returns.billabong.ca Open in urlscan Pro
52.39.206.222  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response returns.billabong.ca/	3 KB 1 KB	331ms 109ms	Document text/html	52.39.206.222 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returns.billabong.ca/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.39.206.222 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-39-206-222.us-west-2.compute.amazonaws.com Software openresty/1.21.4.2 / Resource Hash 15a3cbcdc56c78d2f7c55ec66985c76aab4a721ba2ed1b8619a3c51dd0a61377 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers content-encoding gzip content-security-policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com content-type text/html; charset=utf-8 date Tue, 13 Feb 2024 16:21:57 GMT etag W/"65cb950e-a27" last-modified Tue, 13 Feb 2024 16:13:02 GMT server openresty/1.21.4.2 x-content-type-options nosniff x-frame-options SAMEORIGIN
GET H2	200	api.js Show response www.google.com/recaptcha/	1 KB 1 KB	105ms 43ms	Script text/javascript	172.253.63.105 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: returns.billabong.ca URL: https://returns.billabong.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.63.105 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f105.1e100.net Software GSE / Resource Hash c3bd20d23289ad8836845947878c01d9ee7577a151edea0ce2136a26cad026f4 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://returns.billabong.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Tue, 13 Feb 2024 16:21:57 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Tue, 13 Feb 2024 16:21:57 GMT
GET H2	200	index.9d6b198e.js Show response d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/	819 KB 191 KB	117ms 33ms	Script application/javascript	18.238.11.136 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.9d6b198e.js Requested by Host: returns.billabong.ca URL: https://returns.billabong.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.238.11.136 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-238-11-136.phl51.r.cloudfront.net Software AmazonS3 / Resource Hash 52f108c5fd3bab8d89ab8178cde4cec70995734dd413c9de99b9e6a60e92ccdc Request headers Referer https://returns.billabong.ca/ Origin https://returns.billabong.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Tue, 13 Feb 2024 16:15:38 GMT x-amz-version-id BGsDVG4RV_mEMY0Mruh.dCRF7FhZdrCr content-encoding gzip via 1.1 ccbf01f3e1fbbe27e81779a9bd6e91de.cloudfront.net (CloudFront) x-amz-cf-pop PHL51-P1 age 380 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront last-modified Tue, 13 Feb 2024 16:13:06 GMT server AmazonS3 etag W/"64578daca34c6bf64678f2929dd7aef3" access-control-max-age 0 access-control-allow-methods GET content-type application/javascript access-control-allow-origin * vary Accept-Encoding x-amz-cf-id 91skkzoEeloO1sD9tvIKUTC_iSgsvBiWiD1cxiDlF5Gp5y_w7g-3Mg==
GET H2	200	vendor.0accc842.js Show response d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/	814 KB 276 KB	165ms 81ms	Script application/javascript	18.238.11.136 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js Requested by Host: returns.billabong.ca URL: https://returns.billabong.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.238.11.136 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-238-11-136.phl51.r.cloudfront.net Software AmazonS3 / Resource Hash 3b69c85426545db5aadc05b7f8d0a001dc69c3d7c8c07e874b6d340475346cc9 Request headers Referer https://returns.billabong.ca/ Origin https://returns.billabong.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-amz-version-id qNSHpoaoDyEbW6b.9IpN71W6K8tOnbDi content-encoding gzip via 1.1 ccbf01f3e1fbbe27e81779a9bd6e91de.cloudfront.net (CloudFront) date Tue, 13 Feb 2024 15:43:59 GMT x-amz-cf-pop PHL51-P1 age 2293 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront last-modified Fri, 09 Feb 2024 20:35:19 GMT server AmazonS3 etag W/"67cef0ae62aebbb07a4ae868ded7b09d" access-control-max-age 0 access-control-allow-methods GET content-type application/javascript access-control-allow-origin * vary Accept-Encoding x-amz-cf-id bVhk-9dL-Ky_DLIb8VHH8XtgGCu4sytrbYlItvYRgzrXQdGH-j6Cpw==
