urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
165.254.198.120  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.cosmeticscriminals.ca/
Effective URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Submission: On March 06 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 72 IPs in 3 countries across 58 domains to perform 244 HTTP transactions. The main IP is 165.254.198.120, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 60012.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.141.89.114 393259 (YOTTAA-AS-1)
1 19 165.254.198.120 393259 (YOTTAA-AS-1)
2 8 2600:1408:540... 20940 (AKAMAI-ASN1)
18 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:4e42::649 54113 (FASTLY)
2 2606:4700:440... 13335 (CLOUDFLAR...)
3 151.101.130.133 54113 (FASTLY)
4 35.190.10.96 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
11 2606:4700::68... 13335 (CLOUDFLAR...)
7 2607:f8b0:400... 15169 (GOOGLE)
3 2600:9000:26a... 16509 (AMAZON-02)
2 104.26.12.205 13335 (CLOUDFLAR...)
6 151.101.66.133 54113 (FASTLY)
1 2606:4700:440... 13335 (CLOUDFLAR...)
3 6 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
8 2607:f8b0:400... 15169 (GOOGLE)
1 5 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2600:9000:250... 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
7 3.162.3.15 16509 (AMAZON-02)
1 2600:9000:247... 16509 (AMAZON-02)
1 1 3.214.16.184 14618 (AMAZON-AES)
1 2 54.145.61.158 14618 (AMAZON-AES)
2 3 68.67.181.211 29990 (ASN-APPNEX)
5 5 15.197.193.217 16509 (AMAZON-02)
1 2 172.253.115.155 15169 (GOOGLE)
1 1 69.173.151.100 26667 (RUBICONPR...)
1 1 23.45.233.43 20940 (AKAMAI-ASN1)
1 2 104.18.36.155 13335 (CLOUDFLAR...)
1 204.2.50.206 393259 (YOTTAA-AS-1)
1 23.4.234.235 16625 (AKAMAI-AS)
1 34.102.147.248 396982 (GOOGLE-CL...)
7 151.101.1.21 54113 (FASTLY)
1 52.85.132.58 16509 (AMAZON-02)
1 2600:9000:269... 16509 (AMAZON-02)
2 108.139.23.251 16509 (AMAZON-02)
2 2600:1408:ec0... 20940 (AKAMAI-ASN1)
2 2a03:2880:f00... 32934 (FACEBOOK)
2 2a04:4e42:400... 54113 (FASTLY)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
10 23.212.249.215 20940 (AKAMAI-ASN1)
3 2600:1408:c40... 20940 (AKAMAI-ASN1)
2 2600:9000:207... 16509 (AMAZON-02)
1 34.120.253.250 396982 (GOOGLE-CL...)
1 151.101.65.140 54113 (FASTLY)
1 2607:f8b0:400... 15169 (GOOGLE)
2 4 172.253.63.149 15169 (GOOGLE)
1 54.221.246.23 14618 (AMAZON-AES)
1 6 35.190.43.134 15169 (GOOGLE)
2 34.98.67.3 396982 (GOOGLE-CL...)
2 44.208.222.212 14618 (AMAZON-AES)
2 2607:f8b0:400... 15169 (GOOGLE)
1 1 3.162.3.51 16509 (AMAZON-02)
1 3.229.102.46 14618 (AMAZON-AES)
4 151.101.0.84 54113 (FASTLY)
1 44.208.207.37 14618 (AMAZON-AES)
6 192.229.210.155 15133 (EDGECAST)
1 2a03:2880:f10... 32934 (FACEBOOK)
1 23.15.9.25 20940 (AKAMAI-ASN1)
14 34.98.72.95 396982 (GOOGLE-CL...)
1 34.111.113.62 396982 (GOOGLE-CL...)
1 34.149.80.61 15169 (GOOGLE)
1 34.102.203.69 396982 (GOOGLE-CL...)
1 34.117.124.38 396982 (GOOGLE-CL...)
1 52.17.65.148 16509 (AMAZON-02)
2 3.162.3.39 16509 (AMAZON-02)
12 192.225.157.157 30286 (THM)
1 2600:1901:0:5... 15169 (GOOGLE)
2 34.149.130.207 396982 (GOOGLE-CL...)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
7 34.111.8.32 396982 (GOOGLE-CL...)
2 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
244 72
1    204.141.89.114 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.cosmeticscriminals.ca
19    165.254.198.120 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
8    2600:1408:5400:d::170c:93a7 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
cdn.media.amplience.net
18    2607:f8b0:4004:c17::88 (Washington, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
2    2606:4700:4400::ac40:952f (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.static.amplience.net
3    151.101.130.133 (United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
4    35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com
collector-pxxt4gy2ig.px-cloud.net
4    2607:f8b0:4004:c1b::5e (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
11    2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
7    2607:f8b0:4004:c08::61 (Washington, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2600:9000:26a0:8000:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
2    104.26.12.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
6    151.101.66.133 (United States)

ASN54113 (FASTLY, US)
sdk.iad-05.braze.com
1    2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
6    2607:f8b0:4004:c1d::9a (Washington, United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2607:f8b0:4004:c08::95 (Washington, United States)

ASN15169 (GOOGLE, US)
static.doubleclick.net
8    2607:f8b0:4004:c1b::5f (Washington, United States)

ASN15169 (GOOGLE, US)
jnn-pa.googleapis.com
5    2607:f8b0:4004:c07::69 (Washington, United States)

ASN15169 (GOOGLE, US)
www.google.com
2    2607:f8b0:4004:c07::77 (Washington, United States)

ASN15169 (GOOGLE, US)
i.ytimg.com
1    2600:9000:2508:fa00:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
2    2607:f8b0:4004:c17::8a (Washington, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2607:f8b0:4004:c0b::5e (Washington, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2607:f8b0:4004:c08::9c (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
7    3.162.3.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-3-15.yul62.r.cloudfront.net
async-px.dynamicyield.com
1    2600:9000:2479:400:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
1    3.214.16.184 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-16-184.compute-1.amazonaws.com
pixel.pointmediatracker.com
2    54.145.61.158 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-145-61-158.compute-1.amazonaws.com
cnv.event.prod.bidr.io
3    68.67.181.211 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
ib.adnxs.com
5    15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
2    172.253.115.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f155.1e100.net
cm.g.doubleclick.net
www.googleadservices.com
1    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    23.45.233.43 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-45-233-43.deploy.static.akamaitechnologies.com
hb.yahoo.net
2    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    204.2.50.206 (United States)

ASN393259 (YOTTAA-AS-1, US)
qoe-1.yottaa.net
1    23.4.234.235 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-4-234-235.deploy.static.akamaitechnologies.com
static.ordergroove.com
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
7    151.101.1.21 (United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    52.85.132.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-132-58.iad50.r.cloudfront.net
t.contentsquare.net
1    2600:9000:269f:a800:13:d6f4:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.usehero.com
2    108.139.23.251 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-23-251.atl58.r.cloudfront.net
sc-static.net
2    2600:1408:ec00:280::1931 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
s.pinimg.com
2    2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
10    23.212.249.215 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-212-249-215.deploy.static.akamaitechnologies.com
analytics.tiktok.com
3    2600:1408:c400:12::17cd:6b1a (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
elfcosmetics.a.bigcontent.io
2    2600:9000:2073:2000:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
1    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
1    151.101.65.140 (United States)

ASN54113 (FASTLY, US)
alb.reddit.com
1    2607:f8b0:4004:c19::64 (Washington, United States)

ASN15169 (GOOGLE, US)
analytics.google.com
4    172.253.63.149 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f149.1e100.net
10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
1    54.221.246.23 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-246-23.compute-1.amazonaws.com
api.usehero.com
6    35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com
tr.snapchat.com
tr6.snapchat.com
2    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
tags.rd.linksynergy.com
2    44.208.222.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-222-212.compute-1.amazonaws.com
c.contentsquare.net
2    2607:f8b0:4004:c1d::9b (Washington, United States)

ASN15169 (GOOGLE, US)
adservice.google.com
1    3.162.3.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-3-51.yul62.r.cloudfront.net
ads.undertone.com
1    3.229.102.46 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-102-46.compute-1.amazonaws.com
evt.undertone.com
4    151.101.0.84 (United States)

ASN54113 (FASTLY, US)
ct.pinterest.com
1    44.208.207.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-207-37.compute-1.amazonaws.com
external-api.jebbit.com
6    192.229.210.155 (United States)

ASN15133 (EDGECAST, US)
t.paypal.com
www.paypalobjects.com
1    2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    23.15.9.25 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-15-9-25.deploy.static.akamaitechnologies.com
analytics.pangle-ads.com
14    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
1    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
1    34.149.80.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.80.149.34.bc.googleusercontent.com
data.cdnbasket.net
1    34.102.203.69 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 69.203.102.34.bc.googleusercontent.com
page.cdnbasket.net
1    34.117.124.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.124.117.34.bc.googleusercontent.com
view.cdnbasket.net
1    52.17.65.148 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-65-148.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
2    3.162.3.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-3-39.yul62.r.cloudfront.net
cdn-scripts.signifyd.com
12    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
ids.cdnwidget.com
2    34.149.130.207 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
7    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
2    192.225.158.1 (United States)

ASN30286 (THM, US)
h.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
w2txo5aa3czxibhw67gugldhver75mjsb2msesyj87a166bb7d97eab7sac.d.aa.online-metrix.net
Apex Domain
Subdomains		 Transfer
19 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 60012
320 KB
18 youtube.com
www.youtube.com — Cisco Umbrella Rank: 66
2 MB
15 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 2407
api.bounceexchange.com — Cisco Umbrella Rank: 2693
440 KB
15 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
static.doubleclick.net — Cisco Umbrella Rank: 259
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
cm.g.doubleclick.net — Cisco Umbrella Rank: 271
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 322334
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 272055
5 KB
14 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8695
imgs.signifyd.com — Cisco Umbrella Rank: 7215
96 KB
11 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 9260
st.dynamicyield.com — Cisco Umbrella Rank: 8587
async-px.dynamicyield.com — Cisco Umbrella Rank: 8602
239 KB
11 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 334
170 KB
10 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 693
271 KB
10 paypal.com
www.paypal.com — Cisco Umbrella Rank: 2952
t.paypal.com — Cisco Umbrella Rank: 3463
242 KB
10 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 14862
cdn.static.amplience.net — Cisco Umbrella Rank: 47800
6 MB
8 google.com
www.google.com — Cisco Umbrella Rank: 2
analytics.google.com — Cisco Umbrella Rank: 148
adservice.google.com — Cisco Umbrella Rank: 92
41 KB
8 googleapis.com
jnn-pa.googleapis.com — Cisco Umbrella Rank: 218
80 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
95 KB
7 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
572 KB
6 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 2246
609 B
6 snapchat.com
tr.snapchat.com — Cisco Umbrella Rank: 897
tr6.snapchat.com — Cisco Umbrella Rank: 1339
2 KB
6 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 3272
877 B
5 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 625
match.adsrvr.org — Cisco Umbrella Rank: 364
3 KB
4 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 876
5 KB
4 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 3542
c.contentsquare.net — Cisco Umbrella Rank: 4010
srm.ba.contentsquare.net — Cisco Umbrella Rank: 19150
72 KB
4 px-cloud.net
collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 248275
2 KB
4 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 24616 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 10482
1 MB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 2615
w2txo5aa3czxibhw67gugldhver75mjsb2msesyj87a166bb7d97eab7sac.d.aa.online-metrix.net
16 KB
3 cdnwidget.com
ids.cdnwidget.com — Cisco Umbrella Rank: 4091
pd.cdnwidget.com — Cisco Umbrella Rank: 4063
idr.cdnwidget.com — Cisco Umbrella Rank: 8446
1 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 5130
page.cdnbasket.net — Cisco Umbrella Rank: 5136
view.cdnbasket.net — Cisco Umbrella Rank: 5137
1014 B
3 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2598
33 KB
3 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 35631
external-api.jebbit.com — Cisco Umbrella Rank: 49623
61 KB
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 101445
8 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 375
14 KB
3 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 500
ib.adnxs.com — Cisco Umbrella Rank: 256
3 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 483
835 B
2 undertone.com
ads.undertone.com — Cisco Umbrella Rank: 8712
evt.undertone.com — Cisco Umbrella Rank: 10759
849 B
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 8738
tags.rd.linksynergy.com — Cisco Umbrella Rank: 5606
698 B
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1245
10 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
72 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 865
20 KB
2 sc-static.net
sc-static.net — Cisco Umbrella Rank: 1180
38 KB
2 usehero.com
cdn.usehero.com — Cisco Umbrella Rank: 56127
api.usehero.com — Cisco Umbrella Rank: 52263
29 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 631
1 KB
2 bidr.io
cnv.event.prod.bidr.io — Cisco Umbrella Rank: 10171
1 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 29
21 KB
2 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 89
6 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2821
253 B
1 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 526
473 B
1 pangle-ads.com
analytics.pangle-ads.com — Cisco Umbrella Rank: 2797
965 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
185 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 124
2 KB
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1415
637 B
1 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 4791
6 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 8375
15 KB
1 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 27578
43 KB
1 yahoo.net
hb.yahoo.net — Cisco Umbrella Rank: 692
616 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 388
914 B
1 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 4574
516 B
1 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 9941
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 541
315 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 760
24 KB
1 cosmeticscriminals.ca
www.cosmeticscriminals.ca
331 B
244 58
Domain Requested by
19 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
18 www.youtube.com www.elfcosmetics.com
www.youtube.com
14 assets.bounceexchange.com www.elfcosmetics.com
12 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
11 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
10 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
8 jnn-pa.googleapis.com www.youtube.com
8 cdn.media.amplience.net 2 redirects www.elfcosmetics.com
7 www.paypal.com www.elfcosmetics.com
www.paypal.com
www.paypalobjects.com
7 async-px.dynamicyield.com cdn.dynamicyield.com
7 www.googletagmanager.com www.elfcosmetics.com
6 events.bouncex.net
6 googleads.g.doubleclick.net 3 redirects www.youtube.com
www.elfcosmetics.com
6 sdk.iad-05.braze.com cdn-fsly.yottaa.net
5 tr.snapchat.com 1 redirects www.elfcosmetics.com
sc-static.net
5 www.google.com 1 redirects www.youtube.com
www.elfcosmetics.com
4 ct.pinterest.com s.pinimg.com
www.elfcosmetics.com
4 match.adsrvr.org 4 redirects
4 www.gstatic.com www.youtube.com
www.gstatic.com
4 fonts.gstatic.com www.youtube.com
4 collector-pxxt4gy2ig.px-cloud.net www.elfcosmetics.com
analytics.tiktok.com
3 www.paypalobjects.com www.elfcosmetics.com
www.paypalobjects.com
3 t.paypal.com
3 elfcosmetics.a.bigcontent.io
3 bat.bing.com www.elfcosmetics.com
3 cdn.dynamicyield.com www.elfcosmetics.com
3 cdn-fsly.yottaa.net www.elfcosmetics.com
2 h.online-metrix.net imgs.signifyd.com
2 idsync.rlcdn.com 2 redirects
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 adservice.google.com 10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
2 c.contentsquare.net
2 9231397.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 10742279.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 js.jebbit.com www.elfcosmetics.com
2 www.redditstatic.com www.elfcosmetics.com
www.redditstatic.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 sc-static.net www.elfcosmetics.com
tr.snapchat.com
2 dsum-sec.casalemedia.com 1 redirects
2 secure.adnxs.com 1 redirects
2 cnv.event.prod.bidr.io 1 redirects
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 www.google-analytics.com www.elfcosmetics.com
www.google-analytics.com
2 i.ytimg.com www.youtube.com
2 static.doubleclick.net www.youtube.com
2 api.ipify.org cdn-fsly.yottaa.net
2 cdn.static.amplience.net www.elfcosmetics.com
1 idr.cdnwidget.com
1 w2txo5aa3czxibhw67gugldhver75mjsb2msesyj87a166bb7d97eab7sac.d.aa.online-metrix.net
1 api.bounceexchange.com www.elfcosmetics.com
1 tags.rd.linksynergy.com
1 pd.cdnwidget.com analytics.tiktok.com
1 ids.cdnwidget.com analytics.tiktok.com
1 srm.ba.contentsquare.net analytics.tiktok.com
1 view.cdnbasket.net analytics.tiktok.com
1 page.cdnbasket.net analytics.tiktok.com
1 data.cdnbasket.net analytics.tiktok.com
1 tr6.snapchat.com sc-static.net
1 pixel.tapad.com sc-static.net
1 analytics.pangle-ads.com analytics.tiktok.com
1 www.facebook.com
1 external-api.jebbit.com js.jebbit.com
1 evt.undertone.com 9231397.fls.doubleclick.net
1 ads.undertone.com 1 redirects
1 www.googleadservices.com www.elfcosmetics.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 api.usehero.com cdn.usehero.com
1 analytics.google.com www.googletagmanager.com
1 alb.reddit.com
1 tag.wknd.ai www.elfcosmetics.com
1 cdn.usehero.com www.elfcosmetics.com
1 t.contentsquare.net www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 static.ordergroove.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 hb.yahoo.net 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 ib.adnxs.com 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 insight.adsrvr.org 1 redirects
1 pixel.pointmediatracker.com 1 redirects
1 js.cnnx.link www.googletagmanager.com
1 st.dynamicyield.com www.elfcosmetics.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 code.jquery.com www.elfcosmetics.com
1 www.cosmeticscriminals.ca 1 redirects
244 87
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-25 -
2024-10-25		 a year crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-20 -
2024-08-14		 a year crt.sh
*.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2023-09-13 -
2024-10-14		 a year crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA		 2023-08-15 -
2024-09-13		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2024-03-01 -
2024-12-31		 10 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M02		 2023-09-03 -
2024-10-01		 a year crt.sh
ipify.org
GTS CA 1P5		 2024-01-22 -
2024-04-21		 3 months crt.sh
*.iad-05.braze.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-07-27 -
2024-08-27		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
www.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2023-07-11 -
2024-08-07		 a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2023-08-04 -
2024-08-17		 a year crt.sh
tag.rmp.rakuten.com
GTS CA 1D4		 2024-01-31 -
2024-04-30		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
t.contentsquare.net
Amazon RSA 2048 M01		 2023-09-13 -
2024-10-11		 a year crt.sh
*.usehero.com
Amazon RSA 2048 M02		 2023-08-28 -
2024-09-24		 a year crt.sh
sc-static.net
Amazon RSA 2048 M03		 2023-12-21 -
2025-01-18		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-07 -
2024-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-12-14 -
2024-03-13		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-08 -
2024-07-06		 6 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02		 2024-01-21 -
2024-06-27		 5 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2023-03-14 -
2024-04-13		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M01		 2023-05-24 -
2024-06-21		 a year crt.sh
tag.wknd.ai
R3		 2024-01-19 -
2024-04-18		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-01-15 -
2024-07-13		 6 months crt.sh
api.usehero.com
Amazon RSA 2048 M03		 2024-01-06 -
2025-02-03		 a year crt.sh
*.snap.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-02-21 -
2025-02-20		 a year crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2024-01-23 -
2025-01-22		 a year crt.sh
dep.bf.contentsquare.net
Amazon RSA 2048 M03		 2024-02-18 -
2025-03-19		 a year crt.sh
*.pangle-ads.com
RapidSSL TLS ECC CA G1		 2023-08-10 -
2024-09-09		 a year crt.sh
assets.bounceexchange.com
GTS CA 1D4		 2024-01-19 -
2024-04-18		 3 months crt.sh
*.tapad.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-18 -
2024-09-17		 a year crt.sh
data.cdnbasket.net
GTS CA 1D4		 2024-01-10 -
2024-04-09		 3 months crt.sh
page.cdnbasket.net
GTS CA 1D4		 2024-01-13 -
2024-04-12		 3 months crt.sh
view.cdnbasket.net
GTS CA 1D4		 2024-01-18 -
2024-04-17		 3 months crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-11-07 -
2024-12-06		 a year crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M01		 2023-07-03 -
2024-07-31		 a year crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
ids.cdnwidget.com
R3		 2024-01-12 -
2024-04-11		 3 months crt.sh
pd.cdnwidget.com
R3		 2024-01-12 -
2024-04-11		 3 months crt.sh
*.wunderkind.co
R3		 2024-02-04 -
2024-05-04		 3 months crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2023-10-20 -
2024-10-21		 a year crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2023-10-20 -
2024-10-21		 a year crt.sh
idr.cdnwidget.com
R3		 2024-01-12 -
2024-04-11		 3 months crt.sh

This page contains 15 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Frame ID: 1008272B02E15EAAB87CB195BEE46554
Requests: 172 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: C1C24BDD048C063C80F4DE81B952C54D
Requests: 18 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 0BF1C5D53CE81001192B909BFA18D447
Requests: 18 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CK-45P_Q34QDFV44-QAdrzAPgw;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=1836160024.1709727962;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: CE4537265915C4391798D31CBF1F04F2
Requests: 2 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
Frame ID: 78F98C21994BBD17145DD0580E589BCE
Requests: 4 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 381BA780A721CB367BF6FBA94CF599FC
Requests: 3 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=ba597830-ed65-4137-9e8a-cafc7967c38e&u_sclid=06785f15-e1a3-44bc-b26c-4a08d93daa3e
Frame ID: 70D630FE63EA195DC9637B66792E07EA
Requests: 2 HTTP requests in this frame

Frame: https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709340082897%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
Frame ID: 2E4775D52E105A92A4C17BCEF98189BD
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 4C2F0AD145DDCA20B6D7DA9C61A3409B
Requests: 3 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 940C15639BC91455A8BB244C16D91EEE
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 00152E1DE1EB113DAFCC73907AC8BD9B
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/Wpv9pdXX57f13Lgw?146fc0dae2b40d74=I5P1v8zL-3NBTvpeGMkCQNqR6uwca56R0U7lh4Vg2ZONbrr3wf-1qIS0lJrhpLDMI4KdCIWxrsWVGImZRmysBbi4fajDWhbfm3eQ2XwYjV1F-pKpGybo_q1DEeNbTQAyA1CI6kiJgw75ME4phx3xobwM5LhOrd1wGEX9njQEP-uIHuSFctqVG3sZCs63jqtUCdSthasfb6G11dLrPixt-9ODOS8&jb=3d3b242662736577355d6b666e6f757b2e607167375d61666e6d777b2f323a393b24687968753d4b60726d656d2468736a3d496a7a656f6d2f3232393a38
Frame ID: 2CC5AF0AABA52DBF126FA043D1211CB8
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/f3zohd4iEtFMaeNj?d5d5dafbd43271a1=buJyyWvXTCNJ2u92MsAxF6shDahyxvYzOVpa0E3WOc35B7jt617u2g4Zk56b6bHfTq-jWz0PJnaTrr3LXrtczG9VvjStvMnghidZ44tU3_k3ewn-VyE5usO7B8nqizPRLPToySk6g0CP7mmhXUYP53Przc9dMc01CnacusH0BtEBeb1O_XTn43tZH79TWUWkh8B71NRoS_MXLgrQbraIv1FpzzVEqg
Frame ID: 16F322CD0C175BBE4CF90B0F334D9154
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/bIaIPBfH25RfSSYV?c53308a2b7473681=O5tYP7ZyowOpbVSjMlPy_oDQxfBOiQF0CmMjNqSo2aNQMs5j0Qk2TnisNmrchPS4qfiSxE77WjORu-N_BfYLfJCj_GGHp79soGwqjr3e9fAFFv-3iX4dijW4EgpP5-8VOZ9eztE06IVwWaXfTj1feIEvBMgiyHojP2emhfybhGei8dimbHIUo66b1RYJCqolGnnRTgNwhe6IBnXEeq81NS1po5NAC34
Frame ID: AA82136745B9B5AB15C49377AFD0AB43
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/eW4lRY3T4wdRC8Aj?de9fa18bfb83cad6=awLZ39Ib_HBR1EL3RbOoRWURYrxQODyjkRJXMS-f3vkkRD-4ndzNg2HDU35p8OTRT2vrXyFtJf0q6DDLzc95kGrKLVbVLPQ4jpqKst5tF0GXFoVa0Wk2i4lRx7OgWsUP-6UL8q1S12f2mWlE39gmyldqN1Oi1grEJImz_WWkmwAPqkvQGaOBTxLYSiJxJrcugKEocROox8IZKdObdpUe8F6abFVhE_Y
Frame ID: E5B712F3E53A45D8291BD832DA5A1FB2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cosmetic Criminals | e.l.f. CosmeticsBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://www.cosmeticscriminals.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

