycdn.com fonts.googleapis.com; media-src 'self' blob: data: cdn.shopify.com embedwistia-a.akamaihd.net; img-src 'self' data: blob: api.mapbox.com cdn.shopify.com embedwistia-a.akamaihd.net fast.wistia.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com www.google-analytics.com maps.googleapis.com maps.gstatic.com; connect-src 'self' https: api.mapbox.com distillery.wistia.com events.mapbox.com monorail-edge.shopifysvc.com pipedream.wistia.com *.bugsnag.com arrive-server.shopifycloud.com; frame-src fast.wistia.com www.google.com www.gstatic.com www.recaptcha.net; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
set-cookie
_session_id=4kl5TlKS2rG%2BBQWhydque%2F19GKEfQM7SG2nrKlEkivWlP5vXq7Y7ei7hGRxt80Ockqp3eJIZAyS5YDmTD3IedCQyavg8VcJCjnm1zIwlZwaw%2BoNPw7ctCgaZe67k1b4XRpU0yDa0bxIKkS2Nz2RRLVg%2FeuKorP2hMelq1dJb8s%2FGXlRZJFn3ecp%2BXRffNiHJNCKQY7ykpenR9fW1PA3P%2FfGenRppdm7jhlSIJW6NCcY0--LVb90fSfalMyZ8Ju--xhJ5xX0vtklWV7uqEMI47w%3D%3D; path=/; expires=Sun, 09 Jan 2022 13:36:19 GMT; secure; HttpOnly
x-request-id
3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
x-runtime
0.005271
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-dc
gcp-europe-west1,us-east1
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
69c87a06c89b7040-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Mon, 11 Oct 2021 13:36:18 GMT
content-type
text/html
content-length
82
location
https://shop.app
cache-control
no-cache
content-security-policy
base-uri 'none'; default-src 'self' cdn.shopify.com; object-src 'none'; script-src 'self' cdn.shopify.com 'strict-dynamic' 'nonce-ARQUaWqW5rdGfGGHPkKYQg=='; style-src 'self' cdn.shopify.com 'unsafe-inline'; block-all-mixed-content
x-request-id
a755f62ce8d525be844b124a952b32d5
x-runtime
0.001141
strict-transport-security
max-age=63072000; includeSubDomains; preload
server-timing
processing;dur=1, socket_queue;dur=3.343, util;dur=0.0
x-dc
gcp-us-east1
csp-report
shop.app/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://shop.app/csp-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.33 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
checkout.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' https: data:; child-src blob:; script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-wfJTHAmR1IRt+YRb4dIaTQ=='; style-src 'self' 'unsafe-inline' cdn.shopify.com sdks.shopifycdn.com fonts.googleapis.com; media-src 'self' blob: data: cdn.shopify.com embedwistia-a.akamaihd.net; img-src 'self' data: blob: api.mapbox.com cdn.shopify.com embedwistia-a.akamaihd.net fast.wistia.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com www.google-analytics.com maps.googleapis.com maps.gstatic.com; connect-src 'self' https: api.mapbox.com distillery.wistia.com events.mapbox.com monorail-edge.shopifysvc.com pipedream.wistia.com *.bugsnag.com arrive-server.shopifycloud.com; frame-src fast.wistia.com www.google.com www.gstatic.com www.recaptcha.net; upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
no-cors
origin
https://shop.app
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
report
cookie
_session_id=4kl5TlKS2rG%2BBQWhydque%2F19GKEfQM7SG2nrKlEkivWlP5vXq7Y7ei7hGRxt80Ockqp3eJIZAyS5YDmTD3IedCQyavg8VcJCjnm1zIwlZwaw%2BoNPw7ctCgaZe67k1b4XRpU0yDa0bxIKkS2Nz2RRLVg%2FeuKorP2hMelq1dJb8s%2FGXlRZJFn3ecp%2BXRffNiHJNCKQY7ykpenR9fW1PA3P%2FfGenRppdm7jhlSIJW6NCcY0--LVb90fSfalMyZ8Ju--xhJ5xX0vtklWV7uqEMI47w%3D%3D
content-length
1502
:path
/csp-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
application/csp-report
accept
*/*
cache-control
no-cache
:authority
shop.app
referer
https://shop.app/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://shop.app/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 11 Oct 2021 13:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-europe-west1,us-east1
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
dcdf561e-38c6-4c58-a0ca-4198745fdc77
x-runtime
0.002894
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-download-options
noopen
content-type
text/html
cache-control
no-cache
content-security-policy
default-src 'none'; font-src 'self' https: data:; child-src blob:; script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-wfJTHAmR1IRt+YRb4dIaTQ=='; style-src 'self' 'unsafe-inline' cdn.shopify.com sdks.shopifycdn.com fonts.googleapis.com; media-src 'self' blob: data: cdn.shopify.com embedwistia-a.akamaihd.net; img-src 'self' data: blob: api.mapbox.com cdn.shopify.com embedwistia-a.akamaihd.net fast.wistia.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com www.google-analytics.com maps.googleapis.com maps.gstatic.com; connect-src 'self' https: api.mapbox.com distillery.wistia.com events.mapbox.com monorail-edge.shopifysvc.com pipedream.wistia.com *.bugsnag.com arrive-server.shopifycloud.com; frame-src fast.wistia.com www.google.com www.gstatic.com www.recaptcha.net; upgrade-insecure-requests