GET H2	200	index.05d85706.css d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/	834 KB 77 KB	116ms 32ms	Stylesheet text/css	18.238.11.136 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.05d85706.css Requested by Host: returns.billabong.ca URL: https://returns.billabong.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.238.11.136 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-238-11-136.phl51.r.cloudfront.net Software AmazonS3 / Resource Hash 05d857063e9147ea42a0a22021eaa3a3017d7426c7d860a2c1ac6d6c743db977 Request headers accept-language en-CA,en;q=0.9 Referer https://returns.billabong.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Tue, 13 Feb 2024 16:15:38 GMT x-amz-version-id DS9EJtr0zQFzssoqutwPkipCooFC0Ef4 content-encoding gzip last-modified Tue, 13 Feb 2024 16:13:06 GMT server AmazonS3 via 1.1 cdbbcd70735de4c554b3d02a12c5bea0.cloudfront.net (CloudFront) x-amz-cf-pop PHL51-P1 etag W/"f051f3f6e8c04e90e942364a29d28be7" x-amz-server-side-encryption AES256 vary Accept-Encoding, Origin x-cache Hit from cloudfront content-type text/css age 380 x-amz-cf-id iJCP7e0LsFlU4sCQi34vsY-ToRTtDj2xzuIEiyTEHJvewahRD140Zw==
GET H2	200	js Show response www.googletagmanager.com/gtag/	274 KB 91 KB	124ms 60ms	Script application/javascript	142.250.31.97 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-XHPC1ZBWV3 Requested by Host: returns.billabong.ca URL: https://returns.billabong.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.31.97 Oxford, United States, ASN15169 (GOOGLE, US), Reverse DNS bj-in-f97.1e100.net Software Google Tag Manager / Resource Hash 14c1681919ef5d4013cdc95f2eb725453f328c4aaeae571a511e7d5ca63469f7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://returns.billabong.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Tue, 13 Feb 2024 16:21:57 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 92970 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 13 Feb 2024 16:21:57 GMT
GET H2	200	/ Show response js.stripe.com/v3/	597 KB 166 KB	55ms 16ms	Script text/javascript	151.101.128.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/ Requested by Host: returns.billabong.ca URL: https://returns.billabong.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.128.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 9c5b9f79a84169c97c45b185a292b82612569acd23cd85a1419bdd24f2c78445 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://returns.billabong.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Tue, 13 Feb 2024 16:21:57 GMT via 1.1 varnish age 11 x-cache HIT content-length 169662 x-request-id 7a5be798-6fcd-4bdf-9042-a221b10d6303 x-served-by cache-yul1970045-YUL last-modified Mon, 12 Feb 2024 23:04:44 GMT server Fastly etag "6b549697581203039881a7d8f700838e" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 8
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/	490 KB 195 KB	94ms 30ms	Script text/javascript	172.253.63.94 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.63.94 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f94.1e100.net Software sffe / Resource Hash 5aa02ad9ec4550065de8002ea1108be5d10bbb1173d2f3447f88ce1af317d4bd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returns.billabong.ca/ Origin https://returns.billabong.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Tue, 13 Feb 2024 10:10:55 GMT content-encoding gzip x-content-type-options nosniff age 22262 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 199529 x-xss-protection 0 last-modified Mon, 05 Feb 2024 05:00:25 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 12 Feb 2025 10:10:55 GMT
GET H2	200	init Show response api.loopreturns.com/api/v1/	20 KB 21 KB	592ms 383ms	XHR application/json	52.39.206.222 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.loopreturns.com/api/v1/init Requested by Host: d1nnh0c8uc313v.cloudfront.net URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.39.206.222 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-39-206-222.us-west-2.compute.amazonaws.com Software openresty/1.21.4.2 / Resource Hash 2f89260311fa56d24adac9a425b80550d7954bb8371486e9f03699c71aaf8d4e Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com X-Content-Type-Options nosniff, nosniff X-Frame-Options SAMEORIGIN, SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json, text/plain, */* Referer https://returns.billabong.ca/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Tue, 13 Feb 2024 16:21:58 GMT content-security-policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com x-content-type-options nosniff, nosniff x-loop-request-id 5c8bcc78-daef-4b5f-a0db-d6a66f288235 x-xss-protection 1; mode=block server openresty/1.21.4.2 x-frame-options SAMEORIGIN, SAMEORIGIN access-control-allow-methods DELETE, GET, PATCH, POST, PUT, OPTIONS content-type application/json access-control-allow-origin https://returns.billabong.ca access-control-expose-headers Version cache-control no-cache, private access-control-allow-credentials true x-ratelimit-limit 300 access-control-allow-headers Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-Authorization, X-CSRF-TOKEN, x-datadog-trace-id, x-datadog-parent-id, x-datadog-origin, x-datadog-sampling-priority, x-datadog-sampled x-ratelimit-remaining 299 version 0