244
Requests

94 %
HTTPS

38 %
IPv6

58
Domains

87
Subdomains

72
IPs

3
Countries

12554 kB
Transfer

27476 kB
Size

90
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.cosmeticscriminals.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 16
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 38
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=n-SjQoLqlbLYPE_5Gq-r4m2vgoeWZleiH1kYdSk5sw8 HTTP 303
  • https://www.elfcosmetics.com/callback?usid=7a70afbc-d258-4c09-9cf3-ba89ef907bf2&code=TDCX8kj-rG4qUPA80tRRv3Uk70GwxDhV5HthuVIEKUM
Request Chain 44
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 51
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 63
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=441650068.1709727962&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896608294za220&auid=1836160024.1709727962 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=441650068.1709727962&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896608294za220&auid=1836160024.1709727962
Request Chain 97
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c1ff773f-e10d-40c3-923a-cb1e350424f3&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=433773972 HTTP 302
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=efb0a98a-bb44-4894-a72c-7c7338d0ad62.&ord=2435799393838929734 HTTP 303
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=efb0a98a-bb44-4894-a72c-7c7338d0ad62.&ord=2435799393838929734&_bee_ppp=1
Request Chain 98
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Request Chain 99
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ZTg3OWU2YjgtMzUwNC00NzIwLWI4NjUtY2Q3Njg4YTBjNGQx&gdpr=0&gdpr_consent=&ttd_tdid=e879e6b8-3504-4720-b865-cd7688a0c4d1 HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=e879e6b8-3504-4720-b865-cd7688a0c4d1&google_gid=CAESECF5XKFzdMm51aLqV46Fh-E&google_cver=1 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=e879e6b8-3504-4720-b865-cd7688a0c4d1 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3240097284315772840&ttd_tdid=e879e6b8-3504-4720-b865-cd7688a0c4d1 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=e879e6b8-3504-4720-b865-cd7688a0c4d1&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://hb.yahoo.net/cksync.php?cs=3&type=55953&gdpr=%24%7bGDPR%7d&gdpr_consent=%24%7bGDPR_CONSENT%7d&gpp=%24%7bGPP_STRING%7d&gpp_sid=%24%7bGPP_SID%7d&ovsid=rightmedia&redirect=https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fgeneric%3fttd_pid%3drightmedia&ttd_tdid=e879e6b8-3504-4720-b865-cd7688a0c4d1 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=e879e6b8-3504-4720-b865-cd7688a0c4d1&expiration=1712319964&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=e879e6b8-3504-4720-b865-cd7688a0c4d1&expiration=1712319964&gdpr=0&gdpr_consent=&C=1
Request Chain 143
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=1836160024.1709727962;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CK-45P_Q34QDFV44-QAdrzAPgw;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=1836160024.1709727962;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 148
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 160
  • https://ads.undertone.com/t?trackerid=7729&cb=513243251 HTTP 307
  • https://evt.undertone.com/t?trackerid=7729&cb=513243251
Request Chain 178
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=2081892112&cv=11&fst=1709727963964&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=1836160024.1709727962&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbjm7Y-De4I8WA9pKsANjyN6mPOohvVe7iQ&pscrd=Ek5DaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVlBUlBGRFNqUHlsTmtpcGI1NkFQUHhwQ2U3bHFJekFfQTdra3FEV1o4blBYTno5elpQQmcaWENoQUlnTVdncndZUWxabWM0dlRpZ0l3dkVpNEFkNVJWZjlEdHdlSzJHZExsNThVWVo2WUVSN2padHZ3V0JVaWV0eWx5ZmpkMmlITF9DOG1idG1YMXZidmciEwirmvz_0N-EAxUq8ygFHSpRC3IyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=2081892112&cv=11&fst=1709727963964&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=1836160024.1709727962&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=Ek5DaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVlBUlBGRFNqUHlsTmtpcGI1NkFQUHhwQ2U3bHFJekFfQTdra3FEV1o4blBYTno5elpQQmcaWENoQUlnTVdncndZUWxabWM0dlRpZ0l3dkVpNEFkNVJWZjlEdHdlSzJHZExsNThVWVo2WUVSN2padHZ3V0JVaWV0eWx5ZmpkMmlITF9DOG1idG1YMXZidmciEwirmvz_0N-EAxUq8ygFHSpRC3IyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSKQB7FLtq0pCZ03y5oKPhy6F83E6URCZ5CwmNyJzzpzBE0HOOxpjeqw2c&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbq-24Fv8mQn2qmcTezB7O4LoztaQmj_R3Q&random=1524479141
Request Chain 188
  • https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1709727965226&u_scsid=a11efccc-0ead-4bf0-a8e3-df8b0381b3da&u_sclid=0ea30d1c-36d2-4158-aee7-9bc1794005f5 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709340082897%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
Request Chain 215
  • https://idsync.rlcdn.com/458359.gif?partner_uid=f2f66593-e669-4af8-8ac0-46e0c89127f3 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGYyZjY2NTkzLWU2NjktNGFmOC04YWMwLTQ2ZTBjODkxMjdmMxAAGg0I3sGhrwYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=00d1c266ad81fcce29dfbd15f23b9ea67fc8351061f34791d0fecc794c1a11046ac34734d8e453ee

244 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.com/en_CA/
Redirect Chain
  • https://www.cosmeticscriminals.ca/
  • https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
857 KB
225 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
36f65b054381315fbc6b850d4b5c1913e8f8312ba6273d1e747b500268ff667b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
0
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
229612
content-type
text/html; charset=utf-8
date
Wed, 06 Mar 2024 12:25:59 GMT
etag
W/"b9190-uK25h3hmeugLpS84meIH18+4P5I"
vary
Accept-Encoding
via
1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront)
x-amz-apigw-id
UNQRcFqPiYcEkJA=
x-amz-cf-id
CYOeQw9alGoGYMH0QAQc4x_spnT-YLmRROUyTU6KhwRO5pyox4ChxA==
x-amz-cf-pop
DFW57-P1
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
758160
x-amzn-remapped-date
Wed, 06 Mar 2024 12:25:58 GMT
x-amzn-requestid
1a22fa14-5923-45a1-b448-613edb732df5
x-amzn-trace-id
Root=1-65e860d5-19dfc53c7668903e585910e3;Parent=38b1cf97d4865133;Sampled=0;lineage=2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
3221a5fec615/[1324,1195,-] 32D1a5fec678/[-,1443.135]
x-yottaa-optimizations
ob/1000000100001000 si/32D1a5fec678-1709722851-5324338091 tts/1707668314613 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1197
content-type
text/html; charset=utf-8
date
Wed, 06 Mar 2024 12:25:57 GMT
location
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658f1e0dd931403bb4ae40ff rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
23D1cc8d5972/[-,0.431]
x-yottaa-optimizations
ob/0 si/23D1cc8d5972-1709722851-6242678957 tts/1709727957236 ti/0 ai/658f1e0dd931403bb4ae40ff
init.js
www.elfcosmetics.com/XT4Gy2ig/ 		167 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1c3a587051d3dc4dbd66b6532fdf326a3a2172ebbbac82d1eb9e1d04748ae357

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:59 GMT
content-encoding
gzip
active-cdn
Akamai
x-yottaa-optimizations
ob/0 si/32D1a5fec678-1709722851-5324338098 tts/1709727959393 ti/0 ai/5a0c9b7632f01c35d42101b2
vary
Accept-Encoding
etag
"29c61-JvL+6bC9wo4F6lFONgsi9G/bO1I"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-yottaa-metrics
32D1a5fec678/[-,48.262]
x-px-hash
MzExZmMwM2QzN2VkMzgxMjEyMjEwOTI1YmRmYjZkM2JlMGMzYTY1NGRiNDc0NDAwYmY5MzhjYmIxZWIwMmY4OQ==
access-control-allow-headers
x-px-cookies
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/en_CA/ 		0
0
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:d::170c:93a7 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:59 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
415ug_fp0,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-req-id
tqkfx4544N
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
server
Unknown
x-frame-options
DENY
x-amp-source-width
3199
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
205 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:d::170c:93a7 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:59 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
XROlcgt46,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-req-id
XDzmGTIDW-
content-length
209440
x-xss-protection
1; mode=block
x-amp-source-height
340
server
Unknown
x-frame-options
DENY
x-amp-source-width
800
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
bxGKZ6lfJ7A
www.youtube.com/embed/ Frame C1C2 		91 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fbc980b1672df1e8cd84b4f5ede5013928c76df182c849c63e984d9496371885
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 12:25:59 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
rZPCKoUReO0
www.youtube.com/embed/ Frame 0BF1 		92 KB
39 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7661e600b7275d95775b7fd96925829aec2b223b504f49cdb6b9d59a75ef2de2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 12:25:59 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:d::170c:93a7 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:59 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
pFa_T_RlD,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-req-id
IZp1kLTThM
content-length
2085695
x-xss-protection
1; mode=block
x-amp-source-height
1484
server
Unknown
x-frame-options
DENY
x-amp-source-width
3080
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:d::170c:93a7 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:59 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
YOdGtw2Ga,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-req-id
OIDf0f3nK2
content-length
338113
x-xss-protection
1; mode=block
x-amp-source-height
1062
server
Unknown
x-frame-options
DENY
x-amp-source-width
2806
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:d::170c:93a7 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:00 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
0-m5CTtx2,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-req-id
g1yELGrOfD
content-length
184181
x-xss-protection
1; mode=block
x-amp-source-height
1108
server
Unknown
x-frame-options
DENY
x-amp-source-width
1952
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:d::170c:93a7 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:59 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
TGGuiYewC,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-req-id
y_gmEqakn4
content-length
628288
x-xss-protection
1; mode=block
x-amp-source-height
525
server
Unknown
x-frame-options
DENY
x-amp-source-width
3200
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:59 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
1143832
x-cache
HIT, HIT
content-length
24036
x-served-by
cache-lga21942-LGA, cache-mia-kmia1760081-MIA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1709727960.865610,VS0,VE0
etag
W/"28feccc0-11278"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
2835, 23
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a57c870a576b433cd110ddb6a6f86ce922e7ed0758c1da9e7e3190ff42c45fa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:59 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Wed, 06 Mar 2024 12:25:59 GMT
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
x-amz-version-id
null
cf-cache-status
HIT
x-amz-request-id
ZXHVQJNGNV2C2YQP
age
666259
Content-Range
bytes 0-1060947/1060948
Content-Length
1060948
x-amz-id-2
KLN8LpMiS0ymWK4bcfcYQl1CMUVtrKjjxuxjNbSxQ47ThhTzg8vEgfQTP3jffQWK7t/lME20OFM=
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
server
cloudflare
etag
"dd3676819bd88a250c875a11e38c307d"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
860254ed3dd76d9e-MIA

Redirect headers

date
Wed, 06 Mar 2024 12:25:59 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
q0RIzSua3,l4p5bDg2e,bgWw7nQ29
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
x-amz-version-id
null
cf-cache-status
HIT
x-amz-request-id
KKFRTNP4TCEK7Y9F
age
644604
Content-Range
bytes 0-1262366/1262367
Content-Length
1262367
x-amz-id-2
5U6Zd+J+Ky6N6OD5HdyeXddj+u5/EPSutZcWvTQOZVdrMa7V/f4q5L3ahdKOnSUBD7K3tEuuNWE=
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
server
cloudflare
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
860254ed4de16d9e-MIA

Redirect headers

date
Wed, 06 Mar 2024 12:25:59 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
rT1xWfLBp,l4p5bDg2e,fH6Lo3_5e
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/ 		2 MB
620 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
65a3f669b13f6b35a9e6bd0788784a1bb3b82ead49598684dcfaeda3b15d78bc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
GCxlc3W3kSRnRexacgU45VQk0Ac59RAy
via
1.1 41e3e9b71ac696c1f057fb711a33338e.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Wed, 06 Mar 2024 12:25:59 GMT
x-amz-cf-pop
ORD52-C3
age
1056334
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/2611cc8d5869-1708617472-1998835649 tts/1707668314613 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
679720
content-length
634417
x-amz-meta-bundle
10720
x-served-by
cache-mia-kmia1760087-MIA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1709727960.557664,VS0,VE2
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2621cc0283f0/[100,25,-] 2611cc8d5869/[-,456.568]
accept-ranges
bytes
x-amz-cf-id
z7I9hcDJzQDaG0t7ie_udBHLT5cxTYektsTHeY7ome4tEtkvooq9YA==
x-cache-hits
1
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/ 		2 MB
471 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/main.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3647c672a453341430a3684a219414cb50fad3fc9c008e00bb22eb1427fafd00

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
bJh1tZ9Tbxypc6uWFa8c9IlwFeGF3NTE
via
1.1 80d115dafe1d45606330f418d944b1ec.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Wed, 06 Mar 2024 12:25:59 GMT
x-amz-cf-pop
PHL50-C1
age
536662
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/23114047a14b-1706807745-730893209 tts/1707668314613 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
679720
content-length
481410
x-amz-meta-bundle
10720
x-served-by
cache-mia-kmia1760087-MIA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1709727960.557846,VS0,VE1
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
23214047a188/[86,28,-] 23114047a14b/[-,325.812]
accept-ranges
bytes
x-amz-cf-id
Cqk1kfTdLsmQPvOUgtXtWKEZhj6mcSbwSXYBSkOEcNowZqKFxKzi_w==
x-cache-hits
1
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/ 		41 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
24ac4da29c53564ae8c82180e85921818ad3fef0311e627f08b6edddf79a3b34

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
bRrLawQugpt6mdynDUxbdmXMYQ6k6XCW
via
1.1 bd414f5f75d6893558dff609c5ff1fe6.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Wed, 06 Mar 2024 12:25:59 GMT
x-amz-cf-pop
SFO53-C1
age
614570
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/2511cc02853d-1706727921-2136347646 tts/1707668314613 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
679720
content-length
11524
x-amz-meta-bundle
10720
x-served-by
cache-mia-kmia1760087-MIA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1709727960.557806,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2521cc02850e/[16,5,-] 2511cc02853d/[-,19.586]
accept-ranges
bytes
x-amz-cf-id
O_ZvGmMTkDHKNGAc2QQ1EOMBQn5PZ3XhS4BHttPdJbBdgZ43eOCrWg==
x-cache-hits
3
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		540 B
787 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
a120256213a1ee47b7ea75ad2b0565bbd0b77ebfa0a9dc26612bc304b74e55c0

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 12:25:59 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
540
www-player.css
www.youtube.com/s/player/f07d053d/ Frame 0BF1 		368 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af7106cddc57cb9c88803c862459e1b11041ad970cc9719c092a328352f53252
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
41
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47774
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 12:25:19 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0BF1 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:35:25 GMT
x-content-type-options
nosniff
age
13835
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 08:35:25 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0BF1 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:59:46 GMT
x-content-type-options
nosniff
age
12374
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 08:59:46 GMT
embed.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame 0BF1 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
694cf59c4851392846a4f01d91cb087daff67535111e104158264a0f53ba6bdf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 11:36:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
2984
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16771
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 11:36:16 GMT
www-embed-player.js
www.youtube.com/s/player/f07d053d/www-embed-player.vflset/ Frame 0BF1 		319 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08d023c583036b4414546ec093ffc7335a1e18cbf4f3b1422027217ae9a8dc78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:24:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
116
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97331
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 12:24:04 GMT
base.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame 0BF1 		2 MB
778 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8db85ac8c01a74779a703eca257950a05237337f40b1c21d5e65b1f67a18ff9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:19:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
413
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
796183
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 12:19:07 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d85e4dcb52ce714c7136eb95a32765325205a4aabdb51932bd9024c400be665d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
/RTAD1TAPuPWblD15GN1pg==
age
71361
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6842
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 21:04:55 GMT
server
cloudflare
etag
0x8DC3C8EBE4D93D8
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d00ecef6-601e-004b-47aa-6ec5d0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860254ed3f6331e0-MIA
gtm.js
www.googletagmanager.com/ 		452 KB
127 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
08e0ef4f857424e23e46aa727929a7e1863d3fa10a527d67bf065677a5a4abfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
129557
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 12:26:01 GMT
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		442 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26a0:8000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
0fa295c05c5e6929d1ec1c79bafad9472084569d81bdd2c5bf5798edf5060d9f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:25:43 GMT
content-encoding
gzip
via
1.1 d64e73a7e708de06492b99c7e55873b6.cloudfront.net (CloudFront)
last-modified
Wed, 28 Feb 2024 20:56:51 GMT
server
DYCDN
age
19
x-amz-cf-pop
YUL62-P2
x-amz-server-side-encryption
AES256
etag
W/"139a03dbd8b331a6c332a80d4b888537"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
7D1QDggTnqXsPs99xxEJcmA84-mz-r0n37h5dn6nYU3fbEoHKv4GKA==
api_static.js
cdn.dynamicyield.com/api/8772046/ 		390 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26a0:8000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
8b4baed685e61c19084227c70d48e2795b3df77fa784767ad956f35ac73fa358

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 16:21:33 GMT
content-encoding
gzip
via
1.1 d64e73a7e708de06492b99c7e55873b6.cloudfront.net (CloudFront)
last-modified
Sun, 25 Feb 2024 08:04:47 GMT
server
DYCDN
age
72269
x-amz-cf-pop
YUL62-P2
x-amz-server-side-encryption
AES256
etag
W/"b84779386dcc68d57f955d451d7dfc78"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
SPNZX_wsbAWTiqqdXBEEIMDS9Jrn3riMiNd2007osUj3WdyNn_F9sA==
/
api.ipify.org/ 		22 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2323918c968f88f7824d1391806958de07015a04ff7771b6999119924136b2ff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
860254ed4b0621d3-MIA
content-length
22
/
api.ipify.org/ 		22 B
98 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2323918c968f88f7824d1391806958de07015a04ff7771b6999119924136b2ff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
860254ed4b0a21d3-MIA
content-length
22
www-player.css
www.youtube.com/s/player/f07d053d/ Frame C1C2 		368 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af7106cddc57cb9c88803c862459e1b11041ad970cc9719c092a328352f53252
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:17:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
504
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47774
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 12:17:37 GMT
embed.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame C1C2 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
694cf59c4851392846a4f01d91cb087daff67535111e104158264a0f53ba6bdf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 11:36:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
2985
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16771
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 11:36:16 GMT
www-embed-player.js
www.youtube.com/s/player/f07d053d/www-embed-player.vflset/ Frame C1C2 		319 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08d023c583036b4414546ec093ffc7335a1e18cbf4f3b1422027217ae9a8dc78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:24:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
117
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97331
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 12:24:04 GMT
base.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame C1C2 		2 MB
778 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8db85ac8c01a74779a703eca257950a05237337f40b1c21d5e65b1f67a18ff9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:19:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
414
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
796183
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 12:19:07 GMT
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Wed, 06 Mar 2024 12:26:01 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-mia-kmia1760074-MIA
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=7a70afbc-d258-4c09-9cf3-ba89ef907bf2&code=TDCX8kj-rG4qUPA80tRRv3Uk70GwxDhV5HthuVIEKUM
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=7a70afbc-d258-4c09-9cf3-ba89ef907bf2&code=TDCX8kj-rG4qUPA80tRRv3Uk70GwxDhV5HthuVIEKUM
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
via
1.1 e9bcf307d6ed54e3e501e39bc538dcfc.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
DFW57-P1
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
b69ea0e8-5e58-46a3-9804-33127cd06bba
x-yottaa-optimizations
ob/1000 si/32D1a5fec678-1709722851-5324338102 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
UNQSCGbeCYcEZSg=
content-length
0
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-65e860d9-56e4aa6e7278aebd05157f76;Parent=15610299bc82cfe9;Sampled=0;lineage=2b75b0e9:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
3221a5fec6f1/[202,196,-] 32D1a5fec678/[-,205.669]
x-amzn-remapped-date
Wed, 06 Mar 2024 12:26:01 GMT
x-amz-cf-id
VcEhTy3Yp622f-_h5l4pF8Ee1gSSq4kIFSwmJVabWw4xTjbcX1Q8zw==

Redirect headers

date
Wed, 06 Mar 2024 12:26:01 GMT
x-correlation-id
860254ee6b8c10ab
via
1.1 a78d8f4a6ccd81221651cd6112d5330a.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/0 si/32D1a5fec678-1709722851-5324338101 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
23975, 1999018
x-ratelimit-1m-reset
58621, 58620
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.com/callback?usid=7a70afbc-d258-4c09-9cf3-ba89ef907bf2&code=TDCX8kj-rG4qUPA80tRRv3Uk70GwxDhV5HthuVIEKUM
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=n-SjQoLqlbLYPE_5Gq-r4m2vgoeWZleiH1kYdSk5sw8
x-yottaa-metrics
3221a5fec6f0/[119,116,-] 32D1a5fec678/[-,123.055]
cf-ray
860254ee6b8c10ab-ORD
x-amz-cf-id
4QoiZWThw9kr-42NNY78CX3BCee_o4YGel-ZtDYs0do3xj7uvmOj4g==
/
sdk.iad-05.braze.com/api/v3/data/ 		323 B
455 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2f3f08989d311e2a5e808fb023778e1f3735cfc0e28f345a4f5194b8b40eb1f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/json
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
d9ecc1a8-afeb-4f7e-8463-5cd3c10b898c
x-served-by
cache-mia-kmia1760074-MIA
x-runtime
0.060606
etag
W/"2f3f08989d311e2a5e808fb023778e1f"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C1C2 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:35:25 GMT
x-content-type-options
nosniff
age
13836
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 08:35:25 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C1C2 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:59:46 GMT
x-content-type-options
nosniff
age
12375
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 08:59:46 GMT
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
56423
content-md5
4swZDWVp4C0QChiGUbrcTg==
content-length
1746
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:04 GMT
server
cloudflare
etag
0x8DBE5260423F079
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
47594d34-001e-002f-61c0-213448000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860254ee0b048759-MIA
expires
Thu, 07 Mar 2024 12:26:01 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		68 B
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71cfd0bf781e3f393bca283fc9d44777a2036985a4ffe9abedf14909e63a8aef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
860254ef28566da3-MIA
access-control-allow-headers
Content-Type
id
googleads.g.doubleclick.net/pagead/ Frame 0BF1
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H3
Server
2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
30fd0bef7a4ee8f974988a3cf7b7ad4ee394964ff05ef2fe3b1e25bbd067aab1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 06 Mar 2024 12:26:01 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 0BF1 		29 B
494 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::95 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:14:09 GMT
x-content-type-options
nosniff
age
712
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 06 Mar 2024 12:29:09 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Wed, 06 Mar 2024 12:26:01 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0BF1 		87 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5ca9c43a4648cd983b6581a2086f37c4387342eee835193f9407521be147e000
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40723
x-xss-protection
0
remote.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame 0BF1 		117 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a922d69396a01553b649bb1dbe6984deff25f41f484417f801da5d04efe0bc8f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 11:28:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
3434
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33827
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 11:28:47 GMT
6mt_jkCC8QEMfVv4UaXe0WVRezbgElH9_VSMBGBwk28.js
www.google.com/js/th/ Frame 0BF1 		51 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/6mt_jkCC8QEMfVv4UaXe0WVRezbgElH9_VSMBGBwk28.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::69 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea6b7f8e4082f1010c7d5bf851a5ded165517b36e01251fdfd548c046070936f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:48:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
13074
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19990
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 17:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 06 Mar 2025 08:48:07 GMT
default.jpg
i.ytimg.com/vi/rZPCKoUReO0/ Frame 0BF1 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/rZPCKoUReO0/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARhyIFYoPTAP&rs=AOn4CLCM5ONTEJwdjxOrSlWBNC86VGolng
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::77 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2380
x-xss-protection
0
server
sffe
etag
"1703117772"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 06 Mar 2024 14:26:01 GMT
id
googleads.g.doubleclick.net/pagead/ Frame C1C2
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Server
2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
40280b407fc4b8ebdaf816540ce9689f522491338bd48f3291332e77128222b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 06 Mar 2024 12:26:01 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame C1C2 		29 B
89 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::95 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:14:09 GMT
x-content-type-options
nosniff
age
712
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 06 Mar 2024 12:29:09 GMT
st
st.dynamicyield.com/ 		115 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=54q60rgoz2n5cgwlgdd3hgewxgh9i41l&ref=&scriptVersion=2.29.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2508:fa00:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
500dc635c1293fda428e18c2ad316b247a2002cd29df71d49cd39c6eb9020a1d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
via
1.1 25d9b5959eaa82bb18ee3f35e6bf34b4.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD12-P1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-cache
x-amz-cf-id
CXTq76jl7T8uj2tB2Ud_EagcL52U-4VjmLu-A3k_9ZTsulz3rh6f-g==
expires
Wed, 06 Mar 2024 12:26:01 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 06 Mar 2024 11:01:33 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
5069
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 06 Mar 2024 13:01:33 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202306.1.0/ 		404 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XJk1ZZTljtwHFT3qcIJg+w==
age
56513
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99599
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:36 GMT
server
cloudflare
etag
0x8DB82A15D413626
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
80bad15d-801e-006c-2fda-12d214000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860254f28ff331e0-MIA
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
eeabf00a73c18478ea0facefffc501e97b284f952842259e530134e06b5a00ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-correlation-id
860254f338736348
cf-cache-status
DYNAMIC
via
1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec678-1709722851-5324338104 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
x-ratelimit-1m-remaining
23965, 1998424
x-ratelimit-1m-reset
57852, 57852
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
3221a5fec6f2/[123,119,-] 32D1a5fec678/[-,126.089]
cf-ray
860254f338736348-ORD
x-amz-cf-id
VEbiW-h6OZVRrBUH4wLJxy7xF-nFCZPwe0cLAwdIBa99ddNCqXLyVg==
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Wed, 06 Mar 2024 12:26:02 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame C1C2 		87 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2c731639a8cd6d684aafb593e9a6f89e06ef09291f460186da9856e29975a75e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41032
x-xss-protection
0
remote.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame C1C2 		117 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a922d69396a01553b649bb1dbe6984deff25f41f484417f801da5d04efe0bc8f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 11:28:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
3435
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33827
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 11:28:47 GMT
6mt_jkCC8QEMfVv4UaXe0WVRezbgElH9_VSMBGBwk28.js
www.google.com/js/th/ Frame C1C2 		51 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/6mt_jkCC8QEMfVv4UaXe0WVRezbgElH9_VSMBGBwk28.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::69 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea6b7f8e4082f1010c7d5bf851a5ded165517b36e01251fdfd548c046070936f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:48:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
13075
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19990
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 17:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 06 Mar 2025 08:48:07 GMT
default.jpg
i.ytimg.com/vi/bxGKZ6lfJ7A/ Frame C1C2 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/bxGKZ6lfJ7A/default.jpg
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::77 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2965
x-xss-protection
0
server
sffe
etag
"1703142370"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 06 Mar 2024 14:26:02 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		600 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
31388933343ea4990be418d28fd3abf8afca93044e5fbbf9e38d7d9c4528b13b