set-cookie
_session_id=Muj%2BEhjvW0%2BOnpN4sWMNHDvCWQ5gATVd3QTtnArGOfXjd8c2o2p%2BY5bPcEwN7aWURFVNltt3r28hFmU7iB1KFZ7Gcas42YvSIoTiL9WjwlZcJmkNaXVUFAm%2BoCceqYg1wLms2PI88wRgOr4j6DQ8oFrVAH0jSbCj7lFzpCwOuRs78wicvVJ4k1teK0XNBS0phylqkBwtUGseB9D%2B97jsJiXkLK21IIwYp4EOZItDe1FK--Lo31%2BVtrI7w159BQ--y5nT3NdahVM4L7ApeTIh8A%3D%3D; path=/; expires=Sun, 09 Jan 2022 13:36:19 GMT; secure; HttpOnly
cf-ray
69c87a07cc627040-FRA
x-sorting-hat-podid
-1
GT-Walsheim-Bold.woff2
cdn.shopify.com/static/fonts/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/static/fonts/GT-Walsheim-Bold.woff2
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19150-FRA /
Resource Hash
d5ab0311ce5ef91c83710164c5674dda2796ebb703a7a6441f0d77c9b2779a1e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shop.app/
Origin
https://shop.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
41492
x-xss-protection
1; mode=block
x-request-id
5a95e374e5e924b7a95e31967ead148c82cadb95d57864e67a0ad1d2a115d319
x-served-by
cache-lga21951-LGA, cache-fra19150-FRA
last-modified
Tue, 28 Sep 2021 02:32:26 GMT
server
cache-fra19150-FRA
x-timer
S1633959379.894572,VS0,VE1
date
Mon, 11 Oct 2021 13:36:18 GMT
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
font/woff2
access-control-allow-origin
*
expires
Fri, 30 Sep 2022 04:34:25 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/static/fonts/GT-Walsheim-Bold.woff2>; rel="canonical"
x-cache-hits
1, 1
GT-Walsheim-Regular.woff2
cdn.shopify.com/static/fonts/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/static/fonts/GT-Walsheim-Regular.woff2
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19150-FRA /
Resource Hash
d5833892a75ef71b7fad7d1ca40d9ab88651fd8c80023476718dfd5d6fbbbeff
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shop.app/
Origin
https://shop.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
40000
x-xss-protection
1; mode=block
x-request-id
53611f8e64ae12cd1923cc7b88a91573071c31809ad52eef5e89006bc441c77a
x-served-by
cache-lga21922-LGA, cache-fra19150-FRA
last-modified
Tue, 31 Aug 2021 13:27:02 GMT
server
cache-fra19150-FRA
x-timer
S1633959379.894705,VS0,VE1
date
Mon, 11 Oct 2021 13:36:18 GMT
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
font/woff2
access-control-allow-origin
*
expires
Fri, 09 Sep 2022 04:40:45 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/static/fonts/GT-Walsheim-Regular.woff2>; rel="canonical"
x-cache-hits
3, 1
GT-Walsheim-Medium.woff2
cdn.shopify.com/static/fonts/ 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/static/fonts/GT-Walsheim-Medium.woff2
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19150-FRA /
Resource Hash
f1ed19f850a7ae27b423697a041cec917463bb14b7f3302c4224b012c1852afd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shop.app/
Origin
https://shop.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
38432
x-xss-protection
1; mode=block
x-request-id
f54e0b808f98f4e7e282c319ff9cd0c9620f4fb30f26f414649ce014b6a91937
x-served-by
cache-lga21930-LGA, cache-fra19150-FRA
last-modified
Tue, 31 Aug 2021 13:27:09 GMT
server
cache-fra19150-FRA
x-timer
S1633959379.894780,VS0,VE1
date
Mon, 11 Oct 2021 13:36:18 GMT
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
font/woff2
access-control-allow-origin
*
expires
Fri, 02 Sep 2022 05:13:56 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/static/fonts/GT-Walsheim-Medium.woff2>; rel="canonical"
x-cache-hits
2, 1
marketing-6c97c7774443baf25efb994d88343d87c9af75099c0bfd3b2b10b426a22d223d.css
cdn.shopify.com/shopifycloud/arrive_website/assets/ 		162 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing-6c97c7774443baf25efb994d88343d87c9af75099c0bfd3b2b10b426a22d223d.css
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
b095a1bad0266d732ac092531ffd7c2c4f12aa78e3fc938bd7b16352843fc120
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-disposition
inline
content-length
26463
x-xss-protection
1; mode=block
x-request-id
82d18d3779a1318975509bc1b60b6f2dd0e6924168ffde8d7635f9fe468b0197
x-served-by
cache-lga21922-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.191225,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing-6c97c7774443baf25efb994d88343d87c9af75099c0bfd3b2b10b426a22d223d.css>; rel="canonical"
x-cache-hits
1, 1
shop-demo-video-poster-763c8ff1bc73fe74b52c9d5dd09810db75ec32073ac2b66910e6b162291cf1ed.jpg
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/shop-demo-video-poster-763c8ff1bc73fe74b52c9d5dd09810db75ec32073ac2b66910e6b162291cf1ed.jpg
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
2d17d73f4916bac340a842ee2d67fad8d2ded5d6c6f21a2d0e59b1648345ef8e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-disposition
inline