GET H2	200	m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response js.stripe.com/v3/ Frame 728B	200 B 846 B	16ms 16ms	Document text/html	151.101.128.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.128.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://returns.billabong.ca/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 382479 cache-control max-age=31536000 content-encoding br content-length 154 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Tue, 13 Feb 2024 16:21:57 GMT etag "3437aaddcdf6922d623e172c2d6f9278" last-modified Thu, 08 Feb 2024 22:46:21 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 88622 x-content-type-options nosniff x-request-id 23dd2736-f795-4352-983e-0a68322361a3 x-served-by cache-yul1970045-YUL
GET H2	200	m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 728B	526 B 449 B	16ms 16ms	Script text/javascript	151.101.128.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.128.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Tue, 13 Feb 2024 16:21:57 GMT via 1.1 varnish age 382478 x-cache HIT content-length 315 x-request-id 0311d196-20d2-4e05-8827-0bbe5177e979 x-served-by cache-yul1970045-YUL last-modified Thu, 08 Feb 2024 22:46:19 GMT server Fastly etag "d96c709017743c0759cf3853d1806ba5" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * x-cache-hits 82942
POST H2	200	csp-report q.stripe.com/ Frame 728B	0 716 B	311ms 102ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: returns.billabong.ca URL: https://returns.billabong.ca/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Content-Type application/csp-report Response headers date Tue, 13 Feb 2024 16:21:58 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1707841318181564 x-envoy-upstream-service-time 1 content-length 0 x-stripe-bg-intended-route-color blue pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS x-stripe-server-envoy-upstream-service-time-ms 0 access-control-allow-origin https://js.stripe.com x-stripe-client-envoy-start-time-us 1707841318181217 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-expose-headers Server, Range, Content-Type x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
POST H2	200	csp-report q.stripe.com/ Frame 728B	0 715 B	312ms 103ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: returns.billabong.ca URL: https://returns.billabong.ca/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Content-Type application/csp-report Response headers date Tue, 13 Feb 2024 16:21:58 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1707841318181933 x-envoy-upstream-service-time 1 content-length 0 x-stripe-bg-intended-route-color blue pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS x-stripe-server-envoy-upstream-service-time-ms 0 access-control-allow-origin https://js.stripe.com x-stripe-client-envoy-start-time-us 1707841318181206 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-expose-headers Server, Range, Content-Type x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
GET H2	200	inner.html Show response m.stripe.network/ Frame 6BC6	930 B 2 KB	97ms 29ms	Document text/html	13.224.214.6 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.214.6 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-214-6.phl50.r.cloudfront.net Software Cloudfront / Resource Hash 947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1 Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers accept-ranges bytes age 159 cache-control max-age=300, public content-length 930 content-security-policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Tue, 13 Feb 2024 16:19:20 GMT etag "06bfcd88af438673a8bf9b845a11aa6e" last-modified Fri, 30 Jun 2023 14:32:28 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload vary Accept-Encoding, Origin via 1.1 cf426d8f6e10e609055662f292295434.cloudfront.net (CloudFront) x-amz-cf-id 0UGOjxAsxgy4R7CfkdAtHCEHRTO8m_Awdc_p2371W4suVzGt0dWWUw== x-amz-cf-pop PHL50-C1 x-cache Hit from cloudfront x-content-type-options nosniff