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 12:26:01 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
landing
googleads.g.doubleclick.net/pagead/
Redirect Chain
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=441650068.1709727962&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896...
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=441650068.1709727962&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n...
42 B
65 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=441650068.1709727962&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896608294za220&auid=1836160024.1709727962
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Server
2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:02 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:02 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=441650068.1709727962&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896608294za220&auid=1836160024.1709727962
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4f29dd7336843d1a736b95dcf5357ba5bc73d10e52e3f040ef240e4ca7ff9821
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
c8a4809d-c8c1-4cc4-8c48-dd7b5679c0cb
x-served-by
cache-mia-kmia1760074-MIA
x-runtime
0.894865
etag
W/"4f29dd7336843d1a736b95dcf5357ba5"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Wed, 06 Mar 2024 12:26:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-mia-kmia1760074-MIA
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Wed, 06 Mar 2024 12:26:02 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0BF1 		90 B
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
947a80c977c6791c81353f2cad728d28481cde9dd33af8627b18e90cd8e485cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
collect
www.google-analytics.com/j/ 		4 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1778451989&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dp=%2Fen_CA%2Felf-cosmetic-criminals&ul=en-us&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=1600521681&gjid=781434424&cid=819814714.1709727962&tid=UA-432816-1&_gid=1349105240.1709727962&_r=1&_slc=1&gtm=45He4340n81WL3STMXv896608294za220&gcs=G111&gcd=13t3t3t3t5&dma=0&z=2024754714
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:02 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 0BF1 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 06 Mar 2024 12:26:02 GMT
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Wed, 06 Mar 2024 12:26:02 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame C1C2 		90 B
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
124a3ee06478067be34941371ffcaf573821fde420182686dccc82a488fdd33e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
generate_204
www.youtube.com/ Frame 0BF1 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?ZYHXlw
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
collect
stats.g.doubleclick.net/j/ 		2 B
350 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=819814714.1709727962&jid=1600521681&gjid=781434424&_gid=1349105240.1709727962&_u=YEBAAEAAAAAAACgAI~&z=782256318
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 06 Mar 2024 12:26:02 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame C1C2 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 06 Mar 2024 12:26:02 GMT
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/ 		202 KB
36 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
61928
content-md5
A+auRPWlNU8wck+viG1D2g==
content-length
36970
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:15 GMT
server
cloudflare
etag
0x8DBE5260AC67F7E
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
78ed10fb-e01e-006a-5cc0-21e1ab000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860254f4dc878759-MIA
expires
Thu, 07 Mar 2024 12:26:02 GMT
generate_204
www.youtube.com/ Frame C1C2 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?40c6yQ
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjdhNzBhZmJjLWQyNTgtNGMwOS05Y2YzLWJhODllZjkwN2JmMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3Mjc5MzIsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJobDBkMWtmZUt3S2tSeGNnWm1iWVl3WGEzOjpjaGlkOiAiLCJleHAiOjE3MDk3Mjk3NjIsImlhdCI6MTcwOTcyNzk2MiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA1NTM5MTQ4OTI0Mzk3MSJ9.w7VqVDRoRmzt3bJVlsTupAHzQFoNHDb8Qn9NyTx5eMZ7hE0nqvmv5p5VIN6gORJGS1hnwr28lNLH7K3-YT63Ng
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
via
1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/0 si/32D1a5fec678-1709722851-5324338105 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3221a5fec6f3/[122,120,-] 32D1a5fec678/[-,126.128]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
860254f59c9922c7-ORD
x-dw-request-base-id
79IOfdpg6GUBAAB_
x-amz-cf-id
9y50I6vQrdHLjbHA_zeeVZuZ7XFV9CX1ipJFeCeUaYTXhUbXEyjIww==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.com/api/v1/ 		135 B
817 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjdhNzBhZmJjLWQyNTgtNGMwOS05Y2YzLWJhODllZjkwN2JmMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3Mjc5MzIsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJobDBkMWtmZUt3S2tSeGNnWm1iWVl3WGEzOjpjaGlkOiAiLCJleHAiOjE3MDk3Mjk3NjIsImlhdCI6MTcwOTcyNzk2MiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA1NTM5MTQ4OTI0Mzk3MSJ9.w7VqVDRoRmzt3bJVlsTupAHzQFoNHDb8Qn9NyTx5eMZ7hE0nqvmv5p5VIN6gORJGS1hnwr28lNLH7K3-YT63Ng
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 b3ac893abff0a2c3dda216fe4cd9157a.cloudfront.net (CloudFront)
content-encoding
gzip
x-amzn-remapped-content-length
135
x-amz-cf-pop
DFW57-P1
age
0
x-amzn-remapped-connection
close
x-yottaa-optimizations
ob/1000 si/32D1a5fec678-1709722851-5324338106 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-amzn-requestid
e8797974-1b54-4293-982f-37bbeda0fe08
x-cache
Miss from cloudfront
x-amz-apigw-id
UNQSMEBYiYcEolg=
content-length
119
etag
W/"87-WFt3zDSdrvttkMP6rAK367Qj/Rw"
x-amzn-trace-id
Root=1-65e860da-0c8686d405758bae7bb0ca9c;Parent=20b5ada2f8bac5a5;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
3221a5fec6f4/[946,943,-] 32D1a5fec678/[-,949.490]
x-amzn-remapped-date
Wed, 06 Mar 2024 12:26:03 GMT
x-amz-cf-id
OifxGZ-8RE1JXC3PUVOGn7wkos900IPNtIdkqzujSq62GwRPwZuD1Q==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		196 B
867 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=38.132.118.77
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b0ae6ca3caa68945caf45f000efe5b8a052d45d9438cd4ca92221abe5c05e707
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 60b2b330807c6611e06e3923c8e315cc.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec678-1709722851-5324338107 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=38.132.118.77
x-yottaa-metrics
3221a5fec6f7/[271,268,-] 32D1a5fec678/[-,273.356]
cf-ray
860254f6b8a41107-ORD
x-dw-request-base-id
orszBtpg6GUBAAB_
x-amz-cf-id
GxWdjiC7Q4RxjobG69PqXhM6-y6Heo6rTh-KgFCF_2taGaTUIpH1Gg==
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bhl0d1kfeKwKkRxcgZmbYYwXa3/ 		11 B
836 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bhl0d1kfeKwKkRxcgZmbYYwXa3/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjdhNzBhZmJjLWQyNTgtNGMwOS05Y2YzLWJhODllZjkwN2JmMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3Mjc5MzIsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJobDBkMWtmZUt3S2tSeGNnWm1iWVl3WGEzOjpjaGlkOiAiLCJleHAiOjE3MDk3Mjk3NjIsImlhdCI6MTcwOTcyNzk2MiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA1NTM5MTQ4OTI0Mzk3MSJ9.w7VqVDRoRmzt3bJVlsTupAHzQFoNHDb8Qn9NyTx5eMZ7hE0nqvmv5p5VIN6gORJGS1hnwr28lNLH7K3-YT63Ng
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:02 GMT
x-correlation-id
860254f6e9e12309
dnt
0
cf-cache-status
DYNAMIC
via
1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec678-1709722851-5324338108 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-cache
Miss from cloudfront
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
sfdc_load
1
cache-control
max-age=0,no-cache,no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bhl0d1kfeKwKkRxcgZmbYYwXa3/baskets?siteId=elf-us
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
860254f6e9e12309-ORD
x-amz-cf-id
tBU8YD0lgvqFHN-V4Xwcqv9lGFq4By9VFfyVS7uxXXgLIxS0SGxM8Q==
x-yottaa-metrics
3221a5fec6f6/[182,178,-] 32D1a5fec678/[-,185.549]
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.29.0/ 		196 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26a0:8000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
041fae481014a4280437ee1e028f934eadd7590e31f4050c18a57dc4ea7360b3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 09:35:44 GMT
content-encoding
gzip
via
1.1 d64e73a7e708de06492b99c7e55873b6.cloudfront.net (CloudFront)
last-modified
Sun, 18 Feb 2024 18:45:55 GMT
server
DYCDN
age
1306219
x-amz-cf-pop
YUL62-P2
etag
W/"58c235d2bc97e4a30737cb5de9a6eedb"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
UghjTEgM7CVa2X76y0HqPbkLM2c7seJM0mYxnktVuZaJ8zNVfYVaRA==
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
222 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aa5f9e1398b22c547a13083b110ab68b736cc8e871e984b9d1dc0715d3aa396c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
5f6cc8f1-983e-472d-9de0-6f2ae9c09be7
x-served-by
cache-mia-kmia1760074-MIA
x-runtime
0.158110
etag
W/"aa5f9e1398b22c547a13083b110ab68b"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=819814714.1709727962&jid=1600521681&_u=YEBAAEAAAAAAACgAI~&z=1528386998
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c07::69 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:02 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cast_sender.js
www.gstatic.com/eureka/clank/122/ Frame 0BF1 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/122/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 16:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
70205
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14711
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 16:03:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Wed, 06 Mar 2024 16:55:57 GMT
cast_sender.js
www.gstatic.com/eureka/clank/122/ Frame C1C2 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/122/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 16:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
70205
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14711
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 16:03:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Wed, 06 Mar 2024 16:55:57 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5mNZducabMgxSDzBo+ZI8w==
age
61949
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:30 GMT
server
cloudflare
etag
0x8DB82A159AF8EA6
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860254f7c9228759-MIA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 		61 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sXFDxCJwbPEMIT/8f5Prwg==
age
26504
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12544
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:33 GMT
server
cloudflare
etag
0x8DB82A15AFF8646
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
99943331-001e-00a9-52a5-21f8f1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860254f7c9238759-MIA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
66960
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
b54dfe3f-901e-004f-6264-2348d7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
860254f7c9248759-MIA
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Wed, 06 Mar 2024 12:26:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-mia-kmia1760074-MIA
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
d9fa73b25477095c86a1e8df662d123967340a20cd6ef001a7e28e18b544c9c3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjdhNzBhZmJjLWQyNTgtNGMwOS05Y2YzLWJhODllZjkwN2JmMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3Mjc5MzIsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJobDBkMWtmZUt3S2tSeGNnWm1iWVl3WGEzOjpjaGlkOiAiLCJleHAiOjE3MDk3Mjk3NjIsImlhdCI6MTcwOTcyNzk2MiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA1NTM5MTQ4OTI0Mzk3MSJ9.w7VqVDRoRmzt3bJVlsTupAHzQFoNHDb8Qn9NyTx5eMZ7hE0nqvmv5p5VIN6gORJGS1hnwr28lNLH7K3-YT63Ng
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec678-1709722851-5324338109 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
content-length
1097
pragma
no-cache
etag
4d51d32a2026ea22437814bb1591d36ee39f94f36c6de58651a05dbc853b04af
allow
OPTIONS,POST
content-type
application/json;charset=UTF-8
x-dw-resource-state
4d51d32a2026ea22437814bb1591d36ee39f94f36c6de58651a05dbc853b04af
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3221a5fec6f8/[245,243,-] 32D1a5fec678/[-,248.399]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
860254f88abf1058-ORD
x-dw-request-base-id
ors5Bttg6GUBAAB_
x-amz-cf-id
FTCoC9K4YruDmzKiVUnUmPiJ8Nab0a-N-jy0FAYX7cy1P0WLMFpqxw==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
600 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
71362
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 21:04:57 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
f1baa5a4-f01e-0004-75b9-6eb484000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
860254f8283731e0-MIA
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
494 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
56424
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 21:04:57 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
df45a03c-201e-0028-13db-6e582b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
860254f8399d8759-MIA
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
71361
content-length
4036
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 21:04:57 GMT
server
cloudflare
etag
0x8DC3C8EBFAD6AD5
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
b0c728e0-201e-0017-60d5-6e9088000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860254f8487a31e0-MIA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 12:26:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
62006
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 21:04:58 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
5512c1a4-a01e-006b-23b1-6ebe77000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
860254f8487c31e0-MIA
uia
async-px.dynamicyield.com/ 		0
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1709727963002
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-15.yul62.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 1bffd64b2a2fa20ecc97fd2f8e605ec4.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
mrR1nfVpF5A3_GwFhbXCgCJFMIG_UfbaZxC-gybItq10OLhNRj2MnA==
expires
0
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2479:400:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:24:17 GMT
via
1.1 google, 1.1 05f4e6c9553ff5b6620e13adbd08b064.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
IAD61-P3
age
106
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
3qCZeK718_wqydBtYMbv4bp6qE1Yg1gn0C3dxj8VRkfakkj5ZXxATQ==
cnv
cnv.event.prod.bidr.io/log/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c1ff773f-e10d-40c3-923a-cb1e350424f3&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=efb0a98a-bb44-4894-a72c-7c7338d0ad62.&ord=2435799393838929734
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=efb0a98a-bb44-4894-a72c-7c7338d0ad62.&ord=2435799393838929734&_bee_ppp=1
43 B
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=efb0a98a-bb44-4894-a72c-7c7338d0ad62.&ord=2435799393838929734&_bee_ppp=1
Protocol
HTTP/1.1
Server
54.145.61.158 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-61-158.compute-1.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:04 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=efb0a98a-bb44-4894-a72c-7c7338d0ad62.&ord=2435799393838929734&_bee_ppp=1
Date
Wed, 06 Mar 2024 12:26:03 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Protocol
H2
Server
68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:03 GMT
an-x-request-uuid
36e57c1d-7e43-42fd-b477-b6bd8b30407d
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
38.132.118.77; 38.132.118.77; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:03 GMT
an-x-request-uuid
53394de1-fe30-431f-b83b-bc6c4ed3097a
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
cache-control
no-store, no-cache, private
x-proxy-origin
38.132.118.77; 38.132.118.77; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ZTg3OWU2YjgtMzUwNC00NzIwLWI4NjUtY2Q3Njg4YTBjNGQx&gdpr=0&gdpr_consent=&ttd_tdid=e879e6b8-3504-4720-b865-cd768...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=e879e6b8-3504-4720-b865-cd7688a0c4d1&google_gid=CAESECF5XKFzdMm51aLqV46Fh-E&google_cver=1
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=e879e6b8-3504-4720-b865-cd7688a0c4d1
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3240097284315772840&ttd_tdid=e879e6b8-3504-4720-b865-cd7688a0c4d1
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=e879e6b8-3504-4720-b865-cd7688a0c4d1&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://hb.yahoo.net/cksync.php?cs=3&type=55953&gdpr=%24%7bGDPR%7d&gdpr_consent=%24%7bGDPR_CONSENT%7d&gpp=%24%7bGPP_STRING%7d&gpp_sid=%24%7bGPP_SID%7d&ovsid=rightmedia&redirect=https%3a%2f%2fmatch....
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=e879e6b8-3504-4720-b865-cd7688a0c4d1&expiration=1712319964&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=e879e6b8-3504-4720-b865-cd7688a0c4d1&expiration=1712319964&gdpr=0&gdpr_consent=&C=1
43 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=e879e6b8-3504-4720-b865-cd7688a0c4d1&expiration=1712319964&gdpr=0&gdpr_consent=&C=1
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MejVUe57nLzuRHBk1WIm7T8ekwohCvZCDFeggkpSAjl2O9H09Y4D9jv%2F9ZX2tXqhuqb2QWt0QM4AxUr0qgmCA3jGYUEd3WAi%2FC2uyX5Ww%2Beo%2FOrQ5n%2FzsdF4E7bBlFBQqvIjTWUrmv%2BeUg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8602550438a7b3d4-MIA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5z8ZkahILmnhh8Ga%2BMPs%2BIDErHbJ3ZMxR7jy25jD1GhqNAfHOud84Dg8D96sb7wEKfjRGLodZKMCAy7XRYwHTj3EvgaVYIvuqko1GkhSr55KylzLUU6j3Q2f4K8hKcw%2BoNxCuMSjkPFC%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=39&external_user_id=e879e6b8-3504-4720-b865-cd7688a0c4d1&expiration=1712319964&gdpr=0&gdpr_consent=&C=1
cache-control
no-cache
cf-ray
86025503b807b3d4-MIA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=546417&uid=8754997913541173466&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=fbe70892629b603f731cefc56015763a&expSes=78136&aud=884367.884385.884387.1167402.1324059.1846919.884375.998337.1004363.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=7743780370478627106&cgtgDecisionId=7743780367179783393&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1709727963091&rri=5957639
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-15.yul62.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 1bffd64b2a2fa20ecc97fd2f8e605ec4.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
tgI3FLshgRvForSGmmzkHgEWbddzHH0MRDMUEXupy_dDjEM62BVVNQ==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=810880&uid=8754997913541173466&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=fbe70892629b603f731cefc56015763a&expSes=78136&aud=884367.884385.884387.1167402.1324059.1846919.884375.998337.1004363.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=7743780369408944544&cgtgDecisionId=7743780367172195875&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1709727963092&rri=9241922
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-15.yul62.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 1bffd64b2a2fa20ecc97fd2f8e605ec4.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
eb0aoxApDqTmddH8zDJuhckBzxWOVSZP8mUGu2AaHxJJ3e8q0nvHhg==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=479655&uid=8754997913541173466&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=fbe70892629b603f731cefc56015763a&expSes=78136&aud=884367.884385.884387.1167402.1324059.1846919.884375.998337.1004363.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=7743780367273554278&cgtgDecisionId=7743780368776774708&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1709727963093&rri=4079795
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-15.yul62.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 1bffd64b2a2fa20ecc97fd2f8e605ec4.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
Z2_SwJD9eGAdHxFYxy80k4YPy2Xt3S-A7NTA6ROhnF7LxthCr30hzQ==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=432379&uid=8754997913541173466&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28646951%5D&ses=fbe70892629b603f731cefc56015763a&expSes=78136&aud=884367.884385.884387.1167402.1324059.1846919.884375.998337.1004363.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=7743780367296102288&cgtgDecisionId=7743780367339250657&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1709727963094&rri=2155055
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-15.yul62.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 1bffd64b2a2fa20ecc97fd2f8e605ec4.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
YoHZB46ScQRPIewtsn-Sg4IMyYvjD10C1XsRBEdow_iO54iGMuBuxw==
expires
0
ca.svg
www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ca.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
x-amz-version-id
8NOp4UFLIKbAyQMGAcLE5l8.exsptZKi
via
1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
1097010
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/32D1a5fec678-1708630325-5664863187 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
679720
content-length
679
x-amz-meta-bundle
10720
x-yottaa-forcecache
true, true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-os
200
x-yottaa-metrics
3221a5fec61a/[10,5,-] 32D1a5fec678/[hit]
x-amz-cf-id
qku1CEDQlISm0CSTR5HqYFigVnk7FYvrEVTeMIOfPx4oPJ1RXW9Svg==
ca.svg
www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ca.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
x-amz-version-id
8NOp4UFLIKbAyQMGAcLE5l8.exsptZKi
via
1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
1097010
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/32D1a5fec678-1708630325-5664863187 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
679720
content-length
679
x-amz-meta-bundle
10720
x-yottaa-forcecache
true, true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-os
200
x-yottaa-metrics
3221a5fec61a/[10,5,-] 32D1a5fec678/[hit]
x-amz-cf-id
qku1CEDQlISm0CSTR5HqYFigVnk7FYvrEVTeMIOfPx4oPJ1RXW9Svg==
batch
async-px.dynamicyield.com/ 		0
383 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1709727963363_270270
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-15.yul62.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 212f3832d7f59d71fd3926166fcc89ae.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
EhMr5Z-Wk5WmHVi1OnFM52fzqWMclMkoVRkaFk81s5fAcOzft1N1iA==
expires
0
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.2.50.206 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 06 Mar 2024 12:26:03 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
www-widgetapi.js
www.youtube.com/s/player/f07d053d/www-widgetapi.vflset/ 		215 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f078959678c0fb456631097af5cfa0dc687b5d4a7936dcdc0f57a4e1cee76a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:23:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
169
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68297
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 12:23:14 GMT
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		145 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.4.234.235 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-4-234-235.deploy.static.akamaitechnologies.com
Software
nginx / Express
Resource Hash
f7f7d48fa4ef27a882d9690c581637c5f56c8f0870e7d375a333c6604b54c432
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Wed, 06 Mar 2024 12:26:03 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"830904c22b8352dcddfd665ccff9e9c3536c5740-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
must-revalidate, max-age=900
Connection
keep-alive
Content-Length
43135
Expires
Wed, 06 Mar 2024 12:41:03 GMT
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
11762f3811534382a7fe191591000ebd869ce22a1936004470c4ce1d420a36a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000
last-modified
Wed, 06 Mar 2024 12:26:03 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
js
www.paypal.com/sdk/ 		415 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
75927d0358c1e3566824a09f2c92c9c77b0fa3f25b375549b419ee33eb6ef380
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-EsElgNMVzWu2PRk1LXo87L3lGX8n2/Z/JIMoeUoC3/ixZRDH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-EsElgNMVzWu2PRk1LXo87L3lGX8n2/Z/JIMoeUoC3/ixZRDH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-EsElgNMVzWu2PRk1LXo87L3lGX8n2/Z/JIMoeUoC3/ixZRDH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-EsElgNMVzWu2PRk1LXo87L3lGX8n2/Z/JIMoeUoC3/ixZRDH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 06 Mar 2024 12:26:03 GMT
age
8105
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f1768702546e1
server-timing
"traceparent;desc="00-0000000000000000000f1768702546e1-5473c36987d82465-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
115973
x-xss-protection
1; mode=block
x-served-by
cache-dfw-kdfw8210034-DFW, cache-mia-kmia1760078-MIA, cache-mia-kmia1760078-MIA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f1768702546e1-60f1a1b83a0dfcdd-01
x-timer
S1709727963.444219,VS0,VE34
etag
W/"1c505-xAQJngziTTHJQwE98IKWnKbN78g"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
2, 1, 0
js
www.googletagmanager.com/gtag/ 		281 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
531ef7940572582069901106df7de3753dc09ac322c6e58e9680b74aee65b0fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
95609
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 06 Mar 2024 12:26:03 GMT
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		296 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.132.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-132-58.iad50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bf61062f0c0de0f5360e8bf4660c7c3c711aaee42a469c1f310fdee1fda426dc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 10:12:51 GMT
content-encoding
br
via
1.1 cdb7a265f783ce0c07661e9c6820c2c4.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD50-C2
age
0
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
72488
last-modified
Wed, 06 Mar 2024 10:11:17 GMT
server
AmazonS3
etag
"628d6498f627efdbeae694ccfeb19ab7"
vary
Origin
content-type
application/javascript;charset=utf-8
cache-control
max-age=900
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
SgOzrypgIPkKulwMuHwyVVwsmbnsgsKI56n6zei1W-E7GntSzcMu2g==
loader.js
cdn.usehero.com/ 		98 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/loader.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:269f:a800:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:19:37 GMT
content-encoding
gzip
via
1.1 dc2de227a66d49eadfba1450eb6faa90.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P1
age
387
x-amz-server-side-encryption
AES256
etag
W/"fbf714a58cbac38c0deea519667d9044"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
NFlIG4BCWRBpYgOXiO5JsPwsPLAB4vKe0PZ2Jm1-tkh_Tq2ikm1mig==
destination
www.googletagmanager.com/gtag/ 		159 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-10812184462&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c1ec111bead622ab051fb14de9b6cf0f9f848c63fa4053fc0b9c2a1589e7be8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61892
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 12:26:03 GMT
destination
www.googletagmanager.com/gtag/ 		216 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-698270988&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6a70ea0130213b0b708763901be196a10358f6f3cbf15d5c3663874176dc57e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79247
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 12:26:03 GMT
destination
www.googletagmanager.com/gtag/ 		190 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c861873c058e3ef607c4227269ff41e27e65e8f6924112cd35687d4b14677abd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71061
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 12:26:03 GMT
destination
www.googletagmanager.com/gtag/ 		190 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3a062f8a5a3e6605263938dbbfbd28f7662cbe38e0b651d1ad6ec567e842e6de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71061
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 12:26:03 GMT
destination
www.googletagmanager.com/gtag/ 		204 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-865242110&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
416fd499f7b277e03a016bf7bf9b71d805f33bb1573373826987a1157789a200
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76218
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 12:26:03 GMT
scevent.min.js
sc-static.net/ 		44 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.23.251 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-23-251.atl58.r.cloudfront.net
Software
CloudFront /
Resource Hash
1eebbe20a7e11128ee261e88cadbc5f467f81690a0bb0a8aa2a529a8f04aee43