content-length
50180
x-xss-protection
1; mode=block
x-request-id
8c25b3743d3fba5ea7a36896d6dc32a0c3e6459e266a576cd9e1d81037f0263d
x-served-by
cache-lga21952-LGA, cache-fra19157-FRA
last-modified
Thu, 29 Jul 2021 06:25:38 GMT
server
cache-fra19157-FRA
x-timer
S1633959379.202140,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 29 Jul 2022 06:25:38 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/shop-demo-video-poster-763c8ff1bc73fe74b52c9d5dd09810db75ec32073ac2b66910e6b162291cf1ed.jpg>; rel="canonical"
x-cache-hits
2, 1
runtime-ace766052676019defd41f8f869c9e7d9976d3fd79f945cd51e5b5a035480a8f.js
cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/runtime-ace766052676019defd41f8f869c9e7d9976d3fd79f945cd51e5b5a035480a8f.js
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
ace766052676019defd41f8f869c9e7d9976d3fd79f945cd51e5b5a035480a8f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-disposition
inline
content-length
1148
x-xss-protection
1; mode=block
x-request-id
3713d0d8f1ef29a0c0cb8b43c957dec8bc0e623f0c82914fb28369d7739c1e02
x-served-by
cache-lga21925-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.191320,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/runtime-ace766052676019defd41f8f869c9e7d9976d3fd79f945cd51e5b5a035480a8f.js>; rel="canonical"
x-cache-hits
5, 1
opt-out-a670c34393a8086b371b378ef83c72b670a614caa54c4e35840eac3082b4f9b9.js
cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/vendors~manifests/gift-shop~manifests/help~manifests/home~manifests/marketing~manifests/ 		125 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/vendors~manifests/gift-shop~manifests/help~manifests/home~manifests/marketing~manifests/opt-out-a670c34393a8086b371b378ef83c72b670a614caa54c4e35840eac3082b4f9b9.js
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
a670c34393a8086b371b378ef83c72b670a614caa54c4e35840eac3082b4f9b9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-disposition
inline
content-length
31769
x-xss-protection
1; mode=block
x-request-id
1de8df732382fb991cc7f601bc1cb6dc8d826a3215a56cb6a2da5751df688468
x-served-by
cache-lga13628-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.191382,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/vendors~manifests/gift-shop~manifests/help~manifests/home~manifests/marketing~manifests/opt-out-a670c34393a8086b371b378ef83c72b670a614caa54c4e35840eac3082b4f9b9.js>; rel="canonical"
x-cache-hits
2, 1
opt-out-560dcd3e9a61d66c6cfab025f8a91e151777916c4cccf9bccd1669156ff760e1.js
cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/manifests/help~manifests/marketing~manifests/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/manifests/help~manifests/marketing~manifests/opt-out-560dcd3e9a61d66c6cfab025f8a91e151777916c4cccf9bccd1669156ff760e1.js
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
560dcd3e9a61d66c6cfab025f8a91e151777916c4cccf9bccd1669156ff760e1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-disposition
inline
content-length
3963
x-xss-protection
1; mode=block
x-request-id
32d3f284fc0d9930b0a1231051570ea8253ce570bafb2541f8e8247c5696169f
x-served-by
cache-lga21929-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.202005,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/manifests/help~manifests/marketing~manifests/opt-out-560dcd3e9a61d66c6cfab025f8a91e151777916c4cccf9bccd1669156ff760e1.js>; rel="canonical"
x-cache-hits
3, 1
marketing-3cb0de3b189d57e9f40883dbb64d47f022af4389a7b4d8701f60ff7d813382d2.js
cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/manifests/ 		294 B
432 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/manifests/marketing-3cb0de3b189d57e9f40883dbb64d47f022af4389a7b4d8701f60ff7d813382d2.js
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
3cb0de3b189d57e9f40883dbb64d47f022af4389a7b4d8701f60ff7d813382d2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-disposition
inline
content-length
153
x-xss-protection
1; mode=block
x-request-id
e31faf084a47ad0bc67f779fcf94039dd4f19962229d013777aa45e98a06bec2
x-served-by
cache-lga21963-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.202077,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/manifests/marketing-3cb0de3b189d57e9f40883dbb64d47f022af4389a7b4d8701f60ff7d813382d2.js>; rel="canonical"
x-cache-hits
1, 1
csp-report
shop.app/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://shop.app/csp-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.33 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
