www.elfcosmetics.co.uk Open in urlscan Pro
204.2.133.97 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cosmeticscriminals.co.uk/
Effective URL:
https://www.elfcosmetics.co.uk/cosmetic-criminals
Submission: On January 04 via api (January 4th 2024, 11:29:38 pm UTC) from US — Scanned from US

Summary HTTP 140 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 28 IPs in 1 countries across 21 domains to perform 140 HTTP transactions. The main IP is 204.2.133.97, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.co.uk. The Cisco Umbrella rank of the primary domain is 344886.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.

This is the only time www.elfcosmetics.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	204.2.133.238 204.2.133.238	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1 15	204.2.133.97 204.2.133.97	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
4	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
18	2607:f8b0:400... 2607:f8b0:4004:c1f::88	15169 (GOOGLE) (GOOGLE)
5 15	2606:4700:440... 2606:4700:4400::ac40:9ba6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
5	2606:4700:440... 2606:4700:4400::ac40:952f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	173.231.16.77 173.231.16.77	18450 (WEBNX) (WEBNX)
6	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
4	2607:f8b0:400... 2607:f8b0:4004:c06::5e	15169 (GOOGLE) (GOOGLE)
2 4	2607:f8b0:400... 2607:f8b0:4004:c07::9c	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c06::94	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2607:f8b0:400... 2607:f8b0:4004:c1f::5f	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c17::67	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c1d::77	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4004:c09::5e	15169 (GOOGLE) (GOOGLE)
1	64.71.161.52 64.71.161.52	6939 (HURRICANE) (HURRICANE)
9	151.101.129.21 151.101.129.21	54113 (FASTLY) (FASTLY)
2	35.190.10.96 35.190.10.96	15169 (GOOGLE) (GOOGLE)
3	2606:4700:440... 2606:4700:4400::ac40:91b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.65.35 151.101.65.35	54113 (FASTLY) (FASTLY)
3	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
2	13.226.139.94 13.226.139.94	16509 (AMAZON-02) (AMAZON-02)
12	192.225.157.157 192.225.157.157	30286 (THM) (THM)
2	192.225.158.1 192.225.158.1	30286 (THM) (THM)
1	192.225.158.3 192.225.158.3	30286 (THM) (THM)
140	28

1 204.2.133.238 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.cosmeticscriminals.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 204.2.133.97 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.elfcosmetics.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

cdn-fsly.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2607:f8b0:4004:c1f::88 (Washington, United States)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:4400::ac40:9ba6 (United States) 5 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.media.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:4400::ac40:952f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.static.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.231.16.77 (United States)

ASN18450 (WEBNX, US)
PTR: api.ipify.org

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

sdk.iad-05.braze.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c06::5e (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c07::9c (Washington, United States) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::94 (Washington, United States)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4004:c1f::5f (Washington, United States)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c17::67 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::77 (Washington, United States)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c09::5e (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.71.161.52 (United States)

ASN6939 (HURRICANE, US)

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.129.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com

collector-pxxt4gy2ig.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:91b7 (United States)

ASN13335 (CLOUDFLARENET, US)

elfcosmetics.a.bigcontent.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.139.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-139-94.yto50.r.cloudfront.net

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.225.157.157 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.225.158.1 (United States)

ASN30286 (THM, US)
PTR: a-sac.h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.3 (United States)