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
gzip
via
1.1 cac404716323a3fe7bf53c1e15d39508.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
ATL58-P2
x-cache
Miss from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
access-control-allow-headers
Content-Type
content-length
19117
x-amz-cf-id
btHwmEciPTez_jssIxV83k9e6wIEjrT6rWWCN1A-3FCqbcS5zGKPrw==
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
gzip
via
1.1 cbe94ab27088fc4bb73abf8e3179b3d2.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec678-1709722851-5324338114 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-yottaa-metrics
3221a5fec6fa/[290,287,-] 32D1a5fec678/[-,292.783]
cf-ray
860254fb89351230-ORD
x-dw-request-base-id
79Iofdtg6GUBAAB_
x-amz-cf-id
KKt0BejzzcYTz2xSEfUydvngJlucPwkQDuwJEzGEFIt6sZ2a-QONpQ==
expires
Thu, 01 Dec 1994 16:00:00 GMT
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		196 B
866 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=38.132.118.77
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b0ae6ca3caa68945caf45f000efe5b8a052d45d9438cd4ca92221abe5c05e707
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 ad310b4d7c581c35032fa3fce068e53c.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec678-1709722851-5324338115 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=38.132.118.77
x-yottaa-metrics
3221cc02d142/[125,123,-] 32D1a5fec678/[-,128.042]
cf-ray
860254fbba038717-ORD
x-dw-request-base-id
79Ipfdtg6GUBAAB_
x-amz-cf-id
2-oTwRSglFfNfEOzQ2KsaTYRfD2DxM57ZlMy9VG23X_c8_9bccetrg==
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:280::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5c8c192adca12497452b0a6c25b5913fad79f9afc4760673947377cd81575d81

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

akamai-x-true-ttl
7200
content-encoding
br
x-cdn
akamai
etag
"d9d39f44b74d00726ec92710f4e4c69c"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=7200
accept-ranges
bytes
alt-svc
h3=":443"; ma=600
content-length
1856
fbevents.js
connect.facebook.net/en_US/ 		215 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only
clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 06 Mar 2024 12:26:03 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57348
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma
public
x-fb-debug
7Oki0zLRPkJbdby+OEOabKlpYhsGs2lUjBuCvlN19QHTWKYEjLTIEsqASdgdz4A6E2TvCBA4Zn5xr3qrC52gAw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 15 Feb 2024 20:38:48 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8702
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 06 Mar 2024 12:26:02 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E985C047EA6947038B4981DD28E4DFE5 Ref B: MIAEDGE1306 Ref C: 2024-03-06T12:26:03Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13280
sdk.js
analytics.tiktok.com/i18n/pixel/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRR4GA0I9JJBU29G8GF0
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
274b7e35ec982845ba91d82df211828e72840312ce5411597082d624d91fc07d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
b563b803.62fa4be1
date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306122603D5A0959D519E8CA5EA16-7A25ED43449275D8-00
x-cache
TCP_MISS from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
x-parent-response-time
12,23.220.105.215
server-timing
cdn-cache; desc=MISS, edge; dur=3, origin; dur=10, inner; dur=3
content-length
2526
pragma
no-cache
server
nginx
x-tt-logid
20240306122603D5A0959D519E8CA5EA16
x-cache-remote
TCP_MISS from a23-48-200-211.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
10,23.48.200.211
x-tt-trace-host
01439e9c575441e437c8f70b0cf4bee413f41dfdf7895c0f820298362471862d950a95f5ded55bb99ce911a45ce0853f3aad215d2632aee13a241c78dccadefb677607fd37374dbe2bae7d356cadbaa94429c4f6a92c566db0c7d5012daee7ec78915a20047abfa0df438a01a08b03772e
expires
Wed, 06 Mar 2024 12:26:03 GMT
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:12::17cd:6b1a Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
null
date
Wed, 06 Mar 2024 12:26:03 GMT
server
Unknown
x-amz-server-side-encryption
AES256
x-amp-srv
A
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
5378
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%203x
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:12::17cd:6b1a Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
date
Wed, 06 Mar 2024 12:26:03 GMT
server
Unknown
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
x-amp-srv
A
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
996
icon-lips
elfcosmetics.a.bigcontent.io/v1/static/ 		914 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-lips?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-lips?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-lips?%24Desktop%24=&fmt=auto%203x
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:12::17cd:6b1a Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
2f3989acda5131345cd5dd5f11e9c3c373fd3b09eb1a2a64fb2d6b302ea020a6

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
null
date
Wed, 06 Mar 2024 12:26:03 GMT
server
Unknown
x-amz-server-side-encryption
AES256
x-amp-srv
A
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
914
ca.svg
www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ca.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
x-amz-version-id
8NOp4UFLIKbAyQMGAcLE5l8.exsptZKi
via
1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
1097010
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/32D1a5fec678-1708630325-5664863187 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
679720
content-length
679
x-amz-meta-bundle
10720
x-yottaa-forcecache
true, true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-os
200
x-yottaa-metrics
3221a5fec61a/[10,5,-] 32D1a5fec678/[hit]
x-amz-cf-id
qku1CEDQlISm0CSTR5HqYFigVnk7FYvrEVTeMIOfPx4oPJ1RXW9Svg==
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3c99331a2819f46e19997f55a71f9b4d42a754a3a2362dd7e02867feeb6cadbf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
7f70d53c.62fa4cfa
date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2403061226034071D93AE66249A99001-119654100CD9999F-00
x-cache
TCP_MISS from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
x-parent-response-time
28,23.220.105.215
server-timing
cdn-cache; desc=MISS, edge; dur=28, origin; dur=5, inner; dur=1
content-length
2106
pragma
no-cache
server
nginx
x-tt-logid
202403061226034071D93AE66249A99001
x-cache-remote
TCP_MISS from a23-220-104-5.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
5,23.220.104.5
x-tt-trace-host
01439e9c575441e437c8f70b0cf4bee413f41dfdf7895c0f820298362471862d95a8a14bc66f44a44d61345f5191fe56dd978c29d46348f7409477d4235c5e2875e814c2b31131286b220052f6b6d9c965bf07155f560bad0581ac022cb5883c79f55189f54d640ecc0ae9afb52a6e36cf
expires
Wed, 06 Mar 2024 12:26:03 GMT
widget.js
js.jebbit.com/companion/v1/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2073:2000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 10:07:56 GMT
x-amz-version-id
R3KY_K4A_1J6MbzxdLc7TwnPZXsf4837
via
1.1 5451b84324d9bca0bdd03e4c4009ae10.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
IAD50-C2
age
8289
etag
"cc4e73d84c409b310a274ca12ee462bc"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45249
x-amz-cf-id
vLr7CPRb6YTamk1M-dS2K54nLoeWBB9Ml6oH0EqBBsCPiUI5U8lYKg==
batch
async-px.dynamicyield.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1709727963841_461362
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-15.yul62.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 212f3832d7f59d71fd3926166fcc89ae.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
-ULidzM_-PBYnHzXT76y79xIWGiehsvX-rJmyW6VrzPC6SRRO0QUQQ==
expires
0
i.js
tag.wknd.ai/6664/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
6eb664ab4aab2cfe182a60bd4b94b1a498c8ee71eb6d1572336d1425bb8e5bbf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:04 GMT
content-encoding
gzip
via
1.1 google
server
istio-envoy
etag
0831a1e1cd9d94
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
x-envoy-upstream-service-time
1
x-region
us-central1
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
content-length
5540
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
92f709e941df3b754df46c209f8b21499ea6c3feb8ad5abdd5c0264a5dcb2595

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
log_event
www.youtube.com/youtubei/v1/ Frame 0BF1 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
X-Goog-Request-Time
1709727963862
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
X-YouTube-Client-Version
1.20240303.00.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
CgtvN3QzSVlFRnJJQSjXwaGvBjIKCgJVUxIEGgAgZQ%3D%3D
X-YouTube-Ad-Signals
dt=1709727961201&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Wed, 06 Mar 2024 12:26:03 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
main.cb6ceab7.js
s.pinimg.com/ct/lib/ 		64 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.cb6ceab7.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:280::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3b4f2e1b70a9ab8aef23d65cc1b072b5eb6eba4979f6575c64771256e260409d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

akamai-x-true-ttl
1209600
content-encoding
br
x-cdn
akamai
etag
"df5cf5cb5de352dc30a944e95eca73e1"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=1209600
accept-ranges
bytes
content-length
18542
t2_16331p_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:04 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
98
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1709727963924&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=9fe5ead7-7e92-4320-ab84-23f920e55ae8&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:04 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
collect
analytics.google.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4340v879088318z8896608294za220&_gaz=1&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=819814714.1709727962&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1709727964&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2&tfd=7157
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::64 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
47 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=819814714.1709727962&gtm=45je4340v879088318z8896608294za220&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CK-45P_Q34QDFV44-QAdrzAPgw;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=1836160024.1709727962;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-c...
10742279.fls.doubleclick.net/ Frame CE45
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=1836160024.1709727962;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmeti...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CK-45P_Q34QDFV44-QAdrzAPgw;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=1836160024.1709727962;u1=https%3A%2F%2Fwww.elfc...
620 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CK-45P_Q34QDFV44-QAdrzAPgw;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=1836160024.1709727962;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f149.1e100.net
Software
cafe /
Resource Hash
181a3657fd32b7fc38f207af13a7b304d619517db56e3412164ae9823d81c1f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
332
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 12:26:04 GMT
expires
Wed, 06 Mar 2024 12:26:04 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 12:26:04 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CK-45P_Q34QDFV44-QAdrzAPgw;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=1836160024.1709727962;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
main.MTNhZGZiOTRkMA.js
analytics.tiktok.com/i18n/pixel/static/ 		408 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1d16cbf24d53ba3dc9c081aea9064065dfd20331e61856b49a83c706a41cc53a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
62fa5183
date
Wed, 06 Mar 2024 12:26:04 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240222150111BD0C30BF42D49231DC1B
x-tt-trace-id
00-240222150111BD0C30BF42D49231DC1B-4342066BBC429A57-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01b78e35d4739bb23fefdca597885375f0412448c3bccee561484ef037a20ce812852d28a80bba83019c25bd1c1ef799ff7dd4417cc4145159dda61c72908c584e333e3ef270757b0c9d852a66ee79d4c8eb00fd902501432d06aa99b44bc53fa4
server-timing
cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=49
content-length
111050
display
api.usehero.com/webplugin/ 		189 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&state=untouched&outboundFeature=
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.246.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-246-23.compute-1.amazonaws.com
Software
/
Resource Hash
1338e6bab74fb66363b2b4228149231f126961fbbc25707ea136b38a14331d84
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
3c7fb5e1-691a-4af3-be4a-bd1b2444186d
cross-origin-resource-policy
same-origin
x-geo-longitude
-80.39270
pragma
no-cache
referrer-policy
same-origin
etag
W/"bd-0h122MAb45hzefPJdep96Hbf2Dk"
x-frame-options
SAMEORIGIN
x-geo-zip
33018
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
25.90920
x-accuracy
20
expires
0
date
Wed, 06 Mar 2024 12:26:04 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/New_York
x-envoy-upstream-service-time
13
content-length
189
x-xss-protection
0
x-request-id
3c7fb5e1-691a-4af3-be4a-bd1b2444186d
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
US
x-geo-city
Miami
local
www.paypal.com/credit-presentment/experiments/ Frame 78F9 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0f5fe767ec60aa4b60c09496259716f16d914bc3588105ab8e6a55c876870c9d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
108477
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1523
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Wed, 06 Mar 2024 12:26:04 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-rcjjDmCYbnZKEiOs2pd/xEvI80U"
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f5172053e6c7f
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f5172053e6c7f-7bf8c7d67e3439b8-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f5172053e6c7f-24309d30126979e5-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
4913, 23819, 0
x-served-by
cache-dfw-kdfw8210114-DFW, cache-mia-kmia1760078-MIA, cache-mia-kmia1760078-MIA
x-timer
S1709727964.296423,VS0,VE5
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.425&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c83f443bb9b02744034d24f530ba1b4ae2c2b2abab9062154dec9a8d0f3c463c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-mf95Y5N4FjQQjmv4XfD8Uwny8we+AGOQsFJzFITt0iOLM3A4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-mf95Y5N4FjQQjmv4XfD8Uwny8we+AGOQsFJzFITt0iOLM3A4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 06 Mar 2024 12:26:04 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
51314
x-cache
HIT, HIT, MISS
paypal-debug-id
f22934427e897
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4795
x-xss-protection
1; mode=block
x-served-by
cache-dfw-kdfw8210106-DFW, cache-mia-kmia1760078-MIA, cache-mia-kmia1760078-MIA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f22934427e897-0c8655afc7f4f789-01
x-timer
S1709727964.298007,VS0,VE4
etag
W/"3690-4Jk7vnYvgyHLXXWUBHopMl64WXc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
3, 2, 0
activityi;dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
9231397.fls.doubleclick.net/ Frame 381B
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefi...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-...
742 B
419 B 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f149.1e100.net
Software
cafe /
Resource Hash
3961f2636db03aa7569d5b5049d977a9914159926bd57461639fc9c02ce169ae
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
395
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 12:26:04 GMT
expires
Wed, 06 Mar 2024 12:26:04 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 12:26:04 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
1638306756445368
connect.facebook.net/signals/config/ 		64 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.148&r=stable&domain=www.elfcosmetics.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
815a0320ad8f92f8cf83f9a2804622e5acf474e6ef479f8cf1dbbb0d68845e89
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only
clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 06 Mar 2024 12:26:04 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13394
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma
public
x-fb-debug
6GLXfK+G4Lnx7tbexwcg2e793kdD5pazjC58jp8+so2GrepMS+ETWk1uSOCWuELoItiESRg5aEZvSewguAICaw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
p
tr.snapchat.com/ 		68 B
460 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&ev=PAGE_VIEW&intg=gtm&u_em=&u_pn=&pids=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_c1=276a9332-41a3-4125-9e20-f3fcef98e388&u_sclid=06785f15-e1a3-44bc-b26c-4a08d93daa3e&u_scsid=ba597830-ed65-4137-9e8a-cafc7967c38e&bt=1d53c387&d_bvs=%5B%5D&df=true&huah=true&m_dcl=4264&m_fcps=2557&m_pi=4263&m_pl=6126&m_pv=2&m_rd=7568&m_sh=1200&m_sl=0&m_sw=1600&pl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&trackId=783d666a-2002-4460-8a11-1bc9ea1d9054&ts=1709727964462&v=3.12.0-2402271815
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
x-envoy-upstream-service-time
1
alt-svc
clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
log_event
www.youtube.com/youtubei/v1/ Frame C1C2 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
X-Goog-Request-Time
1709727964481
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
X-YouTube-Client-Version
1.20240303.00.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
Cgs3Ykc0dkZfaG5iTSjXwaGvBjIKCgJVUxIEGgAgOw%3D%3D
X-YouTube-Ad-Signals
dt=1709727961385&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Wed, 06 Mar 2024 12:26:04 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
5013978.js
bat.bing.com/p/action/ 		0
117 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Wed, 06 Mar 2024 12:26:03 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: EAA6C0807DB347ED8A8AEDCD8C832C25 Ref B: MIAEDGE1306 Ref C: 2024-03-06T12:26:04Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
358 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=94e42420-ba25-4865-bbe1-dffe8ca4d809&sid=b35d6fc0dbb411eeb208918df893de34&vid=b35d92f0dbb411ee9f8e690789aed181&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&r=&lt=6127&evt=pageLoad&sv=1&rn=584273
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 06 Mar 2024 12:26:03 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: A990F1F81F2842A5BDBAA4E392547D36 Ref B: MIAEDGE1306 Ref C: 2024-03-06T12:26:04Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
ca.svg
www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ca.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:04 GMT
x-amz-version-id
8NOp4UFLIKbAyQMGAcLE5l8.exsptZKi
via
1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
1097011
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/32D1a5fec678-1708630325-5664863187 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
679720
content-length
679
x-amz-meta-bundle
10720
x-yottaa-forcecache
true, true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-os
200
x-yottaa-metrics
3221a5fec61a/[10,5,-] 32D1a5fec678/[hit]
x-amz-cf-id
qku1CEDQlISm0CSTR5HqYFigVnk7FYvrEVTeMIOfPx4oPJ1RXW9Svg==
4f55bb0f7329d192b9ed41111a
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/4f55bb0f7329d192b9ed41111a
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
713ecf111b58e86a5e06be0de8e2d72595e7a3ff6b9931208e595fe517bfa31e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjdhNzBhZmJjLWQyNTgtNGMwOS05Y2YzLWJhODllZjkwN2JmMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3Mjc5MzIsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJobDBkMWtmZUt3S2tSeGNnWm1iWVl3WGEzOjpjaGlkOiAiLCJleHAiOjE3MDk3Mjk3NjIsImlhdCI6MTcwOTcyNzk2MiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA1NTM5MTQ4OTI0Mzk3MSJ9.w7VqVDRoRmzt3bJVlsTupAHzQFoNHDb8Qn9NyTx5eMZ7hE0nqvmv5p5VIN6gORJGS1hnwr28lNLH7K3-YT63Ng
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

x-yottaa-profileid
5a0c9b7632f01c35d4210220
date
Wed, 06 Mar 2024 12:26:04 GMT
via
1.1 5ea7f8bcbac3004590a821cdd0466e1c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec678-1709722851-5324338123 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
content-length
1009
etag
8108840d340480e84eee2901d7755aa652be07a59456711e37599c9b14eca3b8
allow
DELETE,GET,HEAD,OPTIONS,PATCH
content-type
application/json;charset=UTF-8
x-dw-resource-state
8108840d340480e84eee2901d7755aa652be07a59456711e37599c9b14eca3b8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-os
200
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/4f55bb0f7329d192b9ed41111a
accept-ranges
bytes
cf-ray
860255034e3022df-ORD
x-dw-request-base-id
_8E-1txg6GUBAAB_
x-amz-cf-id
DGFrDakugLd8INusH5AOWcy_fsipJX5HP02lXWVydw4blELvXNKyHA==
x-yottaa-metrics
3221a5fec61f/[197,194,-] 32D1a5fec678/[-,200.911]
jsp
ut.rd.linksynergy.com/ 		148 B
405 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
14c7e1f20b204a340d879bdcbec3dfc80f2843a01c8d8ce5b94900f7556962c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-type
text/plain; charset=utf-8
date
Wed, 06 Mar 2024 12:26:04 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
x-samesite
secure
/
www.googleadservices.com/pagead/conversion/698270988/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/698270988/?random=1709727963964&cv=11&fst=1709727963964&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&bttype=purchase&npa=1&pscdl=noapi&auid=1836160024.1709727962&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f155.1e100.net
Software
cafe /
Resource Hash
9661ab143a170edc4ce838e0db02e1790c92ac9862517ace413c93b666e4c2d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1720
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pageview
c.contentsquare.net/ 		0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-US&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6727&ww=1600&wh=1200&sw=1600&sh=1200&uu=5a8f81db-edff-a0ef-e5b4-ceb5be57568e&sn=1&hd=1709727964&v=13.99.5&pid=1926&pn=1&r=718727
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.208.222.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-222-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
dc_pre=CK-45P_Q34QDFV44-QAdrzAPgw;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4...
adservice.google.com/ddm/fls/z/ Frame CE45 		42 B
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CK-45P_Q34QDFV44-QAdrzAPgw;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Requested by
Host: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;dc_pre=CK-45P_Q34QDFV44-QAdrzAPgw;src=10742279;type=elf8j0;cat=glo_flap;ord=4436922661187;npa=1;auiddc=1836160024.1709727962;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://10742279.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
t
evt.undertone.com/ Frame 381B
Redirect Chain
  • https://ads.undertone.com/t?trackerid=7729&cb=513243251
  • https://evt.undertone.com/t?trackerid=7729&cb=513243251
0
498 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://evt.undertone.com/t?trackerid=7729&cb=513243251
Requested by
Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H2
Server
3.229.102.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-229-102-46.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://9231397.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin
https://9231397.fls.doubleclick.net/
pragma
no-cache
date
Wed, 06 Mar 2024 12:26:05 GMT
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"

Redirect headers

date
Wed, 06 Mar 2024 12:26:04 GMT
via
1.1 a3644f9cdea7a7e9efd1f62c9d972932.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
YUL62-P2
x-cache
Miss from cloudfront
location
https://evt.undertone.com/t?trackerid=7729&cb=513243251
content-length
0
x-amz-cf-id
loBLZULmxRcKlrT8QgNuyzKy4NDPER5-NA0OS85oVhOA_Y96xvkQGQ==
dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=*;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45f...
adservice.google.com/ddm/fls/z/ Frame 381B 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=*;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Requested by
Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CO7r7f_Q34QDFU8n-QAd3uUMcQ;src=9231397;type=retarget;cat=globa0;ord=5040174459970;npa=1;auiddc=1836160024.1709727962;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://9231397.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.paypal.com/sdk/ Frame 78F9 		415 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
75927d0358c1e3566824a09f2c92c9c77b0fa3f25b375549b419ee33eb6ef380
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-EsElgNMVzWu2PRk1LXo87L3lGX8n2/Z/JIMoeUoC3/ixZRDH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-EsElgNMVzWu2PRk1LXo87L3lGX8n2/Z/JIMoeUoC3/ixZRDH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-EsElgNMVzWu2PRk1LXo87L3lGX8n2/Z/JIMoeUoC3/ixZRDH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-EsElgNMVzWu2PRk1LXo87L3lGX8n2/Z/JIMoeUoC3/ixZRDH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 06 Mar 2024 12:26:04 GMT
age
8106
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f1768702546e1
server-timing
"traceparent;desc="00-0000000000000000000f1768702546e1-5473c36987d82465-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
115973
x-xss-protection
1; mode=block
x-served-by
cache-dfw-kdfw8210034-DFW, cache-mia-kmia1760078-MIA, cache-mia-kmia1760078-MIA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f1768702546e1-60f1a1b83a0dfcdd-01
x-timer
S1709727965.687494,VS0,VE4
etag
W/"1c505-xAQJngziTTHJQwE98IKWnKbN78g"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
2, 2, 0
54ab54f2-5152-4ccd-852a-4aadb4bf396f
https://www.elfcosmetics.com/ 		7 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.elfcosmetics.com/54ab54f2-5152-4ccd-852a-4aadb4bf396f
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
36ff871d9fcff613aae4a44802fc606d1d4838ea4f6efba815f0a1ec95bbd101