POST H2	200	csp-report q.stripe.com/ Frame 6BC6	0 489 B	205ms 103ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: returns.billabong.ca URL: https://returns.billabong.ca/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Content-Type application/csp-report Response headers date Tue, 13 Feb 2024 16:21:58 GMT strict-transport-security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1707841318181740 x-envoy-upstream-service-time 2 content-length 0 x-stripe-bg-intended-route-color blue pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin x-stripe-server-envoy-upstream-service-time-ms 0 x-stripe-client-envoy-start-time-us 1707841318181209 cache-control max-age=0, no-cache, no-store, must-revalidate x-robots-tag none expires 0
GET H2	200	out-4.5.43.js Show response m.stripe.network/ Frame 6BC6	87 KB 14 KB	33ms 33ms	Script text/javascript	13.224.214.6 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.43.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.214.6 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-214-6.phl50.r.cloudfront.net Software Cloudfront / Resource Hash e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Tue, 13 Feb 2024 16:21:11 GMT content-encoding br via 1.1 cf426d8f6e10e609055662f292295434.cloudfront.net (CloudFront) strict-transport-security max-age=31556926; includeSubDomains; preload last-modified Fri, 30 Jun 2023 14:32:28 GMT server Cloudfront age 48 x-content-type-options nosniff etag W/"69cb7809b5011312e716f29b3d19dce6" x-amz-cf-pop PHL50-C1 vary Accept-Encoding, Origin x-cache Hit from cloudfront content-type text/javascript; charset=utf-8 cache-control max-age=300, public x-amz-cf-id 2A3umWeTW2n0sE0oJ6Ew58bKShLQF5ZK8XSpq5rSN4d4Dni4PhSMYA==
POST H2	200	6 Show response m.stripe.com/ Frame 6BC6	156 B 669 B	310ms 105ms	XHR application/json	34.213.37.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.43.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.213.37.126 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-213-37-126.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 4f59d0cbbf4f748397eaf26e9725b85d26853c755d2effecfa213932744571e7 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-stripe-bg-intended-route-color green date Tue, 13 Feb 2024 16:21:58 GMT strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1707841318377000 server nginx content-type application/json;charset=utf-8 x-stripe-server-envoy-upstream-service-time-ms 2 access-control-allow-origin https://m.stripe.network x-stripe-client-envoy-start-time-us 1707841318376787 access-control-allow-credentials true access-control-allow-headers Content-Type content-length 156
GET H2	200	css fonts.googleapis.com/	1 KB 847 B	105ms 44ms	Stylesheet text/css	142.250.31.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Poppins%7CPoppins Requested by Host: d1nnh0c8uc313v.cloudfront.net URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.31.95 Oxford, United States, ASN15169 (GOOGLE, US), Reverse DNS bj-in-f95.1e100.net Software ESF / Resource Hash ee534ebd2a20259114de62ebbddca7e8b19f6948ac9654f36f9c056f254bf571 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://returns.billabong.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 13 Feb 2024 16:21:58 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 13 Feb 2024 16:21:58 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 13 Feb 2024 16:21:58 GMT
GET H2	200	analytics.min.js Show response cdn.segment.com/analytics.js/v1/23J8MEiBHfZJhx1lYDEqR9SPqaIV9vvR/	108 KB 29 KB	111ms 39ms	Script text/javascript	13.224.207.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.segment.com/analytics.js/v1/23J8MEiBHfZJhx1lYDEqR9SPqaIV9vvR/analytics.min.js Requested by Host: d1nnh0c8uc313v.cloudfront.net URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.9d6b198e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.207.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-207-4.phl50.r.cloudfront.net Software AmazonS3 / Resource Hash 2b6ed7aaa4b9609a0a3f790751bcad8941fcad07ed9d7c432c0ed7c6f117ff59 Request headers accept-language en-CA,en;q=0.9 Referer https://returns.billabong.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-amz-version-id FW21CdpRNLxSuj5LPA.642bXOH4alrsI content-encoding br via 1.1 55d59f6fe20d812e375923d2e18ac7fc.cloudfront.net (CloudFront) date Tue, 13 Feb 2024 16:21:56 GMT x-amz-cf-pop PHL50-C1 age 7 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED last-modified Mon, 12 Feb 2024 20:31:31 GMT server AmazonS3 etag W/"82453d7b3d71f93156d03b8b646bddb6" access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=120 vary Accept-Encoding x-amz-cf-id Gr6-0c8psnPRIx19FxAda3Zi0FXGbeam1MxEOXtHIRBtbB9qOwyoWA==