checkout.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' https: data:; child-src blob:; script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-pnL60VfdJeKaReeuObYaFw=='; style-src 'self' 'unsafe-inline' cdn.shopify.com sdks.shopifycdn.com fonts.googleapis.com; media-src 'self' blob: data: cdn.shopify.com embedwistia-a.akamaihd.net; img-src 'self' data: blob: api.mapbox.com cdn.shopify.com embedwistia-a.akamaihd.net fast.wistia.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com www.google-analytics.com maps.googleapis.com maps.gstatic.com; connect-src 'self' https: api.mapbox.com distillery.wistia.com events.mapbox.com monorail-edge.shopifysvc.com pipedream.wistia.com *.bugsnag.com arrive-server.shopifycloud.com; frame-src fast.wistia.com www.google.com www.gstatic.com www.recaptcha.net; upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
no-cors
origin
https://shop.app
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
report
cookie
_session_id=4kl5TlKS2rG%2BBQWhydque%2F19GKEfQM7SG2nrKlEkivWlP5vXq7Y7ei7hGRxt80Ockqp3eJIZAyS5YDmTD3IedCQyavg8VcJCjnm1zIwlZwaw%2BoNPw7ctCgaZe67k1b4XRpU0yDa0bxIKkS2Nz2RRLVg%2FeuKorP2hMelq1dJb8s%2FGXlRZJFn3ecp%2BXRffNiHJNCKQY7ykpenR9fW1PA3P%2FfGenRppdm7jhlSIJW6NCcY0--LVb90fSfalMyZ8Ju--xhJ5xX0vtklWV7uqEMI47w%3D%3D
content-length
1529
:path
/csp-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
application/csp-report
accept
*/*
cache-control
no-cache
:authority
shop.app
referer
https://shop.app/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://shop.app/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 11 Oct 2021 13:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-europe-west1,us-east1
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
1cf1ea2f-c40d-46e5-a6bd-c83c41cbd789
x-runtime
0.008530
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-download-options
noopen
content-type
text/html
cache-control
no-cache
content-security-policy
default-src 'none'; font-src 'self' https: data:; child-src blob:; script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-pnL60VfdJeKaReeuObYaFw=='; style-src 'self' 'unsafe-inline' cdn.shopify.com sdks.shopifycdn.com fonts.googleapis.com; media-src 'self' blob: data: cdn.shopify.com embedwistia-a.akamaihd.net; img-src 'self' data: blob: api.mapbox.com cdn.shopify.com embedwistia-a.akamaihd.net fast.wistia.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com www.google-analytics.com maps.googleapis.com maps.gstatic.com; connect-src 'self' https: api.mapbox.com distillery.wistia.com events.mapbox.com monorail-edge.shopifysvc.com pipedream.wistia.com *.bugsnag.com arrive-server.shopifycloud.com; frame-src fast.wistia.com www.google.com www.gstatic.com www.recaptcha.net; upgrade-insecure-requests
set-cookie
_session_id=qvFWLHjYTIa41IjzfvoN9WFZ3iDsbTNkZDqvea2vdwY913C8Z%2BYdMSlpWb%2FYGyWKqG6pvG3Y7e%2FduNI6G%2FmUNB8L9FW5hJOTA%2B1jXxmVRDC2OJZmGCk%2BnF9Vok4IamkHkoTmEr0WykuS42xkf5yWb%2B2qvmayh6DCc8JuVdOsoMUtxfnGfLI4Md%2BtNMxRyu1r5SLUQbRu6CxdtYzNYob7rTTrASXVo4ULDVOILq75A0%2Bt--eGA4SlX6KhfjB%2Bal--LjT3kdBbzsG3ewBbE8Gn%2BQ%3D%3D; path=/; expires=Sun, 09 Jan 2022 13:36:19 GMT; secure; HttpOnly
cf-ray
69c87a07dc717040-FRA
x-sorting-hat-podid
-1
csp-report
shop.app/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://shop.app/csp-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.33 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
checkout.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' https: data:; child-src blob:; script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-U8f1d+xs545L6UQ512jKQA=='; style-src 'self' 'unsafe-inline' cdn.shopify.com sdks.shopifycdn.com fonts.googleapis.com; media-src 'self' blob: data: cdn.shopify.com embedwistia-a.akamaihd.net; img-src 'self' data: blob: api.mapbox.com cdn.shopify.com embedwistia-a.akamaihd.net fast.wistia.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com www.google-analytics.com maps.googleapis.com maps.gstatic.com; connect-src 'self' https: api.mapbox.com distillery.wistia.com events.mapbox.com monorail-edge.shopifysvc.com pipedream.wistia.com *.bugsnag.com arrive-server.shopifycloud.com; frame-src fast.wistia.com www.google.com www.gstatic.com www.recaptcha.net; upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
no-cors
origin
https://shop.app
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
report
cookie
_session_id=4kl5TlKS2rG%2BBQWhydque%2F19GKEfQM7SG2nrKlEkivWlP5vXq7Y7ei7hGRxt80Ockqp3eJIZAyS5YDmTD3IedCQyavg8VcJCjnm1zIwlZwaw%2BoNPw7ctCgaZe67k1b4XRpU0yDa0bxIKkS2Nz2RRLVg%2FeuKorP2hMelq1dJb8s%2FGXlRZJFn3ecp%2BXRffNiHJNCKQY7ykpenR9fW1PA3P%2FfGenRppdm7jhlSIJW6NCcY0--LVb90fSfalMyZ8Ju--xhJ5xX0vtklWV7uqEMI47w%3D%3D
content-length
1530
:path
/csp-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
application/csp-report
accept
*/*
cache-control
no-cache
:authority
shop.app
referer
https://shop.app/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://shop.app/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 11 Oct 2021 13:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-europe-west1,us-east1