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Length
7329
Content-Type
application/javascript
main.MTNhZGZiOTRkMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		428 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8344b30c4f0eb1c6f29e7515183b8d91e55f80563104c8f15b6d156217091f00

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
62fa5803
date
Wed, 06 Mar 2024 12:26:04 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240222150115D24ABCD14701AF2C9662
x-tt-trace-id
00-240222150115D24ABCD14701AF2C9662-648BEFDCF28B01C6-00
vary
Accept-Encoding
x-cache
TCP_HIT from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
012e43f3e38ba006c83281963ee9c4ae6cfb2ddcb007be445860de05e3b75b359e60136b26504e38e7cb4580379987419fc7b8d5274aec69f9ffcb47e9589f6f8dbe1a18055d202b85ff517329f62e8bdbbfd5c722ac3d74b33de3957408644409
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
content-length
117199
/
ct.pinterest.com/user/ 		298 B
623 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1709727964680&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.cb6ceab7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:04 GMT
content-encoding
gzip
x-cdn
fastly
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
x-pinterest-rid
1339093671798682
content-length
173
pin-unauth
dWlkPVpUSmhNemxrTVRJdE1UQXdZaTAwTlRSbUxXSTNOV0V0WXpZNFkyRTROR1UyT0RSbA
pragma
no-cache
referrer-policy
origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
875f2e02e50c112557997c9ed58d87a8d887f4ed
expires
Sat, 01 Jan 2000 00:00:00 GMT
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2073:2000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
rlLQSdBm9ZTNXvLaketZ1ik.75AdGtXG
date
Wed, 06 Mar 2024 10:07:56 GMT
via
1.1 5451b84324d9bca0bdd03e4c4009ae10.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
IAD50-C2
age
8289
x-amz-server-side-encryption
AES256
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
erZYtAlBkch_or8DqrhoQXpcRV7J9tcgzQ51DPFFddSgND-sXoAcvA==
launcher_configs
external-api.jebbit.com/moments/v2/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.208.207.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-207-37.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
x-dns-prefetch-control
off
content-length
2
x-xss-protection
1; mode=block
pragma
no-cache
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options
noopen
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
expires
0
ts
t.paypal.com/ 		42 B
432 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1709727964713&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (dcd/7D29) /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
correlation-id
5edbe1be6965e
server
ECAcc (dcd/7D29)
traceparent
00-00000000000000000005edbe1be6965e-3c58e079951f6693-01
vary
Accept-Encoding
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
5edbe1be6965e
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin
*
expires
Wed, 06 Mar 2024 12:26:04 GMT
/
ct.pinterest.com/v3/ 		35 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22cb6ceab7%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1709727964716
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.cb6ceab7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
referrer-policy
origin
x-cdn
fastly
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
d86307369f90fc9732b55f1af546f99435a80f0f
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
x-pinterest-rid
1476644015872728
content-length
35
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1709727964730&sw=1600&sh=1200&v=2.9.148&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1709727964725.1323436544&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1709727964402&coo=false&eid=1709728485407_170972858878614&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 06 Mar 2024 12:26:04 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
identify_efbb8.js
analytics.tiktok.com/i18n/pixel/static/ 		137 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_efbb8.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
62fa58fa
date
Wed, 06 Mar 2024 12:26:04 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240222150111813E96B1F8AA574038E8
x-tt-trace-id
00-240222150111813E96B1F8AA574038E8-2CA64CF6E71FA6F3-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01b78e35d4739bb23fefdca597885375f0412448c3bccee561484ef037a20ce81273a5b66988b32f0d96ecc9d2c502b0044b560246798ada35549afea2ea11e0f73ec5be057215fad6565d95a4d54bcf4e47727dd574b704bf9e310e81e042d3b0
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=39
content-length
37067
performance_interaction
analytics.tiktok.com/api/v2/ 		0
703 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/performance_interaction
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
62fa5992
date
Wed, 06 Mar 2024 12:26:04 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306122604615678763C26B6A1EA56-77CA8BEF2ED7F882-00
x-cache
TCP_MISS from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=10, cdn-cache; desc=MISS, edge; dur=10, origin; dur=15
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240306122604615678763C26B6A1EA56
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
15,23.220.105.215
x-tt-trace-host
01439e9c575441e437c8f70b0cf4bee4132784406de80453e8745c06039e5af4cb2524e39d06ce049b33d713a258b6f4281a1198a00e0fab18050b1f3bf86e82ec2a99ab789ef6d26242252a86a837f4084c0bca82a6f6738b8c741d05524bf1c6
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 12:26:04 GMT
pangle_pixel
analytics.pangle-ads.com/api/v2/ 		0
965 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.15.9.25 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-15-9-25.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
9af7becd.7b7bad2
date
Wed, 06 Mar 2024 12:26:04 GMT
x-bytefaas-request-id
20240306122604BD452D4B6249B1D3B3BC
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306122604BD452D4B6249B1D3B3BC-344AD33C50636BE5-00
x-cache
TCP_MISS from a23-15-9-21.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54704533) (-)
x-parent-response-time
10,23.15.9.21
server-timing
cdn-cache; desc=MISS, edge; dur=2, origin; dur=8, inner; dur=5
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240306122604BD452D4B6249B1D3B3BC
x-cache-remote
TCP_MISS from a23-213-246-134.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54704533) (-)
access-control-max-age
86400
access-control-allow-methods
*
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
x-bytefaas-execution-duration
3.47
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-gw-dst-psm
ad.union.pangle_web_traffic
x-tt-trace-host
01439e9c575441e437c8f70b0cf4bee413275f10a0235d1d771484b74aded698172486c8e545fb0a8b17769f69d2fc21b1e9a3e0b81898cc5eba1a83747bb2bd59d6ebb6724706a7aa2a3a33b0d9bd1a725c9c1727b00ab44d43e36c5f6e091cc25ed0c3a2ae0d4a153e44f8d84f80f11a
x-origin-response-time
8,23.213.246.134
access-control-allow-headers
*
expires
Wed, 06 Mar 2024 12:26:04 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
62fa59b7
date
Wed, 06 Mar 2024 12:26:04 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306122604F4AC20EA423935AD644E-7EE5EC6119351080-00
x-cache
TCP_MISS from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=53, cdn-cache; desc=MISS, edge; dur=6, origin; dur=57
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240306122604F4AC20EA423935AD644E
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
57,23.220.105.215
x-tt-trace-host
01439e9c575441e437c8f70b0cf4bee4132784406de80453e8745c06039e5af4cb46059ffac4715ef3045ad41ae77668a06b7d9eaf0381f3c7a577f609aa4aa600843a10c79c9b574edc8474597dafe88b5fd23d18b55416d6dc79c5cf112c49ad
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 12:26:04 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
62fa59b8
date
Wed, 06 Mar 2024 12:26:04 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306122604615678763C26B6A1EA57-41DAC6B6529E9103-00
x-cache
TCP_MISS from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=30, cdn-cache; desc=MISS, edge; dur=7, origin; dur=33
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240306122604615678763C26B6A1EA57
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
33,23.220.105.215
x-tt-trace-host
01439e9c575441e437c8f70b0cf4bee4132784406de80453e8745c06039e5af4cb2524e39d06ce049b33d713a258b6f4284bbb25732f2854a4bd518c113c60b2e0921c0069eee06b389e88210fd6c34cbc33eec189d01b6990d751c1d323459b7b
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 12:26:04 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
847 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
e2dff1e5.62fa59f4
date
Wed, 06 Mar 2024 12:26:04 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24030612260499AEAAA5CCBDC313A969-0A8046F55B070AAC-00
x-cache
TCP_MISS from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
x-parent-response-time
51,23.220.105.215
server-timing
cdn-cache; desc=MISS, edge; dur=11, origin; dur=49, inner; dur=46
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024030612260499AEAAA5CCBDC313A969
x-cache-remote
TCP_MISS from a23-48-200-209.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
49,23.48.200.209
x-tt-trace-host
01439e9c575441e437c8f70b0cf4bee413f41dfdf7895c0f820298362471862d95c7cf0e9a6bb8375e0df6315d0cf8056d92a20b3872f750e7efade7565e289474146cefae366de240476ef2bbe93371da24c671389e7408ba4137265524cf0c9fe11388b82730a97f60c49d416588a0aa
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 12:26:04 GMT
dvar
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=13.99.5&pid=1926&pn=1&sn=1&uu=5a8f81db-edff-a0ef-e5b4-ceb5be57568e&dv=H4sIAAAAAAAAA6tWcnSKd4mMd8%2FJT0rMUXDOzyspys9RCEktLlGyUnKpzEvMzUxWiMxMzUlRcK0oSC3KTM1LTi1W0oHqQ4gpGAI1hCUWZSaWZObnAXkwJT755QqeeSWpeSATA%2FILSnOAikoqlWoB8S1cunwAAAA%3D&ct=2&r=884218
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.208.222.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-222-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
/
www.google.com/pagead/1p-conversion/698270988/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=2081892112&cv=11&fst=1709727963964&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=2081892112&cv=11&fst=1709727963964&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-conversion/698270988/?random=2081892112&cv=11&fst=1709727963964&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=1836160024.1709727962&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=Ek5DaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVlBUlBGRFNqUHlsTmtpcGI1NkFQUHhwQ2U3bHFJekFfQTdra3FEV1o4blBYTno5elpQQmcaWENoQUlnTVdncndZUWxabWM0dlRpZ0l3dkVpNEFkNVJWZjlEdHdlSzJHZExsNThVWVo2WUVSN2padHZ3V0JVaWV0eWx5ZmpkMmlITF9DOG1idG1YMXZidmciEwirmvz_0N-EAxUq8ygFHSpRC3IyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSKQB7FLtq0pCZ03y5oKPhy6F83E6URCZ5CwmNyJzzpzBE0HOOxpjeqw2c&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbq-24Fv8mQn2qmcTezB7O4LoztaQmj_R3Q&random=1524479141
Protocol
H3
Server
2607:f8b0:4004:c07::69 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:05 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:04 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://www.google.com/pagead/1p-conversion/698270988/?random=2081892112&cv=11&fst=1709727963964&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=1836160024.1709727962&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=Ek5DaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVlBUlBGRFNqUHlsTmtpcGI1NkFQUHhwQ2U3bHFJekFfQTdra3FEV1o4blBYTno5elpQQmcaWENoQUlnTVdncndZUWxabWM0dlRpZ0l3dkVpNEFkNVJWZjlEdHdlSzJHZExsNThVWVo2WUVSN2padHZ3V0JVaWV0eWx5ZmpkMmlITF9DOG1idG1YMXZidmciEwirmvz_0N-EAxUq8ygFHSpRC3IyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSKQB7FLtq0pCZ03y5oKPhy6F83E6URCZ5CwmNyJzzpzBE0HOOxpjeqw2c&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbq-24Fv8mQn2qmcTezB7O4LoztaQmj_R3Q&random=1524479141
content-type
image/gif
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hash
www.paypal.com/credit-presentment/experiments/ Frame 78F9 		40 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_4df2ba1b4e_mti6mjy6mdq&disableSetCookie=true&features=disable-set-cookie
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 06 Mar 2024 12:26:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
0
edge-cache-tag
up-treatments-hash
x-cache
MISS, MISS, MISS
paypal-debug-id
f16152514b6d7
server-timing
"traceparent;desc="00-0000000000000000000f16152514b6d7-d9e373b05de089dd-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
56
x-xss-protection
1; mode=block
x-served-by
cache-dfw-kdal2120090-DFW, cache-mia-kmia1760078-MIA, cache-mia-kmia1760078-MIA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f16152514b6d7-73fcbbe241380e6a-01
x-timer
S1709727965.955579,VS0,VE109
etag
W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-expose-headers
Server-Timing
cache-control
s-maxage=86400, max-age=0
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
c69c204f-fba0-4685-aea8-ad32f799fa5d.js
tr.snapchat.com/config/com/ 		185 B
472 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/config/com/c69c204f-fba0-4685-aea8-ad32f799fa5d.js?v=3.12.0-2402271815
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e96d1ae2515a7adf6e1fa754960645298839e87cd2a139fb6dc94c3e45ab9066
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
Origin
https://www.elfcosmetics.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
content-type
application/javascript
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
40
access-control-allow-credentials
true
alt-svc
clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
185
i
tr.snapchat.com/cm/ Frame 70D6 		672 B
740 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=ba597830-ed65-4137-9e8a-cafc7967c38e&u_sclid=06785f15-e1a3-44bc-b26c-4a08d93daa3e
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
clear h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
672
content-type
text/html
date
Wed, 06 Mar 2024 12:26:05 GMT
server
API Gateway
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
x-envoy-upstream-service-time
0
act
analytics.tiktok.com/api/v2/pixel/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.215 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-215.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
62fa5d51
date
Wed, 06 Mar 2024 12:26:05 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2403061226054928FC53C79E4EA99614-252805114CED212E-00
x-cache
TCP_MISS from a23-220-105-215.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=87, cdn-cache; desc=MISS, edge; dur=9, origin; dur=89
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202403061226054928FC53C79E4EA99614
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
90,23.220.105.215
x-tt-trace-host
01439e9c575441e437c8f70b0cf4bee4132784406de80453e8745c06039e5af4cb88b4500c5eea3b636834a117acb73124a929cc843090e4ee5ccb0ab78c6b6a53ff647ed2c7ed9feb9084d1d499fa07bdec2d488336c0282be950581dbcfd7f0e
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 12:26:05 GMT
ca.svg
www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ca.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:05 GMT
x-amz-version-id
8NOp4UFLIKbAyQMGAcLE5l8.exsptZKi
via
1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
1097012
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/32D1a5fec678-1708630325-5664863187 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
679720
content-length
679
x-amz-meta-bundle
10720
x-yottaa-forcecache
true, true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-os
200
x-yottaa-metrics
3221a5fec61a/[10,5,-] 32D1a5fec678/[hit]
x-amz-cf-id
qku1CEDQlISm0CSTR5HqYFigVnk7FYvrEVTeMIOfPx4oPJ1RXW9Svg==
runtime_6459738026535cda4232dc813c61447d.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_6459738026535cda4232dc813c61447d.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 18:44:15 GMT
content-encoding
br
age
1186910
x-guploader-uploadid
ABPtcPrNSI199BiN9Upsbo44P0dclVj8QVrEs5x1hYJXfGvOQidjm657WiLvNG7B1BWZr_qmafI
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1316
last-modified
Thu, 15 Feb 2024 20:29:38 GMT
server
UploadServer
etag
"09512239cb2a22728ca9f8608dfc2181"
x-goog-generation
1705949047694544
x-goog-hash
crc32c=BS9gKg==, md5=CVEiOcsqInKMqfhgjfwhgQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1316
accept-ranges
bytes
content-type
text/javascript
scevent.min.js
sc-static.net/ Frame 70D6 		44 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: tr.snapchat.com
URL: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=ba597830-ed65-4137-9e8a-cafc7967c38e&u_sclid=06785f15-e1a3-44bc-b26c-4a08d93daa3e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.23.251 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-23-251.atl58.r.cloudfront.net
Software
CloudFront /
Resource Hash
1eebbe20a7e11128ee261e88cadbc5f467f81690a0bb0a8aa2a529a8f04aee43

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tr.snapchat.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 18:30:02 GMT
content-encoding
gzip
via
1.1 cac404716323a3fe7bf53c1e15d39508.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
ATL58-P2
age
64563
etag
b9bd00ec73544025b937f4253ff9de4c
x-cache
Hit from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, s-maxage=86400, max-age=600
access-control-allow-headers
Content-Type
content-length
19117
x-amz-cf-id
_StZRejJqcH-eWsDaHXVnPFCcPhubfkHGE1SrkYo7FvPw_vaYkPsUQ==
logger
www.paypal.com/xoplatform/logger/api/ Frame 78F9 		0
0
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mic/9AFD) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
d856585c00e65
dc
ccg11-origin-www-1.paypal.com
content-length
16355
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (mic/9AFD)
traceparent
00-0000000000000000000d856585c00e65-860cbab69ab0b3d8-01
etag
"64f25363-daa8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Wed, 06 Mar 2024 13:26:05 GMT
push
pixel.tapad.com/idsync/ex/ Frame 2E47
Redirect Chain
  • https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1709727965226&u_scsid=a11efccc-0ead-4bf0-a8e3-df8b0381b3da&u_sclid=0ea30d1c-36d2-4158-aee7-9bc1794005f5
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709340082897%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
332 B
473 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709340082897%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
/
Resource Hash
8128514a9917b6dcdf20f7ee24d6b00a27b2a6aa0f971acb988f358f25ac4005

Request headers

Referer
https://tr.snapchat.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
332
content-type
text/html; charset=UTF-8
date
Wed, 06 Mar 2024 12:26:05 GMT
referrer-policy
no-referrer

Redirect headers

alt-svc
clear h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 06 Mar 2024 12:26:05 GMT
location
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709340082897%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
server
API Gateway
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
x-envoy-upstream-service-time
2
index.html
www.paypalobjects.com/muse/analytics/ Frame 4C2F 		55 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mic/9BA9) /
Resource Hash
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16892
content-type
text/html
date
Wed, 06 Mar 2024 12:26:05 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc"
expires
Wed, 06 Mar 2024 13:26:05 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
af94aa03937d2
server
ECAcc (mic/9BA9)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-0000000000000000000af94aa03937d2-d546a45617231024-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
p
tr6.snapchat.com/ 		0
43 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr6.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 06 Mar 2024 12:26:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
via
1.1 google, 1.1 google
server
API Gateway
alt-svc
clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
noop.js
www.paypalobjects.com/muse/ Frame 4C2F 		18 B
188 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/noop.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (daa/7D8C) /
Resource Hash
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypalobjects.com/muse/analytics/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
paypal-debug-id
860baaefd9f52
dc
ccg11-origin-www-1.paypal.com
content-length
18
last-modified
Sat, 13 Feb 2021 00:26:56 GMT
server
ECAcc (daa/7D8C)
traceparent
00-0000000000000000000860baaefd9f52-8afffbe7df42fb9a-01
etag
"60271cd0-12"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Wed, 06 Mar 2024 12:26:04 GMT
ts
t.paypal.com/ 		42 B
173 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1709727965300&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (dcd/7D60) /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
correlation-id
fcae8ae114b75
server
ECAcc (dcd/7D60)
traceparent
00-0000000000000000000fcae8ae114b75-e9f8aca1514940a5-01
vary
Accept-Encoding
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
fcae8ae114b75
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin
*
expires
Wed, 06 Mar 2024 12:26:05 GMT
main-v2_51eb65df61c5708f828b71f2c6f19bd4.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		485 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_51eb65df61c5708f828b71f2c6f19bd4.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
652c78e1fed16ce8400b02e044db779e18e24371df4aefc7743ac3b0a3fe86a2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 14:33:21 GMT
content-encoding
br
age
78764
x-guploader-uploadid
ABPtcPoTAK0Q1FzvJG77EFTiIBhm63FF6pKNbrPrRsDHso1oDEpFpftPHvlOfuhAFeq7ZyXRlf8
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
107907
last-modified
Tue, 05 Mar 2024 14:33:15 GMT
server
UploadServer
etag
"ef8c8df5de944057a18ee3d3e51448bf"
x-goog-generation
1709649195431287
x-goog-hash
crc32c=9j1CKA==, md5=74yN9d6UQFehjuPT5RRIvw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
107907
accept-ranges
bytes
content-type
text/javascript
cjs_min_1e55b565811f11b08485230cf1d150d6.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sun, 11 Feb 2024 16:23:17 GMT
content-encoding
gzip
age
2059368
x-guploader-uploadid
ABPtcPog-NQg-K8_k0pTCXzkW2JGe58M6FlDArJnNNE8Q-fu-4HD-9Kiu5do86p4XWaRMRwKps4
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15751
last-modified
Wed, 13 Dec 2023 16:23:11 GMT
server
UploadServer
etag
"d7dc7d7ebcc4f5af5fc2d4804e7ec737"
x-goog-generation
1702484591435387
x-goog-hash
crc32c=3TW0yQ==, md5=19x9frzE9a9fwtSATn7HNw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000,no-transform
x-goog-stored-content-length
15751
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
token_create.js
ct.pinterest.com/static/ct/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3afda3a545f4af46f87af3efd62d036c7b950df588a444bd9464191236e79922

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:05 GMT
x-cdn
fastly
age
3824
etag
"e5a433af03b04b75eb9e68dadd108a70"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200
timing-allow-origin
https://ct.pinterest.com
alt-svc
h3=":443";ma=600
content-length
4044
ct.html
ct.pinterest.com/ Frame 940C 		565 B
405 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443";ma=600
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Wed, 06 Mar 2024 12:26:05 GMT
pinterest-version
875f2e02e50c112557997c9ed58d87a8d887f4ed
referrer-policy
origin
x-cdn
fastly
x-envoy-upstream-service-time
0
x-pinterest-rid
1586909744314712
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.80.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.80.149.34.bc.googleusercontent.com
Software
/
Resource Hash
09dabe6a722eb848d94724f7f97c4393652605471c787bba24647035dfe91bca

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:05 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.102.203.69 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
69.203.102.34.bc.googleusercontent.com
Software
/
Resource Hash
501e025f6f2171a74376b4d0b42f25844470d145ee9ee716301c0272410b121c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:05 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.124.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
38.124.117.34.bc.googleusercontent.com
Software
/
Resource Hash
9931197ba16483006740a0041fb1bd36fb02741f3b6ee7588cad8754abae6254