ASN30286 (THM, US)
PTR: d.aa.online-metrix.net

w2txo5aaitzludfp4z3nqresf7jp7wne5heipvied2fa991e6b1b0727sac.d.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	amplience.net 5 redirects cdn.media.amplience.net — Cisco Umbrella Rank: 13847 cdn.static.amplience.net — Cisco Umbrella Rank: 47248	7 MB
18	youtube.com www.youtube.com — Cisco Umbrella Rank: 79	2 MB
15	elfcosmetics.co.uk 1 redirects www.elfcosmetics.co.uk — Cisco Umbrella Rank: 344886	322 KB
14	signifyd.com cdn-scripts.signifyd.com — Cisco Umbrella Rank: 10774 imgs.signifyd.com — Cisco Umbrella Rank: 8345	95 KB
13	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 625	214 KB
11	paypal.com www.paypal.com — Cisco Umbrella Rank: 3050 t.paypal.com — Cisco Umbrella Rank: 3583	238 KB
8	googleapis.com jnn-pa.googleapis.com — Cisco Umbrella Rank: 306	80 KB
8	gstatic.com fonts.gstatic.com www.gstatic.com	95 KB
6	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 static.doubleclick.net — Cisco Umbrella Rank: 371	2 KB
6	braze.com sdk.iad-05.braze.com — Cisco Umbrella Rank: 3700	1 KB
5	yottaa.net cdn-fsly.yottaa.net — Cisco Umbrella Rank: 25002 qoe-1.yottaa.net — Cisco Umbrella Rank: 9663	1 MB
3	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 3974 w2txo5aaitzludfp4z3nqresf7jp7wne5heipvied2fa991e6b1b0727sac.d.aa.online-metrix.net	16 KB
3	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2512	33 KB
3	bigcontent.io elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 158403	8 KB
2	px-cloud.net collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 271980	1 KB
2	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 104	6 KB
2	google.com www.google.com — Cisco Umbrella Rank: 6	39 KB
2	ipify.org api.ipify.org — Cisco Umbrella Rank: 2685	444 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 950	315 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1219	24 KB
1	cosmeticscriminals.co.uk 1 redirects www.cosmeticscriminals.co.uk	326 B
140	21

	Domain	Requested by
18	www.youtube.com	www.elfcosmetics.co.uk www.youtube.com
15	cdn.media.amplience.net	5 redirects www.elfcosmetics.co.uk
15	www.elfcosmetics.co.uk	1 redirects www.elfcosmetics.co.uk cdn-fsly.yottaa.net
13	cdn.cookielaw.org	cdn-fsly.yottaa.net cdn.cookielaw.org www.elfcosmetics.co.uk
12	imgs.signifyd.com	www.elfcosmetics.co.uk imgs.signifyd.com
9	www.paypal.com	www.elfcosmetics.co.uk www.paypal.com www.paypalobjects.com
8	jnn-pa.googleapis.com	www.youtube.com
6	sdk.iad-05.braze.com	cdn-fsly.yottaa.net
5	cdn.static.amplience.net	www.elfcosmetics.co.uk
4	www.gstatic.com	www.youtube.com www.gstatic.com
4	googleads.g.doubleclick.net	2 redirects www.youtube.com
4	fonts.gstatic.com	www.youtube.com
4	cdn-fsly.yottaa.net	www.elfcosmetics.co.uk
3	www.paypalobjects.com	www.elfcosmetics.co.uk www.paypalobjects.com
3	elfcosmetics.a.bigcontent.io
2	h.online-metrix.net	imgs.signifyd.com
2	cdn-scripts.signifyd.com	www.elfcosmetics.co.uk
2	t.paypal.com
2	collector-pxxt4gy2ig.px-cloud.net	www.elfcosmetics.co.uk
2	i.ytimg.com	www.youtube.com
2	www.google.com	www.youtube.com
2	static.doubleclick.net	www.youtube.com
2	api.ipify.org	cdn-fsly.yottaa.net
1	w2txo5aaitzludfp4z3nqresf7jp7wne5heipvied2fa991e6b1b0727sac.d.aa.online-metrix.net
1	qoe-1.yottaa.net	www.elfcosmetics.co.uk
1	geolocation.onetrust.com	cdn.cookielaw.org
1	code.jquery.com	www.elfcosmetics.co.uk
1	www.cosmeticscriminals.co.uk	1 redirects
140	28

This site contains links to these domains. Also see Links.