GET H2	200	reason-groups Show response api.loopreturns.com/api/v1/9196/	6 KB 6 KB	204ms 203ms	XHR application/json	52.39.206.222 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.loopreturns.com/api/v1/9196/reason-groups Requested by Host: d1nnh0c8uc313v.cloudfront.net URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.39.206.222 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-39-206-222.us-west-2.compute.amazonaws.com Software openresty/1.21.4.2 / Resource Hash dba9667afc0403f43a333e78c985921f5d2c5f6166e6980df31cf9dde5890bff Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com X-Content-Type-Options nosniff, nosniff X-Frame-Options SAMEORIGIN, SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json, text/plain, */* Referer https://returns.billabong.ca/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Tue, 13 Feb 2024 16:21:58 GMT content-security-policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com x-content-type-options nosniff, nosniff x-loop-request-id ffb3ae2c-42e0-4700-a3dc-a41dc633c09d x-xss-protection 1; mode=block server openresty/1.21.4.2 x-frame-options SAMEORIGIN, SAMEORIGIN access-control-allow-methods DELETE, GET, PATCH, POST, PUT, OPTIONS content-type application/json access-control-allow-origin https://returns.billabong.ca access-control-expose-headers Version cache-control no-cache, private access-control-allow-credentials true x-ratelimit-limit 300 access-control-allow-headers Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-Authorization, X-CSRF-TOKEN, x-datadog-trace-id, x-datadog-parent-id, x-datadog-origin, x-datadog-sampling-priority, x-datadog-sampled x-ratelimit-remaining 298 version 0
GET H2	200	close.svg d1nnh0c8uc313v.cloudfront.net/customer-portal/img/icons/	652 B 1 KB	28ms 28ms	Image image/svg+xml	18.238.11.136 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1nnh0c8uc313v.cloudfront.net/customer-portal/img/icons/close.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.238.11.136 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-238-11-136.phl51.r.cloudfront.net Software AmazonS3 / Resource Hash 91c4e52fb442a8db49f6288f4e0c59376f0f8c9675bc8e847154e576dd57944b Request headers accept-language en-CA,en;q=0.9 Referer https://returns.billabong.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-amz-version-id NHw17yL1Q0XMx5JT3Qp6LKH15ii8VcME date Tue, 13 Feb 2024 16:04:20 GMT via 1.1 cdbbcd70735de4c554b3d02a12c5bea0.cloudfront.net (CloudFront) last-modified Fri, 09 Feb 2024 15:02:20 GMT server AmazonS3 x-amz-cf-pop PHL51-P1 age 1061 x-amz-server-side-encryption AES256 etag "765baec03ebf4eba6af7248b4b6e190d" vary Accept-Encoding, Origin x-cache Hit from cloudfront content-type image/svg+xml accept-ranges bytes content-length 652 x-amz-cf-id pX--Z0WDeGBw6e0wyMTzDrjt2seZB2NRuEd5y9yRWtK4tIPl_w1zkg==
GET H2	200	pxiEyp8kv8JHgFVrJJfecg.woff2 fonts.gstatic.com/s/poppins/v20/	8 KB 8 KB	91ms 30ms	Font font/woff2	142.251.16.94 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Poppins%7CPoppins Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.16.94 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS bl-in-f94.1e100.net Software sffe / Resource Hash 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://returns.billabong.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Fri, 09 Feb 2024 20:51:52 GMT x-content-type-options nosniff age 329406 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7884 x-xss-protection 0 last-modified Wed, 27 Apr 2022 17:03:52 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 08 Feb 2025 20:51:52 GMT