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
f2f0ed81-3d25-4d74-a583-4436c4431edc
x-runtime
0.003532
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-download-options
noopen
content-type
text/html
cache-control
no-cache
content-security-policy
default-src 'none'; font-src 'self' https: data:; child-src blob:; script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-U8f1d+xs545L6UQ512jKQA=='; style-src 'self' 'unsafe-inline' cdn.shopify.com sdks.shopifycdn.com fonts.googleapis.com; media-src 'self' blob: data: cdn.shopify.com embedwistia-a.akamaihd.net; img-src 'self' data: blob: api.mapbox.com cdn.shopify.com embedwistia-a.akamaihd.net fast.wistia.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com www.google-analytics.com maps.googleapis.com maps.gstatic.com; connect-src 'self' https: api.mapbox.com distillery.wistia.com events.mapbox.com monorail-edge.shopifysvc.com pipedream.wistia.com *.bugsnag.com arrive-server.shopifycloud.com; frame-src fast.wistia.com www.google.com www.gstatic.com www.recaptcha.net; upgrade-insecure-requests
set-cookie
_session_id=cwH7qfPTSj%2BnPZhNoegau%2FvTuhwVrEYHEYkTAjjGy%2F7X%2F2LyGr2Po2%2B3vqOEZsNZW32fLn1KukpjwCq43ayDmcNvz8mNpBR%2F8iMhJTcFcP0O3TkVaCu%2FWT6k%2F9w2IpKQI0aHSc9s9K8BYP2pF7F%2FtrEy%2FirM9DAFtvmb9SvNE2ro%2FbKoE7uNFI%2FnHo0X0Cyt7FIDzcdTAlvotJIFQfUSl3Iy%2FTb3X1%2Fz8QNnoe5y7TpH--FKlq9TGD3iG9T8Br--F6Oh9zzyWDKfx867NjM%2FUA%3D%3D; path=/; expires=Sun, 09 Jan 2022 13:36:19 GMT; secure; HttpOnly
cf-ray
69c87a07dc7e7040-FRA
x-sorting-hat-podid
-1
shop-app-download-qr-code--black-a1a2828a74864698f655ecb0be8002c9382b9e79d0bf0d4e1845cb6bdeb504db.svg
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/global/ 		30 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/global/shop-app-download-qr-code--black-a1a2828a74864698f655ecb0be8002c9382b9e79d0bf0d4e1845cb6bdeb504db.svg
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
a1a2828a74864698f655ecb0be8002c9382b9e79d0bf0d4e1845cb6bdeb504db
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-disposition
inline
content-length
2570
x-xss-protection
1; mode=block
x-request-id
9d2bc4c10f5d615acf895f3b924ef3f3337c3ab7aac64b4d869b5c15485cf269
x-served-by
cache-lga21929-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.246843,VS0,VE0
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/global/shop-app-download-qr-code--black-a1a2828a74864698f655ecb0be8002c9382b9e79d0bf0d4e1845cb6bdeb504db.svg>; rel="canonical"
x-cache-hits
2, 2
trekkie.arrive-website.min.js
cdn.shopify.com/s/javascripts/tricorder/ 		26 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/javascripts/tricorder/trekkie.arrive-website.min.js?v=2016.10.06.1
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/arrive_website/bundles/latest/manifests/help~manifests/marketing~manifests/opt-out-560dcd3e9a61d66c6cfab025f8a91e151777916c4cccf9bccd1669156ff760e1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
0d62bfb40d1ed02c1bf920ae6ffc31b3c4d1b11e7a72bdae151c5c66c34c4058
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
6901
x-xss-protection
1; mode=block
x-request-id
cd2dc1466357ed302514657d0a2f235f8998bcfa92a176b04993995becdcf308
x-served-by
cache-lga13622-LGA, cache-fra19157-FRA
last-modified
Thu, 06 May 2021 16:53:09 GMT
server
cache-fra19157-FRA
x-timer
S1633959379.247405,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Sun, 10 Oct 2021 04:18:51 GMT
cache-control
public, max-age=1800, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/javascripts/tricorder/trekkie.arrive-website.min.js>; rel="canonical"
x-cache-hits
1, 1
shop-pay-demo-video-abc0222e45daac15a93d10df87952796cebb98aebd44e6f959b6223ccfd449f2.mp4
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/ 		192 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/shop-pay-demo-video-abc0222e45daac15a93d10df87952796cebb98aebd44e6f959b6223ccfd449f2.mp4
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shop.app/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
Content-Range
bytes 0-919926/919927
content-disposition
inline
Content-Length
919927
x-xss-protection
1; mode=block
x-request-id
c6c04f75835ede11f79c810253a7b107539f4b4da88fe3abb5672de838a6a9cc
x-served-by
cache-lga21982-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.257507,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
video/mp4
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/shop-pay-demo-video-abc0222e45daac15a93d10df87952796cebb98aebd44e6f959b6223ccfd449f2.mp4>; rel="canonical"
x-cache-hits
1, 0
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/javascripts/tricorder/trekkie.arrive-website.min.js?v=2016.10.06.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
2962
date