Domain
cdn.dynamicyield.com
st.dynamicyield.com
rcom.dynamicyield.com
www.tiktok.com
www.instagram.com
www.pinterest.com
www.facebook.com
www.youtube.com
twitter.com
www.snapchat.com
www.linkedin.com
www.elfbeauty.com
elfcosmetics.onelink.me
preferences.elfcosmetics.com
cookiepedia.co.uk
tcf.cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
*.elfcosmetics.co.uk Sectigo RSA Domain Validation Secure Server CA	`2023-09-25` - `2024-10-25`	a year	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2023-09-13` - `2024-10-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
dm.amplience.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-20` - `2024-08-14`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2023-02-07` - `2024-02-18`	a year	crt.sh
*.iad-05.braze.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-07-27` - `2024-08-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-10-13` - `2024-08-20`	10 months	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2023-08-15` - `2024-09-13`	a year	crt.sh
*.bigcontent.io GeoTrust TLS RSA CA G1	`2023-03-14` - `2024-04-13`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-09-21` - `2024-10-21`	a year	crt.sh
cdn-scripts.signifyd.com Amazon RSA 2048 M01	`2023-07-03` - `2024-07-31`	a year	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2023-10-20` - `2024-11-20`	a year	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2023-01-09` - `2024-01-23`	a year	crt.sh
*.d.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2023-03-03` - `2024-03-04`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.elfcosmetics.co.uk/cosmetic-criminals
Frame ID: 31901D4729B27E61E05438FC86334C12
Requests: 77 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: 0FE772620D97D3C6596304153F31BB75
Requests: 18 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 6CE7853B44BD22850EEAF10C09FAACAA
Requests: 18 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Frame ID: A03CE75588BFBF34328CD5FEB4182B1D
Requests: 4 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: F836D21C88833BED746FDF08B12B8EF4
Requests: 3 HTTP requests in this frame

Frame: https://imgs.signifyd.com/xJc4vnUMvHlJXqO6?5d43f296895c2a61=5RtqhAZ0XU79dpbYSbgX1PswzGeN90nFqd6GSiMZqF0gswPlToQfT47glNPD9zWX7xpJUqWfYwpYYPs_xNnEp5yoQ1sidomuDY5GcESr-ccfzAQdHWY6m5tmt3txlnMVQSCbEBp6B0pzF3Ot3KnI3JXjTEd9tUg4WdfwiZ0tMhAuwlzKLHsxZWIUZmXVf3e-IyDXeNTB5vTNm1nn&jb=3d3b2c2e62796f75355d63666e677f732e627b6d35556b666c657f732d32383939246a7b6a77374b60786f6d6d2c607b68354b687a6765672d3032393a3a
Frame ID: CFC99499DE77F9379161142D72B9DCF1
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/29i-CLSD11IW_VMx?b075b1c4c6b880e6=aFuO9PzK8UZoAEfYV_FAq8eo07gVbk0lG_qZ-9AKwQiMTJr4ZwHjmi1UEUWlCUqnDRmVpAFbaB9P-tvR4I65eJVLS7T-UxVuUivmN7FZe_0waeWENLs4BBetoeCouSDiB9kPkxRsGTR-01YLpKqqX1fo2BkWWJ64I17LoVna7d5B2bTCgl0OrMcS4beiZ0WnA6VOeJsIDtfB9zhh86g
Frame ID: 7CCDF45ABD1DBB02FD271900162EDE31
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/q4TzcRo4cyqzbPA9?e0f0b2ff28524e42=6h09U31vaOzlthUNFMPlziBPWRDpMwSI9m23PuxhIpwbtYXAlXpRLlKIFzt2mtBG5g5YB13ed03aUZD3uAZvrspZwQX5UcglCHNiIIg5WJv3J5_sAdr6G6pw-IuMJGstHQW09SzY4_G4Ssp0bIszDMy4GnSjJ_ctQUADaMxFTCQDO16TVS0Lvba7W37fYVuE4mMywswTqXElLC7ecL2C
Frame ID: 090A4EFF89896F8BBC6B0117271F09D8
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/yDF2oopbWm35MxdU?eb3e7cdde39db3a0=fmZa0kIDtApRe8loZtTse_5NZ6TS0N-dpcksBUr4EcBeSy9rAXDQOXv3v8OvYaVprn8dFxKpMgZ4b4lMwKK0VB9lhpCx3jCQScOU7ZTQgum47alFgVUp1r1tzgJb6PmN9QfE-krl-cZuz1DB33HGm4SMP3zfHVONpFZsGrHkn-CA3_HvBfO9jqTdQDFf-fThixd25kVuPdq7vugqsoVr
Frame ID: C05CA599E31195FC5185C7252D2CF3C1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

e.l.f. Cosmetics | e.l.f. CosmeticsBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://www.cosmeticscriminals.co.uk/ HTTP 301
https://www.elfcosmetics.co.uk/cosmetic-criminals Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