GET H2	200	settings Show response cdn.segment.com/v1/projects/23J8MEiBHfZJhx1lYDEqR9SPqaIV9vvR/	603 B 1 KB	79ms 25ms	Fetch application/json	13.224.207.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.segment.com/v1/projects/23J8MEiBHfZJhx1lYDEqR9SPqaIV9vvR/settings Requested by Host: d1nnh0c8uc313v.cloudfront.net URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.207.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-207-4.phl50.r.cloudfront.net Software AmazonS3 / Resource Hash 9c7623455cf5c4b62c93ef4bf3ddc8f3173c42e971919fb07fa2fc22eeada537 Request headers accept-language en-CA,en;q=0.9 Referer https://returns.billabong.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-amz-version-id 79Amep1qqKdkfYFQj6AbO.kGyylAkxne date Tue, 13 Feb 2024 14:56:31 GMT via 1.1 9a4c760031a0dcc526cc9dcd0d0940ea.cloudfront.net (CloudFront) x-amz-cf-pop PHL50-C1 age 5128 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED content-length 603 last-modified Mon, 18 Dec 2023 16:45:39 GMT server AmazonS3 etag "9bef6a1d7822765f31f2226144670713" access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type application/json; charset=utf-8 access-control-allow-origin * cache-control public, max-age=10800 vary Accept-Encoding accept-ranges bytes x-amz-cf-id VV71QlmscWCpw64uUpDle6c0qgoSdUmEicp9W6cG8kpp-KKs3wg2WQ==
POST H2	200	6 Show response m.stripe.com/ Frame 6BC6	156 B 668 B	108ms 107ms	XHR application/json	34.213.37.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.43.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.213.37.126 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-213-37-126.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 4f59d0cbbf4f748397eaf26e9725b85d26853c755d2effecfa213932744571e7 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-stripe-bg-intended-route-color green date Tue, 13 Feb 2024 16:22:02 GMT strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1707841322748894 server nginx content-type application/json;charset=utf-8 x-stripe-server-envoy-upstream-service-time-ms 3 access-control-allow-origin https://m.stripe.network x-stripe-client-envoy-start-time-us 1707841322748684 access-control-allow-credentials true access-control-allow-headers Content-Type content-length 156

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| webpackChunkStripeJSouter function| noop function| Stripe object| DD_RUM function| applyFocusVisiblePolyfill boolean| __VUE__ boolean| __vite_is_modern_browser object| recaptcha object| google_tag_manager object| google_tag_data object| dataLayer object| analytics object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			m.stripe.com/	1970-01-21 04:00:01	Name: m Value: 3e8ab541-dd6f-4d2c-997a-e32bca2e9ca1bc3f0c
			.returns.billabong.ca/	1970-01-21 03:09:37	Name: __stripe_mid Value: 12e5390d-d51d-4e68-96c5-72348cec9395b5e0e7
			.returns.billabong.ca/	1970-01-20 18:24:03	Name: __stripe_sid Value: 5acac713-14ff-4f4b-8f72-ffba5fee543ceebe36
			returns.billabong.ca/	1970-01-20 18:24:02	Name: _dd_s Value: rum=0&expire=1707842217836

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
other	warning	URL: https://returns.billabong.ca/#/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://returns.billabong.ca/#/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://returns.billabong.ca/#/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' *.loopreturns.com *.myshopify.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.loopreturns.com
cdn.segment.com
d1nnh0c8uc313v.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
returns.billabong.ca
www.google.com
www.googletagmanager.com
www.gstatic.com
13.224.207.4
13.224.214.6
142.250.31.95
142.250.31.97
142.251.16.94
151.101.128.176
172.253.63.105
172.253.63.94
18.238.11.136
34.213.37.126
52.39.206.222
54.187.159.182
05d857063e9147ea42a0a22021eaa3a3017d7426c7d860a2c1ac6d6c743db977
14c1681919ef5d4013cdc95f2eb725453f328c4aaeae571a511e7d5ca63469f7
15a3cbcdc56c78d2f7c55ec66985c76aab4a721ba2ed1b8619a3c51dd0a61377
2b6ed7aaa4b9609a0a3f790751bcad8941fcad07ed9d7c432c0ed7c6f117ff59
2f89260311fa56d24adac9a425b80550d7954bb8371486e9f03699c71aaf8d4e
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
3b69c85426545db5aadc05b7f8d0a001dc69c3d7c8c07e874b6d340475346cc9
4f59d0cbbf4f748397eaf26e9725b85d26853c755d2effecfa213932744571e7
52f108c5fd3bab8d89ab8178cde4cec70995734dd413c9de99b9e6a60e92ccdc
5aa02ad9ec4550065de8002ea1108be5d10bbb1173d2f3447f88ce1af317d4bd
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
91c4e52fb442a8db49f6288f4e0c59376f0f8c9675bc8e847154e576dd57944b
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
9c5b9f79a84169c97c45b185a292b82612569acd23cd85a1419bdd24f2c78445
9c7623455cf5c4b62c93ef4bf3ddc8f3173c42e971919fb07fa2fc22eeada537
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
c3bd20d23289ad8836845947878c01d9ee7577a151edea0ce2136a26cad026f4
dba9667afc0403f43a333e78c985921f5d2c5f6166e6980df31cf9dde5890bff
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee534ebd2a20259114de62ebbddca7e8b19f6948ac9654f36f9c056f254bf571