Mon, 11 Oct 2021 12:46:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Mon, 11 Oct 2021 14:46:57 GMT
shop-pay-demo-video-abc0222e45daac15a93d10df87952796cebb98aebd44e6f959b6223ccfd449f2.mp4
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/ 		34 KB
35 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/shop-pay-demo-video-abc0222e45daac15a93d10df87952796cebb98aebd44e6f959b6223ccfd449f2.mp4
Requested by
Host: shop.app
URL: https://shop.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
ffdf3844c101f103b21a4be4e8617f0b3a9d29ef185e0a723e826abfec2236dd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shop.app/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=884736-

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
Content-Range
bytes 884736-919926/919927
content-disposition
inline
Content-Length
35191
x-xss-protection
1; mode=block
x-request-id
c6c04f75835ede11f79c810253a7b107539f4b4da88fe3abb5672de838a6a9cc
x-served-by
cache-lga21982-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.285734,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
video/mp4
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/shop-pay-demo-video-abc0222e45daac15a93d10df87952796cebb98aebd44e6f959b6223ccfd449f2.mp4>; rel="canonical"
x-cache-hits
1, 0
produce
monorail-edge.shopifysvc.com/v1/ 		0
471 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/javascripts/tricorder/trekkie.arrive-website.min.js?v=2016.10.06.1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.248.251 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
251.248.198.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://shop.app/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 11 Oct 2021 13:36:19 GMT
x-dc
gcp-us-central1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://shop.app
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
43504017-1f05-4a2d-937a-76a43f9ccbc4
collect
www.google-analytics.com/j/ 		2 B
202 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=858038575&t=pageview&_s=1&dl=https%3A%2F%2Fshop.app&dp=%2F&ul=en-us&de=UTF-8&dt=Shop%20is%20a%20new%20online%20shopping%20assistant%20that%20makes%20every%20part%20of%20your%20experience%20better.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1429769433&gjid=1704332294&cid=551937859.1633959379&tid=UA-42189134-31&_gid=73191132.1633959379&_r=1&_slc=1&z=1883183784
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://shop.app/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 11 Oct 2021 13:36:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://shop.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
shop-pay-demo-video-abc0222e45daac15a93d10df87952796cebb98aebd44e6f959b6223ccfd449f2.mp4
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/ 		802 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/shop-pay-demo-video-abc0222e45daac15a93d10df87952796cebb98aebd44e6f959b6223ccfd449f2.mp4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shop.app/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=98304-

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
Content-Range
bytes 98304-919926/919927
content-disposition
inline
Content-Length
821623
x-xss-protection
1; mode=block
x-request-id
c6c04f75835ede11f79c810253a7b107539f4b4da88fe3abb5672de838a6a9cc
x-served-by
cache-lga21982-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.334369,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
video/mp4
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/shop-pay-demo-video-abc0222e45daac15a93d10df87952796cebb98aebd44e6f959b6223ccfd449f2.mp4>; rel="canonical"
x-cache-hits
1, 0
hero-photo-1-small-af2715d336b494525d05e7e51be0af893f365beab776c418cdaa8cb59da5e29a.jpg
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/hero-photo-1-small-af2715d336b494525d05e7e51be0af893f365beab776c418cdaa8cb59da5e29a.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
7b5528f274e5b54db26f80bbcf466ca3c5a227671c893749437771df59f6253d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-disposition
inline
content-length
18418
x-xss-protection
1; mode=block
x-request-id
2529d9a0888c9bd52617e80bf7648f954485ebcd4fa6bed3a779a94f2add2582
x-served-by
cache-lga21972-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.409505,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/hero-photo-1-small-af2715d336b494525d05e7e51be0af893f365beab776c418cdaa8cb59da5e29a.jpg>; rel="canonical"
x-cache-hits
1, 1
hero-photo-2-small-2692a98686a269550e98474908f360e3457f09294dfd77b19bb3d65d863439ca.jpg
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/hero-photo-2-small-2692a98686a269550e98474908f360e3457f09294dfd77b19bb3d65d863439ca.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
b6e0b2d46babb9e132be2ebe797f6fbaacb142f76fad2bfc79fc47b175353f91
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-disposition