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:05 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
inbox-v2_c555afbb18897f16008370a417a91834.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_c555afbb18897f16008370a417a91834.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4c80ba44f61dd8c09ce0c57ca565f286b8bbb3f5ca6cb1fe882ad0d174eaafd1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Fri, 01 Mar 2024 07:29:08 GMT
content-encoding
br
age
449817
x-guploader-uploadid
ABPtcPqpiLt-EbhOVKDX2MRpz_OSmx7_AK_pHOYsvV0AYZX-pczOn9MkDeBLmnQNYn-5rjccsisDPpGnbg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4860
last-modified
Wed, 28 Feb 2024 14:45:46 GMT
server
UploadServer
etag
"9f22ee70a9494b465aa6cccf0424e225"
x-goog-generation
1709131546399944
x-goog-hash
crc32c=ugxA6Q==, md5=nyLucKlJS0ZapszPBCTiJQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4860
accept-ranges
bytes
content-type
text/javascript
onsite-v2_1e65144eaf4e12878292a8065df4997d.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_1e65144eaf4e12878292a8065df4997d.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7bcce32f4ef85233e030a2e0f1a2a81aefab5d602d45c655b1ff5f068ac8abb8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 18:20:19 GMT
content-encoding
br
age
1188346
x-guploader-uploadid
ABPtcPogzK79coujvxb9l77Ax1Ti4BEaZEGTiesxvaoT2kb7Jo64hgRUh5WqIL3EkLKBhcRSgw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4963
last-modified
Mon, 22 Jan 2024 18:43:50 GMT
server
UploadServer
etag
"aaf913c9914c1e9a66cc88a9a0b151cd"
x-goog-generation
1705949030274423
x-goog-hash
crc32c=jDxLwQ==, md5=qvkTyZFMHppmzIipoLFRzQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4963
accept-ranges
bytes
content-type
text/javascript
graphql
www.paypal.com/targeting/ Frame 4C2F 		446 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a0c96d3c8a9bae834aec51cec8cedb0802ba43978ab409533ed689a421c8d541
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-MdLRe6zbbn0gzrym1BiEZgNKqSyScaSPrpT4CR1jc0aARCpg' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypalobjects.com/
disable-set-cookie
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-MdLRe6zbbn0gzrym1BiEZgNKqSyScaSPrpT4CR1jc0aARCpg' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
disable-set-cookie
true
date
Wed, 06 Mar 2024 12:26:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f70872389567b
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-dfw-kdfw8210140-DFW, cache-mia-kmia1760078-MIA, cache-mia-kmia1760078-MIA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f70872389567b-f791a743af6e8fe6-01
x-timer
S1709727966.688638,VS0,VE277
etag
W/"1be-MlOKdkc8up9kIModvh93HR7u1xE"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
graphql
www.paypal.com/targeting/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,disable-set-cookie
Access-Control-Request-Method
POST
Origin
https://www.paypalobjects.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type,disable-set-cookie
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Wed, 06 Mar 2024 12:26:05 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f70872304a4d6
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f70872304a4d6-55de4b15b6247b68-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-dfw-kdal2120121-DFW, cache-mia-kmia1760061-MIA, cache-mia-kmia1760061-MIA
x-timer
S1709727966.532268,VS0,VE113
p
tr.snapchat.com/ 		0
93 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 06 Mar 2024 12:26:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
alt-svc
clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=13.99.5&pid=1926&pn=1&sn=1&uu=5a8f81db-edff-a0ef-e5b4-ceb5be57568e
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.65.148 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-65-148.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 06 Mar 2024 12:26:05 GMT
content-length
2
content-type
application/json
jquery-3.5.1.min.js
assets.bounceexchange.com/assets/bounce/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 10:09:39 GMT
content-encoding
br
age
872186
x-guploader-uploadid
ABPtcPr-KX0HCjg55J5M2Z0bTb1ter9es9ZTrTafvZiGOqu3bMIl4JMI-KH2_GU5NQgk1dXjOow
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31571
last-modified
Thu, 22 Feb 2024 18:02:41 GMT
server
UploadServer
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary
Accept-Encoding
x-goog-generation
1708624961067655
x-goog-hash
crc32c=W9o9Ng==, md5=3F5/GMjTasHT1HU6h8mNCg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
89476
accept-ranges
none
content-type
text/javascript; charset=UTF-8
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 0015 		2 KB
969 B 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
age
1659508
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Fri, 16 Feb 2024 07:27:37 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Thu, 15 Feb 2024 20:28:42 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1708028922119665
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
ABPtcPok97qFRmn0PNy6sqNHqNf2yY37CDfVW72JTRLs5iBACs4k5LWeDRPDgfRrbHoOOzHK_ev0Ftig8g
script-tag.js
cdn-scripts.signifyd.com/api/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-39.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:17:03 GMT
content-encoding
gzip
via
1.1 2080aae7ace369c71819923852e1b17e.cloudfront.net (CloudFront)
last-modified
Wed, 10 Jan 2024 11:26:22 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P2
age
543
x-amz-server-side-encryption
AES256
etag
W/"d34fe38d39e71cd6ace9ab1bfc0bb10a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
ovqPVDA9b0IY6sNcIqLy-HFOBosm_aO5WKoYwqBOpuB7hVt7lNex7g==
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-39.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:17:30 GMT
content-encoding
gzip
via
1.1 2080aae7ace369c71819923852e1b17e.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P2
age
516
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
Pq8d911Rl2_VRu0DYQKkpBA_Jdk9SaOvxz5hi9n13hhxkQd1yWnx1g==
ca.svg
www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10720/static/img/flag-icons/ca.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.120 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:06 GMT
x-amz-version-id
8NOp4UFLIKbAyQMGAcLE5l8.exsptZKi
via
1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
1097013
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/32D1a5fec678-1708630325-5664863187 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
679720
content-length
679
x-amz-meta-bundle
10720
x-yottaa-forcecache
true, true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-os
200
x-yottaa-metrics
3221a5fec61a/[10,5,-] 32D1a5fec678/[hit]
x-amz-cf-id
qku1CEDQlISm0CSTR5HqYFigVnk7FYvrEVTeMIOfPx4oPJ1RXW9Svg==
qinx7t25t2r49ada.js
imgs.signifyd.com/ 		98 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/qinx7t25t2r49ada.js?5dehs4da4h7waxms=w2txo5aa&128bq5u7uulstrtn=L2VuX0NBLzRmNTViYjBmNzMyOWQxOTJiOWVkNDExMTFh
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
13bf523ba5ff18f1c03af973b7b7518233e93bc3b0123187d6ba1d15d7302a35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Wed, 06 Mar 2024 12:26:06 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ts
t.paypal.com/ 		42 B
199 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfo&cust=Q39M9L8UTRJTJ&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=8&identifier_used=DFP&e=im&t=1709727966060&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (dcd/7D0F) /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
correlation-id
dbd6534df96a4
server
ECAcc (dcd/7D0F)
traceparent
00-0000000000000000000dbd6534df96a4-c38108d02868d6cc-01
vary
Accept-Encoding
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
dbd6534df96a4
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin
*
expires
Wed, 06 Mar 2024 12:26:06 GMT
c
ids.cdnwidget.com/ 		448 B
786 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=183063038&GCS2=ODJmYjM0YTAtOWM2Yy00YTVmLWIzYzUtNDk0YzljODc4NmEzLmxvY2Fs&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22m6YqkWpmHGjLV1D%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A12%2C%22IDStageStart%22%3A12%2C%22netComplete%22%3A146%2C%22obsReqview%22%3A183%2C%22obsReqpage%22%3A206%2C%22obsReqdata%22%3A233%2C%22IDStagePrefire%22%3A233%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-10%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%221677831989009336531%22%2C%22visitid%22%3A%221709727965637335%22%7D
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
cc03443ef4f96f117737dc8b060a6105a7366d8c45ce1584b77526850cb41d4f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
448
lookup
pd.cdnwidget.com/ 		49 B
205 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=2dJZ6ZupyZTYSQXn7Y8xrLKGb2a&bxwid=6664&bxdid=1677831989009336531&visitID=1709727965637335&enableUID2=false
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
server
istio-envoy
content-type
application/json
access-control-allow-origin
*
x-envoy-upstream-service-time
25
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=f2f66593-e669-4af8-8ac0-46e0c89127f3
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGYyZjY2NTkzLWU2NjktNGFmOC04YWMwLTQ2ZTBjODkxMjdmMxAAGg0I3sGhrwYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=00d1c266ad81fcce29dfbd15f23b9ea67fc8351061f34791d0fecc794c1a11046ac34734d8e453ee
37 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=00d1c266ad81fcce29dfbd15f23b9ea67fc8351061f34791d0fecc794c1a11046ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-type
image/gif
date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
x-samesite
secure

Redirect headers

date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=00d1c266ad81fcce29dfbd15f23b9ea67fc8351061f34791d0fecc794c1a11046ac34734d8e453ee
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
Wpv9pdXX57f13Lgw
imgs.signifyd.com/ Frame 2CC5 		276 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/Wpv9pdXX57f13Lgw?146fc0dae2b40d74=I5P1v8zL-3NBTvpeGMkCQNqR6uwca56R0U7lh4Vg2ZONbrr3wf-1qIS0lJrhpLDMI4KdCIWxrsWVGImZRmysBbi4fajDWhbfm3eQ2XwYjV1F-pKpGybo_q1DEeNbTQAyA1CI6kiJgw75ME4phx3xobwM5LhOrd1wGEX9njQEP-uIHuSFctqVG3sZCs63jqtUCdSthasfb6G11dLrPixt-9ODOS8&jb=3d3b242662736577355d6b666e6f757b2e607167375d61666e6d777b2f323a393b24687968753d4b60726d656d2468736a3d496a7a656f6d2f3232393a38
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/qinx7t25t2r49ada.js?5dehs4da4h7waxms=w2txo5aa&128bq5u7uulstrtn=L2VuX0NBLzRmNTViYjBmNzMyOWQxOTJiOWVkNDExMTFh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
17869320abe8445046a8325c374c94620363195b7d7ed75f1fbf2fd68b398c29
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Wed, 06 Mar 2024 12:26:06 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
87a166bb7d97eab7
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
JdmdOjPziPkBVqtJ
imgs.signifyd.com/ Frame 2CC5 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/JdmdOjPziPkBVqtJ?0451a66e21b3ecc3=iPYq1Vb6ax5Kf34Lg0UMdVdE0NlZUViGt7Boxu5Zh_rs5HEk8ulJ7zlwHcV0Y7km-xju2DV1NzjikC_LlZjIxTkmTUOwnlw-8uNwrVJF758_Lrff0Rm0F9kzG4Y3qba69jRghEMIYUSNtjaJ3tgxy5Lf_gJfbsBkVpsN0_WEMHro7wZd3g
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:06 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
c3KFbS5yVAmfRv16
imgs.signifyd.com/ Frame 2CC5 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/c3KFbS5yVAmfRv16?403c94ab1fb6bc69=LldImFF1KXDQ8z0iB7J8swKte4Y3E5VViVamJiZ4s0hUk-Uoj7MfPhziUeiXcva_CxE2_a1iOYxhjuxdhuqVObq7hpFS4sujK6jKV7jPzxwGebnv0dkkfDt-JLKaoZkI0hQw-naCYeiWg5FZhS63n47ezwNFl-rbnxoC_EwoIJTziqnQog
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:06 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
init1.js
api.bounceexchange.com/bounce/ 		79 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=1087&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAGATkICZDSA2GgFmIA5NgAvEKG44zAdwCmAIxypgAgPqoAJlzr1MAJwE4QAGzhoMBbsQAe+CjyUCYAxcsVRsAQzVrUCAOYS4itVAAWwYAAccAKQAzACCARQAYuERfLEAdAJqMEggOAC2AmhIOHEpadECCBIAwmGRiTAAtCnpmahI1YqoaY52OJgAbqiiwBIpIADWqAJQAYQAQuEUar5TwWUU3n6BFACsoeGrkZuRsXwJSTUZWTl5OxGFJWVbF0nVqcf1jc2taisU4cVTinMbFB--MYAEWwIEGw1GEym0hkvwW+BohEITCC+FITFIPFIQSCNHW+DmFC+-y60jhRDIlGoeJoQUIONWnymHThY0m-zUICcTgE0ikCDhMDaAiZ-wEHXMEk53N5-MFwtFFCQNkUvQAjsAAJ5w4iKnBwIQtHyyjA9EWA0JCt7m4nTLk8vmOKTSQpoGDDMkWkJWnA2qbK1Xy62KgO9Dp2ODmj6WhWEIGK6ROCKoRQ4YAAGRANk90ZCwEUkcVnhV0gAkvGvVMKNIAFIALRoAA0mGBPAAVBAgXwgADqADU+wBxADKTlINhsAAU+8QnITbaoYMBy6z-tX6zQ63BfJq622AJrDiCNhCEfdMPSKdMAaUHQgoNnn0Lnlah-26k+UXRAcBwxV-oAZD8Xo+n6744MOBo4EgTRCOYQa+iGNhIJ4kjAO88wUuQVC0AwxCEMCwKdCqOAANrSg6-IALqwMKxGpqR4qShRsqODRoH0WRoYSBqmo0bw4YMfqhpiOIfKmmIAjsXRglkSxjpFDIrqoO6vLSdanGkaG6m+pp3HhhoUm0Rpsmkb4Ng8hIWq+EZHEdC6MDkfarGKS6CBuh6OkCJ0DlaSqYYRrZdH9EMaFglKKo8sZulCL4UC8JkcWkQARKGyUADSpTY4hOCAiiahlqWoUgAw-sAhWeCAGSFb4iggNIcAoIVvoqihyVUZgvjodYeS+A4NjIJIMBqBZ1gdMW1jFoojqyOuDbNq2HZdr2A4jmOE7TrOmCLr0MhQHNm7bruB5HieZ4Xlet73jYQA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
e53f8fd2377c6267bb463aef14fa49f29091c0d564121ed2c00f4ee295d0a2ad