inline
content-length
7128
x-xss-protection
1; mode=block
x-request-id
33531918e44f5b45c10981c54d3f840871ea0212f3f02fe7259f4cd1b235e23a
x-served-by
cache-lga21930-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.409894,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/hero-photo-2-small-2692a98686a269550e98474908f360e3457f09294dfd77b19bb3d65d863439ca.jpg>; rel="canonical"
x-cache-hits
1, 1
arrow-loop-205b243cadbbf298b0182c0f3dd7acd5cedb8ff9f817b2627032a437295c8a35.svg
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/global/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/global/arrow-loop-205b243cadbbf298b0182c0f3dd7acd5cedb8ff9f817b2627032a437295c8a35.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
205b243cadbbf298b0182c0f3dd7acd5cedb8ff9f817b2627032a437295c8a35
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-disposition
inline
content-length
746
x-xss-protection
1; mode=block
x-request-id
e89cd8c26a4bc7190750af48f46dccf30bb277c29d22f1e0fc9605e6fff19b30
x-served-by
cache-lga21981-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.410067,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/global/arrow-loop-205b243cadbbf298b0182c0f3dd7acd5cedb8ff9f817b2627032a437295c8a35.svg>; rel="canonical"
x-cache-hits
1, 1
pay-7eae5c5489efc4cdfd0ebb6ea9ced410b2d8e4fba849c366da8c3296397781f9.svg
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/ 		7 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/pay-7eae5c5489efc4cdfd0ebb6ea9ced410b2d8e4fba849c366da8c3296397781f9.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
7eae5c5489efc4cdfd0ebb6ea9ced410b2d8e4fba849c366da8c3296397781f9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-disposition
inline
content-length
3115
x-xss-protection
1; mode=block
x-request-id
d939f6a3cdf8ab223a71f025476b22f0279fcdd08322aeeda3d03295600d3152
x-served-by
cache-lga21976-LGA, cache-fra19157-FRA
last-modified
Tue, 21 Jul 2020 17:46:35 GMT
server
cache-fra19157-FRA
x-timer
S1633959379.410145,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/svg+xml
access-control-allow-origin
*
expires
Fri, 02 Sep 2022 06:32:57 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/pay-7eae5c5489efc4cdfd0ebb6ea9ced410b2d8e4fba849c366da8c3296397781f9.svg>; rel="canonical"
x-cache-hits
2, 1
track-e94df617937144d94fd2fe840b652832f7f61f0073f4c0f0035b58faf8bfabde.svg
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/track-e94df617937144d94fd2fe840b652832f7f61f0073f4c0f0035b58faf8bfabde.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
e94df617937144d94fd2fe840b652832f7f61f0073f4c0f0035b58faf8bfabde
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-disposition
inline
content-length
1662
x-xss-protection
1; mode=block
x-request-id
efd64e651bcc603ac66acdf365ea16d91c7d3c3e34fd1f588415fa99b920aa08
x-served-by
cache-lga21936-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.410239,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/track-e94df617937144d94fd2fe840b652832f7f61f0073f4c0f0035b58faf8bfabde.svg>; rel="canonical"
x-cache-hits
1, 1
recommend-ad84c0a6ec5f8290e090a09bc83d3808ba6f2fd2a9db739df03a7fb9f091e2a9.svg
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/recommend-ad84c0a6ec5f8290e090a09bc83d3808ba6f2fd2a9db739df03a7fb9f091e2a9.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
ad84c0a6ec5f8290e090a09bc83d3808ba6f2fd2a9db739df03a7fb9f091e2a9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-disposition
inline
content-length
2360
x-xss-protection
1; mode=block
x-request-id
583530305362941d74157c381fb33bea801c55354e96581555906d1570b750a9
x-served-by
cache-lga13625-LGA, cache-fra19157-FRA
server
cache-fra19157-FRA
x-timer
S1633959379.410311,VS0,VE1
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/recommend-ad84c0a6ec5f8290e090a09bc83d3808ba6f2fd2a9db739df03a7fb9f091e2a9.svg>; rel="canonical"
x-cache-hits
1, 1
starburst-116db1c8f96cce4201c130ca13c651610ee96ae66bc65b6787142285e8390d34.svg
cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/starburst-116db1c8f96cce4201c130ca13c651610ee96ae66bc65b6787142285e8390d34.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
116db1c8f96cce4201c130ca13c651610ee96ae66bc65b6787142285e8390d34
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shop.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-disposition
inline
content-length
1548
x-xss-protection
1; mode=block
x-request-id
e868d0cac51ea620390ba28c0d1cd95e6aa51cdb5c45e815c411af9b0b7e6b66
x-served-by
cache-lga21925-LGA, cache-fra19157-FRA
last-modified
Tue, 21 Jul 2020 17:46:35 GMT
server
cache-fra19157-FRA
x-timer
S1633959380.545145,VS0,VE3
date
Mon, 11 Oct 2021 13:36:19 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/svg+xml
access-control-allow-origin
*
expires
Fri, 02 Sep 2022 06:32:47 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/arrive_website/assets/marketing/index/icons/starburst-116db1c8f96cce4201c130ca13c651610ee96ae66bc65b6787142285e8390d34.svg>; rel="canonical"
x-cache-hits
1, 1

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| webpackJsonp object| lazySizes object| ShopifyMarketing object| experimentFlags object| analytics object| trekkie string| GoogleAnalyticsObject function| ga object| _visit object| google_tag_data object| gaplugins object| gaGlobal object| gaData

8 Cookies

Domain/Path Name / Value
.shop.app/ Name: _y
Value: 6f9183c6-9536-444D-61DB-0FA7B597CA85
.shop.app/ Name: _shopify_y
Value: 6f9183c6-9536-444D-61DB-0FA7B597CA85
.shop.app/ Name: _s
Value: 6f9183d1-DA96-4624-A573-74B7F126CE08
.shop.app/ Name: _shopify_s
Value: 6f9183d1-DA96-4624-A573-74B7F126CE08
shop.app/ Name: _session_id
Value: qvFWLHjYTIa41IjzfvoN9WFZ3iDsbTNkZDqvea2vdwY913C8Z%2BYdMSlpWb%2FYGyWKqG6pvG3Y7e%2FduNI6G%2FmUNB8L9FW5hJOTA%2B1jXxmVRDC2OJZmGCk%2BnF9Vok4IamkHkoTmEr0WykuS42xkf5yWb%2B2qvmayh6DCc8JuVdOsoMUtxfnGfLI4Md%2BtNMxRyu1r5SLUQbRu6CxdtYzNYob7rTTrASXVo4ULDVOILq75A0%2Bt--eGA4SlX6KhfjB%2Bal--LjT3kdBbzsG3ewBbE8Gn%2BQ%3D%3D
.shop.app/ Name: _ga
Value: GA1.2.551937859.1633959379
.shop.app/ Name: _gid
Value: GA1.2.73191132.1633959379
.shop.app/ Name: _gat
Value: 1

2 Console Messages

Source Level URL
Text
security error URL: https://shop.app/(Line 32)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-/GcDhkqAjihKAncTuvgzyw=='". Either the 'unsafe-inline' keyword, a hash ('sha256-Vbhy9rQfImxACxuogx94TdvRozVCejCrC/fcZWVCXx0='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://shop.app/(Line 252)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-/GcDhkqAjihKAncTuvgzyw=='". Either the 'unsafe-inline' keyword, a hash ('sha256-UpJQL7Q1R5E045kK0iJaCYpX54jSm5ej3glkE68R3/s='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; font-src 'self' https: data:; child-src blob:; script-src 'self' blob: cdn.shopify.com cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net fast.wistia.com v.shopify.com www.google-analytics.com maps.googleapis.com arrive-server.shopifycloud.com www.recaptcha.net www.google.com www.gstatic.com 'nonce-/GcDhkqAjihKAncTuvgzyw=='; style-src 'self' 'unsafe-inline' cdn.shopify.com sdks.shopifycdn.com fonts.googleapis.com; media-src 'self' blob: data: cdn.shopify.com embedwistia-a.akamaihd.net; img-src 'self' data: blob: api.mapbox.com cdn.shopify.com embedwistia-a.akamaihd.net fast.wistia.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com www.google-analytics.com maps.googleapis.com maps.gstatic.com; connect-src 'self' https: api.mapbox.com distillery.wistia.com events.mapbox.com monorail-edge.shopifysvc.com pipedream.wistia.com *.bugsnag.com arrive-server.shopifycloud.com; frame-src fast.wistia.com www.google.com www.gstatic.com www.recaptcha.net; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=index&source%5Bapp%5D=ArriveWebsite&source%5Bcontroller%5D=marketing&source%5Buuid%5D=3ee1b2c5-86df-4cab-ad3d-d594d05df5b4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.shopify.com
monorail-edge.shopifysvc.com
shop-accounts-staging.shopifycloud.com
shop.app
www.google-analytics.com
104.198.248.251
23.227.38.33
2a00:1450:4001:811::200e
2a04:4e42::268
34.75.215.233
0d62bfb40d1ed02c1bf920ae6ffc31b3c4d1b11e7a72bdae151c5c66c34c4058
116db1c8f96cce4201c130ca13c651610ee96ae66bc65b6787142285e8390d34
205b243cadbbf298b0182c0f3dd7acd5cedb8ff9f817b2627032a437295c8a35
2d17d73f4916bac340a842ee2d67fad8d2ded5d6c6f21a2d0e59b1648345ef8e
3cb0de3b189d57e9f40883dbb64d47f022af4389a7b4d8701f60ff7d813382d2
560dcd3e9a61d66c6cfab025f8a91e151777916c4cccf9bccd1669156ff760e1
7b5528f274e5b54db26f80bbcf466ca3c5a227671c893749437771df59f6253d
7eae5c5489efc4cdfd0ebb6ea9ced410b2d8e4fba849c366da8c3296397781f9
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1a2828a74864698f655ecb0be8002c9382b9e79d0bf0d4e1845cb6bdeb504db
a670c34393a8086b371b378ef83c72b670a614caa54c4e35840eac3082b4f9b9
ace766052676019defd41f8f869c9e7d9976d3fd79f945cd51e5b5a035480a8f
ad84c0a6ec5f8290e090a09bc83d3808ba6f2fd2a9db739df03a7fb9f091e2a9
b095a1bad0266d732ac092531ffd7c2c4f12aa78e3fc938bd7b16352843fc120
b6e0b2d46babb9e132be2ebe797f6fbaacb142f76fad2bfc79fc47b175353f91
d5833892a75ef71b7fad7d1ca40d9ab88651fd8c80023476718dfd5d6fbbbeff
d5ab0311ce5ef91c83710164c5674dda2796ebb703a7a6441f0d77c9b2779a1e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e94df617937144d94fd2fe840b652832f7f61f0073f4c0f0035b58faf8bfabde
ed71b71d28bf55a702ed6e7db958a6d82cf23f28e6a2a777e285d9aaef5ae398
f1ed19f850a7ae27b423697a041cec917463bb14b7f3302c4224b012c1852afd
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
ffdf3844c101f103b21a4be4e8617f0b3a9d29ef185e0a723e826abfec2236dd