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:06 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 06 Mar 2024 12:26:06 GMT
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
32
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Fri, 01 Mar 2024 07:42:24 GMT
content-encoding
gzip
age
449022
x-guploader-uploadid
ABPtcPrb_oU1kbOxyA0khi_fcAsdzTzZ1ajBR2s3CAM2h0aQuvdtsUBHhvwxZMmRp7900zWZrRmD0DdlSw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6053
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
server
UploadServer
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
vary
Accept-Encoding
x-goog-generation
1670951542233151
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
6053
accept-ranges
bytes
content-type
text/css
visit
events.bouncex.net/track.gif/ 		42 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJamoWRlVqVUlGAE5NHQBlFAAzFCQQJ3pXd1UAMlAIGCQEeuR+pBxu8ChoCj4eNFN0BFgkUhw0yEhTYWo24xp6Ol26ASPGBFJ6+IIwHMgQeLBGC6yD2iwAfWCdrbpT+oBaC6uCBu8X+zSyPBQpDAY160H6YAIpFgNwImF0OEkqmYzBhE3hiORIFRAE8MTocT0JvF4JBssAmiAUDZLGAcJQXNpqKQCGgMLxXjwaNR5J9qI0oblhdRQgUEMBkK9ubyEPzBQURULxYghSEhfEmpBXgBHSDEnVyUWsdXSoVgWA2cFrFWvVG9SUagpa902gpKvkCzAC3hYG71EAq82ir06n3UfVISCRzWQ7XWmVxg2velI90W5MSmPpuYYV6m0y5qMp90uAAiuJgFwIEXDbI5Qt4IF4SYKmJcLgAHHJJBV+xVsRU5B42pJC0LQF31RbJC5mBUXNQXBVVKo9tRJKPdQVgEm27XD9ReGhaCAkGBIAECCgF8KLZAkLBcum0k1eABJGvdgUvAAFIAFqqAAGv2ABWaRiJgBCmAQnAAGooTENRoBUKAoAACihzBoLOBQIvUkD-oBF5gaooGwKYxKgWIACaNQAIoQZgLhMf2uhIAEdgxDY1BUGm7ZEYuOxtgU4C4f0oAEPAwQ0tkyCRtGsbgDU9pgPEzQ2KpEnqem+rxGkCClpsL7GMuq7rpu27qMwLjsgBsb1MAiYSTZa4blunixigBCRla6akKYgGrOsmzbM8zxHAIJxnAC1y3PcjzPG8HwZWc-yXClIK6SA4KYCmxHCZZIohXOpjHl557Ph6F5lUggFlfEHmRt5dl+eeEANRavwzrGaC6Z155PBJVW+h1Xkrj59n+cZKBZHMIBoJgFV5lJBTqCU1CuCenLALVVlTVyM1WV1vnbi557ULtBRyP2h1zidlXnqQF0ildC23WetadPAyDzNg0A2JkQjIDg6SZDkgOIKgGCg-Kt5EpgZKFDIJRlJU6jw8DSMwBYKCQPUBBIFkOAqPwQhSDiQOIyG0DBqA8RAsS5Y4MGYARLSpidNSd4qUg0DfjpqIo5AKo4DiGAENAFywNgSDEhcwY4AAqjUnRywrCnK6rBDBnIms1MYOsIPLisGyVOSa5gUARrUkAkwg0K6-0aBozgtABBb8ue2jtsID73LNLwKD+wrUCkngjLglHSF3pCash5OzD7lHFzYDwIapzgIjm1kRshziAi2G6nY4NuGj1lXP1+bu+4VJ0LO3Ag9eqH2g7DqO46TjuQ6dMWcrhgI9edIgRofpgbNVzi8ThCGNw5MnK0YnN3XbvQqgt4v4bYCgpggCjECojgLtoHIrej2zXOTwpSB3+XNidCDuAMw-ZFBjgVHgbR9FGIsXYpxbivF+KCWEp0b8SBVS8F-iBcCUFYLwUQshNCGEsI4XwoRIAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pageview
events.bouncex.net/track.gif/ 		42 B
165 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVarNgFpufAUNWoYvGJJDpCAMlCRYCRB2SFcXXlBDaQAI3QRCmYgHYAQtSroXGCQACbSev5kClRsBoQQkVSy-tAQqNKBwRBhEVRUUf6xhgl51Ml5HI640gCOuACekRT+AAyJ5VSEyM66+NnSXJKEMLgl+c15RfHt-pmh4TIwIVKCbHAhTdFTY2X+lai4m4VxO0l7VdIO6Mg7EzEnM3mmENINwLdbD6VeACIm4NA4EhuFwANZwYYALwgmAAbABWFr-MxAywgSSDIQGHD4IgFWj0RjwFjsNT8QTCUR2CQyeQSdiqHjkzQcbS6fSGZGAiwg8EvWxcDKOSCYbZc8zArhguCvervTCkYCc54SyxSvnSKEwxEAFlIRjEwEsvGAmCRhsQuA4bDNBrsRuspvN9sQYGATqMvC4y1t8AgzmGoyWcNhsJ1RlggeDAEYvC0AJxeKheeOh+F5aMADnjRmWsA4EBjsK8XkzpGj8ezLQTpFICPL4qBMaM8RqN0kBebHHQcEk+B07lwIBNmFjCaTKbTSYNPZWIGAMCgaWGg0wQ7A+rzQhhIRbXDQBcwfucRgBfcw1jSe7Y1WDVBCACkAFqwp-IYD1J8AFQAmgBlABFAANSQvB-TMAA9UAAGQAaQAcWcKgQCMbBHByEJMHvZ9YSAzMACtsC-DFgC4AB1AA1Cj4L-MB4xAEAAAUKJaMAgA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
clear.png
imgs.signifyd.com/fp/ Frame 2CC5 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/Wpv9pdXX57f13Lgw?146fc0dae2b40d74=I5P1v8zL-3NBTvpeGMkCQNqR6uwca56R0U7lh4Vg2ZONbrr3wf-1qIS0lJrhpLDMI4KdCIWxrsWVGImZRmysBbi4fajDWhbfm3eQ2XwYjV1F-pKpGybo_q1DEeNbTQAyA1CI6kiJgw75ME4phx3xobwM5LhOrd1wGEX9njQEP-uIHuSFctqVG3sZCs63jqtUCdSthasfb6G11dLrPixt-9ODOS8&jb=3d3b242662736577355d6b666e6f757b2e607167375d61666e6d777b2f323a393b24687968753d4b60726d656d2468736a3d496a7a656f6d2f3232393a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*, w2txo5aa/87a166bb7d97eab7l2vux0nblzrmntviyjbmnzmyowqxotjiowvkndexmtfh
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Wed, 06 Mar 2024 12:26:06 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 06 Mar 2024 12:26:06 GMT
Server
Apache
Etag
186537c5508a43ab9c2759ed818ca31a
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Mon, 05 Mar 2029 12:26:06 GMT
f3zohd4iEtFMaeNj
imgs.signifyd.com/ Frame 16F3 		91 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/f3zohd4iEtFMaeNj?d5d5dafbd43271a1=buJyyWvXTCNJ2u92MsAxF6shDahyxvYzOVpa0E3WOc35B7jt617u2g4Zk56b6bHfTq-jWz0PJnaTrr3LXrtczG9VvjStvMnghidZ44tU3_k3ewn-VyE5usO7B8nqizPRLPToySk6g0CP7mmhXUYP53Przc9dMc01CnacusH0BtEBeb1O_XTn43tZH79TWUWkh8B71NRoS_MXLgrQbraIv1FpzzVEqg
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/Wpv9pdXX57f13Lgw?146fc0dae2b40d74=I5P1v8zL-3NBTvpeGMkCQNqR6uwca56R0U7lh4Vg2ZONbrr3wf-1qIS0lJrhpLDMI4KdCIWxrsWVGImZRmysBbi4fajDWhbfm3eQ2XwYjV1F-pKpGybo_q1DEeNbTQAyA1CI6kiJgw75ME4phx3xobwM5LhOrd1wGEX9njQEP-uIHuSFctqVG3sZCs63jqtUCdSthasfb6G11dLrPixt-9ODOS8&jb=3d3b242662736577355d6b666e6f757b2e607167375d61666e6d777b2f323a393b24687968753d4b60726d656d2468736a3d496a7a656f6d2f3232393a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
2b7afa49c5d302dac3f2b743be9cbb5e18df2b5eec0e14c29940c06bf4dc0b76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 06 Mar 2024 12:26:06 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=98
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
rXoKCPnK9krk2S3g
imgs.signifyd.com/ Frame 2CC5 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/rXoKCPnK9krk2S3g?e1aef212b4bacca1=1b7kiHwopW_ZLED0CzdobSX25XdxfJ3fLsV4MvwN5prRevlgVm2fdsSBVbFJQwuphHGrPgyh0t668_X5bFXEaNi2tMK1PavAqXTOAUp5M2zjbMsfBX4blENttkN99eMMOgXqVhDXg2_Rbo_MBGY2UsX0vYs9IU0CEwuNww&jb=3b34246c7b6137616a3d66306f3967386a693a3c326c6d313e3030393f383e6e393337323d3935
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/Wpv9pdXX57f13Lgw?146fc0dae2b40d74=I5P1v8zL-3NBTvpeGMkCQNqR6uwca56R0U7lh4Vg2ZONbrr3wf-1qIS0lJrhpLDMI4KdCIWxrsWVGImZRmysBbi4fajDWhbfm3eQ2XwYjV1F-pKpGybo_q1DEeNbTQAyA1CI6kiJgw75ME4phx3xobwM5LhOrd1wGEX9njQEP-uIHuSFctqVG3sZCs63jqtUCdSthasfb6G11dLrPixt-9ODOS8&jb=3d3b242662736577355d6b666e6f757b2e607167375d61666e6d777b2f323a393b24687968753d4b60726d656d2468736a3d496a7a656f6d2f3232393a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:06 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
bIaIPBfH25RfSSYV
h.online-metrix.net/ Frame AA82 		104 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/bIaIPBfH25RfSSYV?c53308a2b7473681=O5tYP7ZyowOpbVSjMlPy_oDQxfBOiQF0CmMjNqSo2aNQMs5j0Qk2TnisNmrchPS4qfiSxE77WjORu-N_BfYLfJCj_GGHp79soGwqjr3e9fAFFv-3iX4dijW4EgpP5-8VOZ9eztE06IVwWaXfTj1feIEvBMgiyHojP2emhfybhGei8dimbHIUo66b1RYJCqolGnnRTgNwhe6IBnXEeq81NS1po5NAC34
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/Wpv9pdXX57f13Lgw?146fc0dae2b40d74=I5P1v8zL-3NBTvpeGMkCQNqR6uwca56R0U7lh4Vg2ZONbrr3wf-1qIS0lJrhpLDMI4KdCIWxrsWVGImZRmysBbi4fajDWhbfm3eQ2XwYjV1F-pKpGybo_q1DEeNbTQAyA1CI6kiJgw75ME4phx3xobwM5LhOrd1wGEX9njQEP-uIHuSFctqVG3sZCs63jqtUCdSthasfb6G11dLrPixt-9ODOS8&jb=3d3b242662736577355d6b666e6f757b2e607167375d61666e6d777b2f323a393b24687968753d4b60726d656d2468736a3d496a7a656f6d2f3232393a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
2ac38bb4fbd1250ca3ae89e01630ccd4525f3cec432317bf56bd4e57ed38625a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 06 Mar 2024 12:26:06 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
eW4lRY3T4wdRC8Aj
imgs.signifyd.com/ Frame E5B7 		91 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/eW4lRY3T4wdRC8Aj?de9fa18bfb83cad6=awLZ39Ib_HBR1EL3RbOoRWURYrxQODyjkRJXMS-f3vkkRD-4ndzNg2HDU35p8OTRT2vrXyFtJf0q6DDLzc95kGrKLVbVLPQ4jpqKst5tF0GXFoVa0Wk2i4lRx7OgWsUP-6UL8q1S12f2mWlE39gmyldqN1Oi1grEJImz_WWkmwAPqkvQGaOBTxLYSiJxJrcugKEocROox8IZKdObdpUe8F6abFVhE_Y
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/Wpv9pdXX57f13Lgw?146fc0dae2b40d74=I5P1v8zL-3NBTvpeGMkCQNqR6uwca56R0U7lh4Vg2ZONbrr3wf-1qIS0lJrhpLDMI4KdCIWxrsWVGImZRmysBbi4fajDWhbfm3eQ2XwYjV1F-pKpGybo_q1DEeNbTQAyA1CI6kiJgw75ME4phx3xobwM5LhOrd1wGEX9njQEP-uIHuSFctqVG3sZCs63jqtUCdSthasfb6G11dLrPixt-9ODOS8&jb=3d3b242662736577355d6b666e6f757b2e607167375d61666e6d777b2f323a393b24687968753d4b60726d656d2468736a3d496a7a656f6d2f3232393a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
a98b1fe3cd531e6b7791ebbf22ef1ffadf796245b48d33d2563e136fecaeb8ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 06 Mar 2024 12:26:06 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
rXoKCPnK9krk2S3g
imgs.signifyd.com/ Frame 2CC5 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/rXoKCPnK9krk2S3g?e1aef212b4bacca1=1b7kiHwopW_ZLED0CzdobSX25XdxfJ3fLsV4MvwN5prRevlgVm2fdsSBVbFJQwuphHGrPgyh0t668_X5bFXEaNi2tMK1PavAqXTOAUp5M2zjbMsfBX4blENttkN99eMMOgXqVhDXg2_Rbo_MBGY2UsX0vYs9IU0CEwuNww&ja=393b35302e26693f253c32382c7a3f382e6c3f393c3a38703b3030382c616c353b34323a7231323838267170713f327838266e727a3733243b363238243b30383a26393e3a322c3938303a243b34323a26313238382c333e38322e313a303a2e3826322e67743f693032306968696c6b3d35646c6c646c316f633a3e3b31343f3836603169356326656e37362e79616c3732362e64623f607e7e787b2f31412d38462f3a4c75757d24656c6e6b6f71656d766b637b2e696d652f304e6f6e5d4b492f304e6f666e25696d73656f74636b2761706367696e6964732478643f312678683735306c30306b61346a6b6c606d3b3b3b6a3d31383f6b653a6c396066683864342e60683f383d3332326c616e64693b343c6f62643f396f366c3a69303a693165313b356e2e60716d375d696e6c6777712d3a3233312e6a796035496a7a656d672d3a3a333a382c627b65773d5f636e6e677d712460796275354b6870676567246e606337333e2c6c6c673d3a2e66677678373a2e7c70663d586b63636e636127384c486f66676c77647d246f617c68783f3c3a323b6e31613a6a6f6138386f3e6b693736383a3838696e33373f3e30316e6c343730303336316c366f636938366c693936696e68663f3839393b3b3b36692c6478356276767a792533492d32442d3a4475777f2e6f6e6e696d7b676576616b792c6b65672d3a4c676e5749412f3a4c676e6c27636f7b656576616b2f6172616d636c6966712e7a3d72647d6d6b66556c6469796a253d4f666b647967237a66756761665f756166666d777b5f67676c6363577a6c63716d78273d4f6c69647967217866756d61645d636e65626557696370676a6376253d456c63647967297a6c776f61645d797f636b637e6b6d6d2f354f6e6b6e716f2b706c7d6f696c577b6a6d6363776b746d2f374d6c616e7b6d2b72647f6d616655706569667066697367702f3f45666964736729786e7767616e557464695d7866617b6d7a2f374d6c6b647b6f2370647f6763665566677c6b6c767a2d35476e696e7165297066776f636c57797665577e63677f6f782d3d4f64616479652b7866776563645f6a697e61273d4d64636c7b652c65645561357d65606f645d676a4d462d3a3a332e382f323a20457267644d4c253a3845512d3a32302e382538324b62706767697765215d676a4d462d3a3a454c5b462538384f5127383a312e382d3232204772676e4f4c2f30384f512d383045445b46273a3a4f5b2d383231263a253838496a7065676975652157676a436b76576d62416b7c2f30385d65604f444b4c4f464f57616471746964636f6c556370786b79732d3b42273a38475a5457626667666e5d65636e6f69702f314a2f38384d52565f6b66697a57696d6c7e786f6c2d3b42273a38475a545763656e67785d6a7f66646d7a556a69666c576e666d617c2f33482d383247525e5f646d78746a576b6e636d782539402d38324d52545d6e6465637c5568646d6466253b482538384f5a56556c72616f576467787c6a27334a2538324d5256577a6f6e716f656c57656c6e7b6f765f6b666167782f31402f383045505c5f71606966677257746f7a7c7f706d556c6d6c2d39402d383a4d505e5d746d72747f7a6f5d61656770726d7b736b67665d60707c632f314a2f30384f5856577c6f7a7c7f786d57696d6d787865797b636d6c557867746b2d33402d3a3247585c5f7e67707e777a6f5f6461647e677a556b6661796d747a6570636b2f31402f383045505c5f715a4f4027334a253832474f51576f6c67656d64765763646c6d725d756164742f3b4827303a454553576e626d577a676c646d72556f617a6f697a25314a2d3832474f59577b7e636e6c6b726e576e6770637c6174617e65712d3b402732384f4f51577e67707e75706d576c6e676b7e2d3b48273238454559577e677a7e7f7265576e6c6d697c5d6e6966656b702d39402d38304d4d5b55766d727e7d7a6f5d68696666556e666d637e2f33422d3a304d4d5b5d766570747f706d556a6966665d6e6465637c556661666f63722d39422f3a3a4d47595576657a7c657a5769707061715f6560626f617c2f33402d3a3a554d484d4457696d6c67785f687d6c64677855666c676974273b4a2730305f454845445561676770706d7b79676c557e6d707e77726d5561797c692731482f32305f4d42454457616d6d78726f717b6f66577e657a7c7d7867576f7e6b2d3940253a3a574f4a4d4e5d69656d707a6d73716d6c5d766570747f706d55677c6931273b4a2f30385d4f4a4f465d63676770786d7971676e557465707c75706d577131746b2539402d38325f4f42454457696d657a786d7b796764577e65727c7f7067557933746b5773706f6a2731422d323a554d4845445564676a7d6d5d7a6f646c6d78677257636e6c672f31402f3830574d4a474e576c677274605f7e67707e777a6f25314a2d38325f4f484f44556672697d5f687d6c6467787925334a2d32325f4d40454c576c65716d556167647467707c2f314a2f38385f4f404744556d7f647e6b5d6e7861772d3b42273a385547424f4c557267667b6f656e5d65676e67393c2c6f64556a3d6d68656e3f3c3136383b32316e6c37616a6932613969366b66383e343a3c35603a6933636a3e323e2e7d656c7e3749647c6f6e27383a496e6b2626756f64703f4966746f6e2d3832417869712d3a3a4d786f644f442f30304d646763666f2461696e3d31&jb=393736266471374f67706b646661273a4e3f2c382f3838205d6b6e6c6577792d38324c5e2f323039382e322d3b4027323857636c3e3e273b48253038703c36212f3838497a726c6d5d656843637627384c35333f2633342d3a322a4b4054474e2d38412d38306e61636f273a3a4d6d6b616d292d38304960786d6f6f2f3246393a322c3826343036392e33362d38325b6b66637a612f304e3f393f263934
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/Wpv9pdXX57f13Lgw?146fc0dae2b40d74=I5P1v8zL-3NBTvpeGMkCQNqR6uwca56R0U7lh4Vg2ZONbrr3wf-1qIS0lJrhpLDMI4KdCIWxrsWVGImZRmysBbi4fajDWhbfm3eQ2XwYjV1F-pKpGybo_q1DEeNbTQAyA1CI6kiJgw75ME4phx3xobwM5LhOrd1wGEX9njQEP-uIHuSFctqVG3sZCs63jqtUCdSthasfb6G11dLrPixt-9ODOS8&jb=3d3b242662736577355d6b666e6f757b2e607167375d61666e6d777b2f323a393b24687968753d4b60726d656d2468736a3d496a7a656f6d2f3232393a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Wed, 06 Mar 2024 12:26:06 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
Content-Type
text/javascript;charset=UTF-8
jhGzF43k2qRV3Pxw
w2txo5aa3czxibhw67gugldhver75mjsb2msesyj87a166bb7d97eab7sac.d.aa.online-metrix.net/ Frame 2CC5 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aa3czxibhw67gugldhver75mjsb2msesyj87a166bb7d97eab7sac.d.aa.online-metrix.net/jhGzF43k2qRV3Pxw?51bd8b68e7abb129=nfJtY7tKcgS9COTQI2jY5mfXtGrG8L0SUm9fkq804kKyLTOxxBElacCCIv8MRBFxvXFxhCbunL122xu66a984ldbpLAzxWngNbp-P7xcPM2CK-Ga0vWRD_4jL7I0-D3o6kWGsMkXT-uVbcm9pPmfsFNRdDHD9IcBr41R-1tNMzLWqzU
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:07 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 10 Feb 2024 12:22:53 GMT
age
2160193
x-guploader-uploadid
ABPtcPojQCwIDdevSiwlBCAs9oxdI2azHteg6WO6ZRrPCqhPo2dxHCJq-bTUlgHVWOEPANlcB6o
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
21acb0e87b74f5d66b46f5abbdfdae5d.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/21acb0e87b74f5d66b46f5abbdfdae5d.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c30b3c8f59aa0a8a6b4a286bee5ee71142b349231f200a3d8a8b1439f10c0cff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 05:00:21 GMT
age
1754745
x-guploader-uploadid
ABPtcPqtaRmr4iGNEOyLkhg2-AT5CIa4oIjgZ4lPI1Fs326AiPCOZOP8DAK-eL1yyrQmAzRC2_GexmzmWA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35063
last-modified
Wed, 01 Nov 2023 17:15:09 GMT
server
UploadServer
etag
"21acb0e87b74f5d66b46f5abbdfdae5d"
x-goog-generation
1698858909771820
x-goog-hash
crc32c=ojJAOQ==, md5=Iayw6Ht09dZrRvWrvf2uXQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
35063
accept-ranges
bytes
content-type
image/jpeg
845c9552fa83de62ce5c65e9ce22aa69.jpg
assets.bounceexchange.com/assets/uploads/users/8377/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/users/8377/845c9552fa83de62ce5c65e9ce22aa69.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4ad1a82d00680c14f55a66ee5d8d815fa36212052fb705209a5a9ec5c4bbddcb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:36:54 GMT
age
1712952
x-guploader-uploadid
ABPtcPrwwVCwEw_cQbhayL7tzslV5dH6u9RZZLVjbjxe5BonHy8OGkljLYBMSu6iOBMbm2OMjbDmGBMvYw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66529
last-modified
Wed, 17 Jan 2024 14:32:47 GMT
server
UploadServer
etag
"845c9552fa83de62ce5c65e9ce22aa69"
x-goog-generation
1705501966967402
x-goog-hash
crc32c=EAQCTA==, md5=hFyVUvqD3mLOXGXpziKqaQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
66529
accept-ranges
bytes
content-type
image/jpeg
a74a64f8eb64be9f44c7b9097bcc0e6c.jpeg
assets.bounceexchange.com/assets/uploads/users/8377/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/users/8377/a74a64f8eb64be9f44c7b9097bcc0e6c.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b23e3e7b45deac1835f88777002de6af4e6b698bac6d47c833214ca92f8aa62e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:36:54 GMT
age
1712952
x-guploader-uploadid
ABPtcPr5WEchZ2-F0B3j-VIYlPDI4SXIHP6usZ9wXIg1Gjj5ImDCGnbxquQHdfPSa6P8L5gh-NJfOqbXKg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74713
last-modified
Wed, 17 Jan 2024 14:32:47 GMT
server
UploadServer
etag
"a74a64f8eb64be9f44c7b9097bcc0e6c"
x-goog-generation
1705501966994802
x-goog-hash
crc32c=FfBtlw==, md5=p0pk+Otkvp9Ex7kJe8wObA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
74713
accept-ranges
bytes
content-type
image/jpeg
f6be4ebe275650bbe62c0c76f7533b70.jpg
assets.bounceexchange.com/assets/uploads/users/8377/ 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/users/8377/f6be4ebe275650bbe62c0c76f7533b70.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4258c25d31971ba63ce95e9daad134d486e282b1bc007ccaaee28a7ddf11f54b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 07:20:19 GMT
age
1659947
x-guploader-uploadid
ABPtcPpPYZJT8aOFOk5eurhS9_k3gF9NOebQMaBF7d29ixnIWlhyZtuoA6kzTUOKN9Bb_gWdcBC_5vkeCw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63805
last-modified
Wed, 17 Jan 2024 14:32:47 GMT
server
UploadServer
etag
"f6be4ebe275650bbe62c0c76f7533b70"
x-goog-generation
1705501966985896
x-goog-hash
crc32c=2ASgJA==, md5=9r5OvidWULvmLAx291M7cA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
63805
accept-ranges
bytes
content-type
image/jpeg
16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 10:24:16 GMT
age
871310
x-guploader-uploadid
ABPtcPptOjkiedhw3CpMKA7Bs7h6x7UWYbMgMRjWGvca0sjIJb2r0BwuJ0dlgY0mf4XtfNy8QfYSA6QV0Q
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2419
last-modified
Thu, 01 Apr 2021 03:01:32 GMT
server
UploadServer
etag
"16f45df19355361dc1c101036c0035b0"
x-goog-generation
1617246092060079
x-goog-hash
crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
2419
accept-ranges
bytes
content-type
image/png
cP-ZDuTZi7ha5BP1
imgs.signifyd.com/ Frame 16F3 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/cP-ZDuTZi7ha5BP1?19d2e04557eec298=V_2gBLMN5aW9YHntb8BFLZbvKvluEpFDkRSAMgdo-yHsvN3mEhOYZ2Zy8OMIHOHygEzGxw9ODUOzmsUnBe5gCiG7GoBHyreSISEHIhHz1KRTYSa10TNAox51VMH7BrBrqaUY5zwU1RXQfZi7-m3ojLRk45jRJWEplhUxZg&jf=3b34246c7b6237326c3b363d3937606e6a393b3c3d3830693a3a39393c623e3b6866323d693234
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/f3zohd4iEtFMaeNj?d5d5dafbd43271a1=buJyyWvXTCNJ2u92MsAxF6shDahyxvYzOVpa0E3WOc35B7jt617u2g4Zk56b6bHfTq-jWz0PJnaTrr3LXrtczG9VvjStvMnghidZ44tU3_k3ewn-VyE5usO7B8nqizPRLPToySk6g0CP7mmhXUYP53Przc9dMc01CnacusH0BtEBeb1O_XTn43tZH79TWUWkh8B71NRoS_MXLgrQbraIv1FpzzVEqg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://imgs.signifyd.com/f3zohd4iEtFMaeNj?d5d5dafbd43271a1=buJyyWvXTCNJ2u92MsAxF6shDahyxvYzOVpa0E3WOc35B7jt617u2g4Zk56b6bHfTq-jWz0PJnaTrr3LXrtczG9VvjStvMnghidZ44tU3_k3ewn-VyE5usO7B8nqizPRLPToySk6g0CP7mmhXUYP53Przc9dMc01CnacusH0BtEBeb1O_XTn43tZH79TWUWkh8B71NRoS_MXLgrQbraIv1FpzzVEqg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:06 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
graph
idr.cdnwidget.com/ 		0
135 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2dJZ6X8jhTnopoWVVGSg9aaPV0g&deviceID=2dJZ6ZupyZTYSQXn7Y8xrLKGb2a&bxdid=1677831989009336531&bxvid=1709727966522189&bxwid=6664&gm=true&apikey=2^HIykD&loadID=m6YqkWpmHGjLV1D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
x-envoy-upstream-service-time
0
server
istio-envoy
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
Tc11y0TPqnKz1K5p
imgs.signifyd.com/ Frame 2CC5 		0
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/Tc11y0TPqnKz1K5p?cfe472bcbff71b13=MSQKmjZWYpeN69CVpCttb3pDLBK0Unge1o_38D7Bk71I3YQ5yZLK-aJfGOgP0sKW_TKus2Cvxs80-hVPH2B5Hkbz_-bry72WXCX0MYRIEemAzu4CSK6gqYm2H8b90_G8DseNf6HC0pWRBaMvUgrDGgdAsbdxc7D2JebdWHUfv5qFTa4bJui-m9F8EYn2QwA-I1HlLXjKeoCc_mj0c56inE6XkRHdww&jf=3c3336267b696e5d7a6466357e6470573d5a5b66633231795255565d337146472c716b6e5564617c6d3d333f383b35323f393c342e796b6c55747b786d37756d68306d6b6e71612e79696e5761677b37393035313b30333b383432373a6132343c32616d3964323a383b323e3a323a69323434306965396c3a31323b3a37303b3c3232383836663238393931316f3a3e3a37313e3b3d606d696b6a6e6b61393d3c393e6c696335333331316c6a663b6b693b6337386632323832676d6f3034396c33306c6e6b6c316866623869313a3b6961336f3d32366d3d32333c396463336c653a67693c61383363356c383a353f3f6e393c6f64663e38333d303c333a6f3a62306a3f66247b61665d7361673731383e36383832323e386f303b38393e69333a37303334386b3b3734396c63616e3135303c393533633e323d61313a303c3d30663d3e32343e3b3c393d3b31613a3b66686a69373b3a3832303f3130336c393a61663e356f616e6c31383f31306b3e3d303b3c683d386835643f333432303a67313c3364633a3d663a396a6635623f643e33306864303d62602e7b63647a373a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:06 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=100
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
eligible
events.bouncex.net/track.gif/ 		42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7AAYAnAoBMClQDZtAFiUKycAI7yypEHwB2nAPoRgUHGVE8ADgQghrjnOr1tdXUAZgAOCxZUZEwcBBZrGIAPMgIQTFscACsoMh4mYFilMgB3TCQITkw-XX0yRihKv0VVDS1dAFZguTCVCgYIGObtBQUwkLkVXqVVEJDtDomyT3TGTBLmi0wTOAyh4H9XIggMzk4IPihOAg95ZTVNHRGVOSOT2wJ3CHpsRqZrHDXEAhfqMGI4YCRPD2PzqYAAKQAWtpEXB3ABPRFSACaMAAigANawKbFhJKoAAyAGkAOIIdQEMjiAioYAOA5wpHaAlhLLiKTWJjuJgAdQAamKaTAQCoCARqGKlCAgA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
eligible
events.bouncex.net/track.gif/ 		42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7AAYAnAoBMClQDZtAFiUKycAI7yypEHwB2nAPoRgUHGVE8ADgQghrjnOr1tdXUAZiMoFlRkTBwEFmtogA8yAhBMWxwAKygyHiZgGKUyAHdMJAhOTD9dfTJGKAq-RVUNLV0AVmC5AA4VCgYIaKbtBQVukLkVXqVVEJDtdomyTzTGTGKmi0wTOHSh4BwQ1yIIdM5OCD4oTgIPeWU1TR0RnWPT2wJ3CHpsBqZrHA3EBHAqMaI4YAWJh4ex+dTAABSAC1tEi4O4AJ5IqQATRgAEUABrWBQ47qJVAAGQA0gBxBDqAhkcQEVDABwHeHI7SE7qZcRSaxMdxMADqADVxbSYCAVAQCNRxUoQEA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pop
events.bouncex.net/track.gif/ 		42 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBVAZRLPH12PjoMAMQAy3cpVrw0uWs1YA5AIKEqARwwBGQtEjZgkeMTTwmGAEwAWAGwWLAZgDshAM7V80VgCNqaLwAehJCktBgAVq6E2CAsGAAMhADuuN6u8LC4Zhg2uVaEiPDpCOZaTvEAnE4WThW5AKz2WgAcFYQshV7ZWjZOTs0OWhWt8ZUODjb1g4SGpIW4Sd1uuOpUcl3m+dAANvBysDi4rrD6wNrlVTV1vcO6u-uQwEgE6UInxA7tuJ2sTG4gADNYAB9bIWJgAKQAWjYoVRgPQoQAVACaHAAigANNBOFHNAL4UQAaQA4t4LJBCAALSD4Jig8zg6E2THNcJUpFoMAgADqADU+SSOMQKpBIAAFPnxYhAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:06 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
3
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
wGtgwpuk2O08hpR8
h.online-metrix.net/ Frame AA82 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://h.online-metrix.net/wGtgwpuk2O08hpR8?52afbb3dcac7d272=_-nFG62Cr3DGDZKXr9x0ErUMxZIZvYZeu0nXSTn3VEL5vlEdJo4I4Wnc4aaB7mk8wFbnQifuryx6qrQbyLsaiU6ILv5vC_s3DmdH1GfOPLfLpXPhtokyBIXKE_TB6Pv8ybCTs9oIgqVcIPWeuA0yhUeIhtx_fq6GThHKC_pwp0QLE6h4bIUN7FEOUQW6L3adAUJB09j3E7VZEPkizg3BCAYa65rwBA&jf=3c3334267b696e5d7a6466357e6470576d5c6e42616d5e795c557a7a395446412c716b6e5564617c6d3d333f383b35323f393c352e796b6c55747b786d37756d68306d6b6e71612e79696e5761677b37393035313b30333b383432373a6132343c32616d3964323a383b323e3a323a69323434306965396c3a31323b3a37303b3c3232383836373769346b373c6966303362633b3c6b636b326f6d3e3b61306c3b356f6a3861333c6c34633e3b63313e6b3534356a3233603c69353b3a326038313c603d3a3f6e313860653c3b383e3a383461686e66303e6a39613e6a3234373b396b373c68613b3c31603d3b3d60696b3c316a6f61656a69333b306861663e6930653e6b63247b61665d7361673731383e37383832323d6d6b666e6c3b6e3e383b636b6f653a6e3e37363e3366613d6c65376a393333306b313935393d33383d62366d6e6934303e3c393b6e35633a3e323e3d6b34343a383231383863353e313635316d663d3b3a6c336a3d33303f6b39663a32323b693f64396b3f6338693930333b3a65336c3134673c693a61623f663f366c6f60393d39603d3d2c71616c783539
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://h.online-metrix.net/bIaIPBfH25RfSSYV?c53308a2b7473681=O5tYP7ZyowOpbVSjMlPy_oDQxfBOiQF0CmMjNqSo2aNQMs5j0Qk2TnisNmrchPS4qfiSxE77WjORu-N_BfYLfJCj_GGHp79soGwqjr3e9fAFFv-3iX4dijW4EgpP5-8VOZ9eztE06IVwWaXfTj1feIEvBMgiyHojP2emhfybhGei8dimbHIUo66b1RYJCqolGnnRTgNwhe6IBnXEeq81NS1po5NAC34
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:07 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
rXoKCPnK9krk2S3g
imgs.signifyd.com/ Frame 2CC5 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/rXoKCPnK9krk2S3g?e1aef212b4bacca1=1b7kiHwopW_ZLED0CzdobSX25XdxfJ3fLsV4MvwN5prRevlgVm2fdsSBVbFJQwuphHGrPgyh0t668_X5bFXEaNi2tMK1PavAqXTOAUp5M2zjbMsfBX4blENttkN99eMMOgXqVhDXg2_Rbo_MBGY2UsX0vYs9IU0CEwuNww&jac=1&je=3d3132262e776f6b35393a263b333026393b3a263d3d2e78673f6e672c626b7c79763f2f3d42253a3a6c677e6d6e27323a253943392432382f32412d3a38717c6b7e7d7b2f30322d39412f3a38616a6b786769666f25303a2d35462669756e6a3569633f6839673e6d3c3a396969696b3c6432693d633b31383b313c3934366a3d6331393f3b34623c6432666c3e3a3e3a3031306e6f366e3a396e6b6e3a343d33266f70393f613b3963346d38353b6d303366303f376c316e6e60386e383a3f69333a3c3e6b306a6f61336b39622c7d6b6a3f2f3d42253a3a61706b606b76656b747f706d2f303a2f33432d3a38273a382f3a4b2f30326a6374646d79712738382533492d32302d3a3027324b2538306a7863666e73273a3a2f31492f3f4a2d3f46253a4925383a6c776e665c65727b616f6c44617176253a322f31492f374a2f35462d3a49273a3867676a636e652d38322f3b4b6463667965253a4b25303a656d6665642538302d39432d3832273a3a2f304b2f383a786663746e6572672d383027394b25323a2d32302d3a4127323a7066637c6c6d7a6756677a7b636d662f383a2d3943253a3825383a2f30412f383277677f36362d3a30273349666b6e7b6f273f4e2677696437273f482f3a3a687061666e732f3a3827314b2f35422d3d44273a4b273032656f686b646f273a382531496e6b6e7b6f2f3a4b2f30327866617e6e65706f2f3832253b4925303a2d3030253f44
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/Wpv9pdXX57f13Lgw?146fc0dae2b40d74=I5P1v8zL-3NBTvpeGMkCQNqR6uwca56R0U7lh4Vg2ZONbrr3wf-1qIS0lJrhpLDMI4KdCIWxrsWVGImZRmysBbi4fajDWhbfm3eQ2XwYjV1F-pKpGybo_q1DEeNbTQAyA1CI6kiJgw75ME4phx3xobwM5LhOrd1wGEX9njQEP-uIHuSFctqVG3sZCs63jqtUCdSthasfb6G11dLrPixt-9ODOS8&jb=3d3b242662736577355d6b666e6f757b2e607167375d61666e6d777b2f323a393b24687968753d4b60726d656d2468736a3d496a7a656f6d2f3232393a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 12:26:07 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
id_sync
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2dJZ6ZupyZTYSQXn7Y8xrLKGb2a&source=web&agent=cjs&deviceid=1677831989009336531&visitid=1709727966522189&websiteid=6664&pageviewid=1&sequenceid=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 12:26:07 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
92f709e941df3b754df46c209f8b21499ea6c3feb8ad5abdd5c0264a5dcb2595

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 12:26:07 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/en_CA/
Domain
www.paypal.com
URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Verdicts & Comments Add Verdict or Comment

217 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host string| _pxAppId object| PXXT4Gy2ig object| PX undefined| _XT4Gy2ighandler function| $ function| jQuery object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive boolean| __HYDRATING__ object| dataLayer function| getDataLayerEvent boolean| rakutenDataLayer object| DataLayer object| gaViewedIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otSPAPathChange boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom object| OneTrustStub object| DYExps object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| DYO function| DYID object| contextManager object| DYJSON string| OnetrustActiveGroups string| OptanonActiveGroups string| GoogleAnalyticsObject function| ga object| _uxa object| otStubData object| gaplugins object| gaGlobal object| gaData object| DYWork function| $dy object| Optanon object| OneTrust boolean| otLastAcceptAllValue object| DYCS function| create_UUID function| createCookie object| HeroWebPluginSettings string| HeroObject function| hero function| snaptr function| pintrk number| gtmPageLoadId function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_ function| ___rmuid object| ___RMCMPW object| _scPxHelper object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels object| GooglebQhCsO object| og object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions boolean| OG_OFFERS_TEST_MODE_ENABLE object| OG function| UET function| UET_init function| UET_push function| DataLayerHelper object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs object| CS_CONF function| csSymbol object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| UXAnalytics object| ueto_8b6134c9ae object| uetq object| bouncex object| paypalDDL string| PaypalOffersObject function| ppq object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| __post_robot_10_0_44__ object| PAYPAL object| webpackChunksmart_tag object| bxgraph function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie function| a0_0x1b34 function| a0_0xfeda object| sigScriptLoader object| SIG_SCRIPT_DEBUG object| threatmetrix object| cti110221 function| tmx_run_page_fingerprinting function| tmx_post_session_params_fixed boolean| tmx_profiling_started function| close_bouncex_ad

90 Cookies

Domain/Path Name / Value
sc-static.net/scevent.min.js Name: X-AB
Value: b9bd00ec73544025b937f4253ff9de4c
.elfcosmetics.com/ Name: pxcts
Value: b09e7833-dbb4-11ee-b068-f7155a0ecdf0
.elfcosmetics.com/ Name: _pxvid
Value: b09e6db7-dbb4-11ee-b068-53d381ffb6f9
.youtube.com/ Name: YSC
Value: mUPaGZHMHc8
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 7bG4vF_hnbM
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%22118a967a-1adb-64e4-e55d-c9dc7fff5b00%22%2C%22e%22%3A1709729760925%2C%22c%22%3A1709727960925%2C%22l%22%3A1709727960925%7D
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%223b98a742-774c-a466-bbdb-e7eeb35d9aff%22%2C%22c%22%3A1709727960928%2C%22l%22%3A1709727960928%7D
.elfcosmetics.com/ Name: _dyjsession
Value: 54q60rgoz2n5cgwlgdd3hgewxgh9i41l
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fen_ca%2Felf-cosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: 54q60rgoz2n5cgwlgdd3hgewxgh9i41l
.elfcosmetics.com/ Name: _dy_c_exps
Value:
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.1836160024.1709727962
.dynamicyield.com/ Name: DYID
Value: 8754997913541173466
.elfcosmetics.com/ Name: _gid
Value: GA1.2.1349105240.1709727962
.elfcosmetics.com/ Name: _gat_UA-432816-1
Value: 1
.elfcosmetics.com/ Name: _px3
Value: e80b3b97663058acb10209483738c80646cdabdb1a65453caa02b4872cf26097:hUVuP9kIhTDj1zjEOF+VETY2bbbfUHAyJs5I4p6sK69dVkgXFnw82Mi6SGOJ/bI3I0u8s0NG1zG9HlmpqoaqXg==:1000:F66SP+N82nIquRG3OktGRvdyfStNh7QT4gfzjqOoEQn4lf6rh8oHJLk9MS4+ExcOesgsen4fNWt8ZNmd1z5d+Z4pnYvIk8sx1A7oK8UobXjdZ2X2yq7Quc6lSCF4ehU1bdsiOiYrbo+M9ne9BX/IciT76xlxGVFG3mzL48v4owuoGTiSpdeB6Ap9a1Q9daKpu8putjj91fJrAgX1s9xImhYtDyYdHkERCO7HphqvP1g=
www.elfcosmetics.com/ Name: scapi
Value: prd:7a70afbc-d258-4c09-9cf3-ba89ef907bf2:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjdhNzBhZmJjLWQyNTgtNGMwOS05Y2YzLWJhODllZjkwN2JmMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3Mjc5MzIsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJobDBkMWtmZUt3S2tSeGNnWm1iWVl3WGEzOjpjaGlkOiAiLCJleHAiOjE3MDk3Mjk3NjIsImlhdCI6MTcwOTcyNzk2MiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA1NTM5MTQ4OTI0Mzk3MSJ9.w7VqVDRoRmzt3bJVlsTupAHzQFoNHDb8Qn9NyTx5eMZ7hE0nqvmv5p5VIN6gORJGS1hnwr28lNLH7K3-YT63Ng
www.elfcosmetics.com/ Name: dwsid
Value: jFbcrPIObvxUOwAn-_r2s_cP06FPEDGF3ZYWnb-1L3nrNjOl87DoRu6NMNxIe9x9GNuphrFUyyfsCkJlkuezew==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: bhl0d1kfeKwKkRxcgZmbYYwXa3
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Wed+Mar+06+2024+02%3A26%3A02+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=ebfb8080-1520-4661-84cb-75896aefb11d&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2COSSTA_BG%3A1%2C4%3A1%2C5%3A1
.elfcosmetics.com/ Name: _dyid
Value: 8754997913541173466
.elfcosmetics.com/ Name: _dycst
Value: dk.w.c.ws.fst.
.elfcosmetics.com/ Name: _dy_geo
Value: US.NA.US_FL.US_FL_Miami
.elfcosmetics.com/ Name: _dy_df_geo
Value: United%20States.Florida.Miami
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
.elfcosmetics.com/ Name: _dy_soct
Value: 647796.1248068.1709727962.54q60rgoz2n5cgwlgdd3hgewxgh9i41l*836603.1652212.1709727962*837245.1654610.1709727963*861617.1750272.1709727962
www.elfcosmetics.com/ Name: FPC
Value: c1ff773f-e10d-40c3-923a-cb1e350424f3
.adsrvr.org/ Name: TDID
Value: e879e6b8-3504-4720-b865-cd7688a0c4d1
.adnxs.com/ Name: XANDR_PANID
Value: s4g4Ce9zDDN6dlvA9c3IppuuarCoHRhDAOa3jIVccZOOfwVbV3KycfZIwtbryrDcOvXb-Zo6EEKv4882lv3-TbvqV7-_iijUcQTxVj65wC8.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 3240097284315772840
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2GUjvA%Rl!@wnf-Te9(>wL5L!!'FW$chYT
.doubleclick.net/ Name: IDE
Value: AHWqTUmYP1E5ja9ldIAS8vXGvAlPfIESUNg5OLqXTd3GIzwFgHvEhgFJzoVJDtyYa2I
.pointmediatracker.com/ Name: c
Value: 42a2c748-74da-487b-9842-6be029137c8a
www.elfcosmetics.com/ Name: esw.currency
Value: CAD
www.elfcosmetics.com/ Name: sid
Value: BQvZusQMteSe6WswzonDOH5S1rd5EuqdF0Q
www.elfcosmetics.com/ Name: _dyid_server
Value: 8754997913541173466
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: true
www.elfcosmetics.com/ Name: esw.location
Value: CA
www.elfcosmetics.com/ Name: currentLocale
Value: en_CA
www.elfcosmetics.com/ Name: esw.sessionid
Value: bhl0d1kfeKwKkRxcgZmbYYwXa3
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_CA
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.tiktok.com/ Name: _ttp
Value: 2dJZ67NPCYBMv0qD2e5MJgT4bTa
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.elfcosmetics.com/ Name: _scid
Value: 276a9332-41a3-4125-9e20-f3fcef98e388
.elfcosmetics.com/ Name: _scid_r
Value: 276a9332-41a3-4125-9e20-f3fcef98e388
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1709727963923.9fe5ead7-7e92-4320-ab84-23f920e55ae8
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1709727964.1.0.1709727964.60.0.0
.elfcosmetics.com/ Name: _ga
Value: GA1.1.819814714.1709727962
.bidr.io/ Name: bito
Value: AAKHsU7L0MIAABJhSkVqig
.bidr.io/ Name: bitoIsSecure
Value: ok
.rubiconproject.com/ Name: khaos
Value: LTFRVWB4-1P-AHGY
.rubiconproject.com/ Name: audit
Value: 1|8hdXaimAYv9ztFCSxrzFlniBGfEh25mvJkQVNvjqLWCbz16xSA9sXQzpr+acL700gDsILeZpDnOM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLv1kSFr97OZcVO5HCpwied1eK8yBlG6i6sNX3RFG22cReatwqJcJ3raOpWvBGztqNVbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.elfcosmetics.com/ Name: _uetsid
Value: b35d6fc0dbb411eeb208918df893de34
.elfcosmetics.com/ Name: _uetvid
Value: b35d92f0dbb411ee9f8e690789aed181
.bing.com/ Name: MUID
Value: 3862E17141376B191C91F54B402B6A72
.bat.bing.com/ Name: MR
Value: 0
.hb.yahoo.net/ Name: visitor-id
Value: 3527295641524549000V10
.hb.yahoo.net/ Name: data-ttd
Value: rightmedia~~3
.elfcosmetics.com/ Name: _cs_c
Value: 0
.elfcosmetics.com/ Name: _cs_id
Value: 5a8f81db-edff-a0ef-e5b4-ceb5be57568e.1709727964.1.1709727964.1709727964.1558384338.1743891964643.1
.elfcosmetics.com/ Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a
Value: author=client&expires=1741263964657&visitor=80faa818-be18-47a2-8674-32fff50d6738
.adsrvr.org/ Name: TDCPM
Value: CAESFQoGZ29vZ2xlEgsI7vG599P43jwQBRIXCghhcHBuZXh1cxILCLbij_nT-N48EAUSFgoHcnViaWNvbhILCP6DkPnT-N48EAUSGQoKcmlnaHRtZWRpYRILCNjniPzT-N48EAUSFQoGY2FzYWxlEgsIlNKo_9P43jwQBRgFIAQoATILCNLiyZ7q-N48EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1709727964725.1323436544
.linksynergy.com/ Name: rmuid
Value: f2f66593-e669-4af8-8ac0-46e0c89127f3
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: 78ivZA4lss14WU2pPxKhOkC_gkK
.pinterest.com/ Name: ar_debug
Value: 1
.casalemedia.com/ Name: CMID
Value: Zehg3NHM79QAAEldAB4q2QAA
.casalemedia.com/ Name: CMPS
Value: 1522
.casalemedia.com/ Name: CMPRO
Value: 1522
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPVpUSmhNemxrTVRJdE1UQXdZaTAwTlRSbUxXSTNOV0V0WXpZNFkyRTROR1UyT0RSbA
.undertone.com/ Name: UTID
Value: a7d4fa4a44fc4deaaaeaaaa24a62b316
.undertone.com/ Name: UTID_ENC
Value: 9xp4osfhfm0g8rkr6022xltsm
.snapchat.com/ Name: sc_at
Value: v2|H4sIAAAAAAAAAE3GuQ0AIQwEwIosrT/2fOVgRBUUT8pEE+o58KW0e0vEmlLsLTMbbFsGr6OBX4misUaep7i0INmzQAAAAA==
.elfcosmetics.com/ Name: _sctr
Value: 1%7C1709719200000
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.1709729765579
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2dJZ6X8jhTnopoWVVGSg9aaPV0g","deviceID":"2dJZ6ZupyZTYSQXn7Y8xrLKGb2a","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJkSlo2WDhqaFRub3BvV1ZWR1NnOWFhUFYwZyIsImRldmljZUlEIjoiMmRKWjZadXB5WlRZU1FYbjdZOHhyTEtHYjJhIiwiaXYiOiIiLCJ2IjoiIn0%3D
imgs.signifyd.com/ Name: thx_guid
Value: ab25cfea9372b168e8d24412ec9b8792
.rlcdn.com/ Name: rlas3
Value: Kpfwrevi787E/cM+Ml9EGqX2X9yAaFW1xu+y0P81aP8=
.rlcdn.com/ Name: pxrc
Value: CN7Boa8GEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-03-06T12:26:06Z
.bounceexchange.com/ Name: bounceClientVisit6664c
Value: %7B%22vid%22%3A1709727966522189%2C%22did%22%3A%221677831989009336531%22%7D
www.elfcosmetics.com/ Name: bounceClientVisit6664v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgJVqAWgbNWHaQCc2TNvwCGYFCAA0IBTBA6QbFIIDm9QSgooUbevxjUN13SfMQrNuw6cuKAL5AA

159 Console Messages

Source Level URL
Text
javascript error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/1638306756445368?v=2.9.148&r=stable&domain=www.elfcosmetics.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 109)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709340082897%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
Message:
Failed to load resource: the server responded with a status of 502 ()
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ads.undertone.com
adservice.google.com
alb.reddit.com
analytics.google.com
analytics.pangle-ads.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.usehero.com
cm.g.doubleclick.net
cnv.event.prod.bidr.io
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
evt.undertone.com
external-api.jebbit.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
hb.yahoo.net
i.ytimg.com
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
jnn-pa.googleapis.com
js.cnnx.link
js.jebbit.com
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
pixel.tapad.com
qoe-1.yottaa.net
s.pinimg.com
sc-static.net
sdk.iad-05.braze.com
secure.adnxs.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.doubleclick.net
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
tr.snapchat.com
tr6.snapchat.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aa3czxibhw67gugldhver75mjsb2msesyj87a166bb7d97eab7sac.d.aa.online-metrix.net
www.cosmeticscriminals.ca
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
cdn-fsly.yottaa.net
www.paypal.com
104.18.36.155
104.26.12.205
108.139.23.251
15.197.193.217
151.101.0.84
151.101.1.21
151.101.130.133
151.101.65.140
151.101.66.133
165.254.198.120
172.253.115.155
172.253.63.149
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
204.141.89.114
204.2.50.206
23.15.9.25
23.212.249.215
23.4.234.235
23.45.233.43
2600:1408:5400:d::170c:93a7
2600:1408:c400:12::17cd:6b1a
2600:1408:ec00:280::1931
2600:1901:0:56e0::
2600:9000:2073:2000:a:7914:b00:93a1
2600:9000:2479:400:11:85b0:d600:93a1
2600:9000:2508:fa00:15:ad21:c740:93a1
2600:9000:269f:a800:13:d6f4:3240:93a1
2600:9000:26a0:8000:a:b89d:a6c0:93a1
2606:4700:4400::ac40:952f
2606:4700:4400::ac40:9b77
2606:4700::6812:83ec
2607:f8b0:4004:c07::69
2607:f8b0:4004:c07::77
2607:f8b0:4004:c08::61
2607:f8b0:4004:c08::95
2607:f8b0:4004:c08::9c
2607:f8b0:4004:c0b::5e
2607:f8b0:4004:c17::88
2607:f8b0:4004:c17::8a
2607:f8b0:4004:c19::64
2607:f8b0:4004:c1b::5e
2607:f8b0:4004:c1b::5f
2607:f8b0:4004:c1d::9a
2607:f8b0:4004:c1d::9b
2620:1ec:c11::200
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
2a04:4e42:400::396
2a04:4e42::649
3.162.3.15
3.162.3.39
3.162.3.51
3.214.16.184
3.229.102.46
34.102.147.248
34.102.203.69
34.111.113.62
34.111.8.32
34.117.124.38
34.120.253.250
34.149.130.207
34.149.80.61
34.98.67.3
34.98.72.95
35.190.10.96
35.190.43.134
35.244.154.8
44.208.207.37
44.208.222.212
52.17.65.148
52.85.132.58
54.145.61.158
54.221.246.23
68.67.181.211
69.173.151.100
041fae481014a4280437ee1e028f934eadd7590e31f4050c18a57dc4ea7360b3
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
08d023c583036b4414546ec093ffc7335a1e18cbf4f3b1422027217ae9a8dc78
08e0ef4f857424e23e46aa727929a7e1863d3fa10a527d67bf065677a5a4abfc
09dabe6a722eb848d94724f7f97c4393652605471c787bba24647035dfe91bca
0f5fe767ec60aa4b60c09496259716f16d914bc3588105ab8e6a55c876870c9d
0fa295c05c5e6929d1ec1c79bafad9472084569d81bdd2c5bf5798edf5060d9f
11762f3811534382a7fe191591000ebd869ce22a1936004470c4ce1d420a36a1
124a3ee06478067be34941371ffcaf573821fde420182686dccc82a488fdd33e
1338e6bab74fb66363b2b4228149231f126961fbbc25707ea136b38a14331d84
13bf523ba5ff18f1c03af973b7b7518233e93bc3b0123187d6ba1d15d7302a35
14c7e1f20b204a340d879bdcbec3dfc80f2843a01c8d8ce5b94900f7556962c3
17869320abe8445046a8325c374c94620363195b7d7ed75f1fbf2fd68b398c29
181a3657fd32b7fc38f207af13a7b304d619517db56e3412164ae9823d81c1f9
1c3a587051d3dc4dbd66b6532fdf326a3a2172ebbbac82d1eb9e1d04748ae357
1d16cbf24d53ba3dc9c081aea9064065dfd20331e61856b49a83c706a41cc53a
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d
1eebbe20a7e11128ee261e88cadbc5f467f81690a0bb0a8aa2a529a8f04aee43
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
2323918c968f88f7824d1391806958de07015a04ff7771b6999119924136b2ff
24ac4da29c53564ae8c82180e85921818ad3fef0311e627f08b6edddf79a3b34
274b7e35ec982845ba91d82df211828e72840312ce5411597082d624d91fc07d
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ac38bb4fbd1250ca3ae89e01630ccd4525f3cec432317bf56bd4e57ed38625a
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
2b7afa49c5d302dac3f2b743be9cbb5e18df2b5eec0e14c29940c06bf4dc0b76
2c731639a8cd6d684aafb593e9a6f89e06ef09291f460186da9856e29975a75e
2f3989acda5131345cd5dd5f11e9c3c373fd3b09eb1a2a64fb2d6b302ea020a6
2f3f08989d311e2a5e808fb023778e1f3735cfc0e28f345a4f5194b8b40eb1f2
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
30fd0bef7a4ee8f974988a3cf7b7ad4ee394964ff05ef2fe3b1e25bbd067aab1
31388933343ea4990be418d28fd3abf8afca93044e5fbbf9e38d7d9c4528b13b
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
3647c672a453341430a3684a219414cb50fad3fc9c008e00bb22eb1427fafd00
36f65b054381315fbc6b850d4b5c1913e8f8312ba6273d1e747b500268ff667b
36ff871d9fcff613aae4a44802fc606d1d4838ea4f6efba815f0a1ec95bbd101
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3961f2636db03aa7569d5b5049d977a9914159926bd57461639fc9c02ce169ae
3a062f8a5a3e6605263938dbbfbd28f7662cbe38e0b651d1ad6ec567e842e6de
3afda3a545f4af46f87af3efd62d036c7b950df588a444bd9464191236e79922
3b4f2e1b70a9ab8aef23d65cc1b072b5eb6eba4979f6575c64771256e260409d
3c99331a2819f46e19997f55a71f9b4d42a754a3a2362dd7e02867feeb6cadbf
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
40280b407fc4b8ebdaf816540ce9689f522491338bd48f3291332e77128222b1
416fd499f7b277e03a016bf7bf9b71d805f33bb1573373826987a1157789a200
4258c25d31971ba63ce95e9daad134d486e282b1bc007ccaaee28a7ddf11f54b
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ad1a82d00680c14f55a66ee5d8d815fa36212052fb705209a5a9ec5c4bbddcb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4c80ba44f61dd8c09ce0c57ca565f286b8bbb3f5ca6cb1fe882ad0d174eaafd1
4f29dd7336843d1a736b95dcf5357ba5bc73d10e52e3f040ef240e4ca7ff9821
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
500dc635c1293fda428e18c2ad316b247a2002cd29df71d49cd39c6eb9020a1d
501e025f6f2171a74376b4d0b42f25844470d145ee9ee716301c0272410b121c
50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5
531ef7940572582069901106df7de3753dc09ac322c6e58e9680b74aee65b0fa
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c8c192adca12497452b0a6c25b5913fad79f9afc4760673947377cd81575d81
5ca9c43a4648cd983b6581a2086f37c4387342eee835193f9407521be147e000
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
652c78e1fed16ce8400b02e044db779e18e24371df4aefc7743ac3b0a3fe86a2
65a3f669b13f6b35a9e6bd0788784a1bb3b82ead49598684dcfaeda3b15d78bc
68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
694cf59c4851392846a4f01d91cb087daff67535111e104158264a0f53ba6bdf
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
6a70ea0130213b0b708763901be196a10358f6f3cbf15d5c3663874176dc57e8
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6eb664ab4aab2cfe182a60bd4b94b1a498c8ee71eb6d1572336d1425bb8e5bbf
713ecf111b58e86a5e06be0de8e2d72595e7a3ff6b9931208e595fe517bfa31e
71cfd0bf781e3f393bca283fc9d44777a2036985a4ffe9abedf14909e63a8aef
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
75927d0358c1e3566824a09f2c92c9c77b0fa3f25b375549b419ee33eb6ef380
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
7661e600b7275d95775b7fd96925829aec2b223b504f49cdb6b9d59a75ef2de2
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7bcce32f4ef85233e030a2e0f1a2a81aefab5d602d45c655b1ff5f068ac8abb8
8128514a9917b6dcdf20f7ee24d6b00a27b2a6aa0f971acb988f358f25ac4005
815a0320ad8f92f8cf83f9a2804622e5acf474e6ef479f8cf1dbbb0d68845e89
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8344b30c4f0eb1c6f29e7515183b8d91e55f80563104c8f15b6d156217091f00
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8b4baed685e61c19084227c70d48e2795b3df77fa784767ad956f35ac73fa358
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8db85ac8c01a74779a703eca257950a05237337f40b1c21d5e65b1f67a18ff9d
8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
92f709e941df3b754df46c209f8b21499ea6c3feb8ad5abdd5c0264a5dcb2595
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
947a80c977c6791c81353f2cad728d28481cde9dd33af8627b18e90cd8e485cb
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9661ab143a170edc4ce838e0db02e1790c92ac9862517ace413c93b666e4c2d4
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77
9931197ba16483006740a0041fb1bd36fb02741f3b6ee7588cad8754abae6254
a0c96d3c8a9bae834aec51cec8cedb0802ba43978ab409533ed689a421c8d541
a120256213a1ee47b7ea75ad2b0565bbd0b77ebfa0a9dc26612bc304b74e55c0
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a57c870a576b433cd110ddb6a6f86ce922e7ed0758c1da9e7e3190ff42c45fa4
a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df
a922d69396a01553b649bb1dbe6984deff25f41f484417f801da5d04efe0bc8f
a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139
a98b1fe3cd531e6b7791ebbf22ef1ffadf796245b48d33d2563e136fecaeb8ae
aa5f9e1398b22c547a13083b110ab68b736cc8e871e984b9d1dc0715d3aa396c
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af7106cddc57cb9c88803c862459e1b11041ad970cc9719c092a328352f53252
b0ae6ca3caa68945caf45f000efe5b8a052d45d9438cd4ca92221abe5c05e707
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23e3e7b45deac1835f88777002de6af4e6b698bac6d47c833214ca92f8aa62e
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf61062f0c0de0f5360e8bf4660c7c3c711aaee42a469c1f310fdee1fda426dc
c1ec111bead622ab051fb14de9b6cf0f9f848c63fa4053fc0b9c2a1589e7be8c
c30b3c8f59aa0a8a6b4a286bee5ee71142b349231f200a3d8a8b1439f10c0cff
c83f443bb9b02744034d24f530ba1b4ae2c2b2abab9062154dec9a8d0f3c463c
c861873c058e3ef607c4227269ff41e27e65e8f6924112cd35687d4b14677abd
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc03443ef4f96f117737dc8b060a6105a7366d8c45ce1584b77526850cb41d4f
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d85e4dcb52ce714c7136eb95a32765325205a4aabdb51932bd9024c400be665d
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
d9fa73b25477095c86a1e8df662d123967340a20cd6ef001a7e28e18b544c9c3
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53f8fd2377c6267bb463aef14fa49f29091c0d564121ed2c00f4ee295d0a2ad
e96d1ae2515a7adf6e1fa754960645298839e87cd2a139fb6dc94c3e45ab9066
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ea6b7f8e4082f1010c7d5bf851a5ded165517b36e01251fdfd548c046070936f
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eeabf00a73c18478ea0facefffc501e97b284f952842259e530134e06b5a00ce
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f078959678c0fb456631097af5cfa0dc687b5d4a7936dcdc0f57a4e1cee76a51
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f7f7d48fa4ef27a882d9690c581637c5f56c8f0870e7d375a333c6604b54c432
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
fbc980b1672df1e8cd84b4f5ede5013928c76df182c849c63e984d9496371885
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616