140
Requests

91 %
HTTPS

50 %
IPv6

21
Domains

28
Subdomains

28
IPs

1
Countries

11703 kB
Transfer

22663 kB
Size

16
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://st.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://rcom.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@elfyeah/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/elfcosmeticsuk/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/eyeslipsfacedotcom

Search URL Search Domain Scan URL

URL: https://twitter.com/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/add/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/e-l-f-beauty

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://elfcosmetics.onelink.me/wTtZ/AcrossSiteCosmetics

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/privacy
Title: Privacy Rights Request Form

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://tcf.cookiepedia.co.uk/?lang=en
Title: | View Full Legal Text Opens in a new Tab

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cosmeticscriminals.co.uk/ HTTP 301
https://www.elfcosmetics.co.uk/cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

Request Chain 18

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/webm_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm

Request Chain 19

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/webm_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm

Request Chain 20

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/webm_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm

Request Chain 21

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/webm_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm

Request Chain 42

https://www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-eu&code_challenge=6C_Fl5--_jHmj1_a4BWhCJ64RpBC_rb2Bjo1OpTUBsM HTTP 303
https://www.elfcosmetics.co.uk/callback?usid=2dab3a1a-b4c6-4993-b31a-c82cce4f3fb2&code=0pxl2IqttWBpvbgRFGvZ2El3lvdANB1SKpz1jtu0gko

Request Chain 52

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 55

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

140 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cosmetic-criminals Show response
www.elfcosmetics.co.uk/
Redirect Chain

https://www.cosmeticscriminals.co.uk/
https://www.elfcosmetics.co.uk/cosmetic-criminals

944 KB
233 KB

768ms
262ms

Document
text/html

204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6ba07ba06a310dd256e809b55b3176a61a570a1e9f426a915ea94802b9d8b1b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 04 Jan 2024 23:29:25 GMT
vary: Accept-Encoding
via: 1.1 7af4698bea7e964f89ad8d7ae22213a2.cloudfront.net (CloudFront)
x-amz-apigw-id: RCW9cFo7CYcEOfg=
x-amz-cf-id: 6C_Uv6_9DYWq4RdeIdue6bfwQwPNzb0L5bwNoxcvbw1tNJ2gwyvjPQ==
x-amz-cf-pop: SFO53-P5
x-amzn-remapped-connection: close
x-amzn-remapped-content-length: 792491
x-amzn-remapped-date: Thu, 04 Jan 2024 22:59:35 GMT
x-amzn-requestid: ac5b3f84-805a-464f-a26d-1830289a5277
x-amzn-trace-id: Root=1-65973855-18a1f6f9665942af1a0e125d;Sampled=0;lineage=dcd1e669:0
x-cache: Miss from cloudfront
x-yottaa-metrics: 2521cc02854b/[2,-,-] 25D1cc028561/[-,3.202]
x-yottaa-optimizations: ob/1001000000100001100 si/25D1cc028561-1704395137-4091338813 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0

Redirect headers

age: 0
content-length: 1198
content-type: text/html; charset=utf-8
date: Thu, 04 Jan 2024 23:29:25 GMT
location: https://www.elfcosmetics.co.uk/cosmetic-criminals
vary: User-Agent
x-yottaa-fw: fb/100000 tid/658f1fb8d931403bb4ae59a5 rid/658f266dd931403bb4ae60ab stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics: 25D1cc0285ee/[-,0.093]
x-yottaa-optimizations: ob/0 si/25D1cc0285ee-1704395137-8601099230 tts/1704410965204 ti/0 ai/658f1fb8d931403bb4ae59a5

GET
H2 200 /
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ 0
0 310ms
245ms Image
text/html 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET /
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ 0
0

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b

Request headers

Referer
Origin: https://www.elfcosmetics.co.uk
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 bxGKZ6lfJ7A Show response
www.youtube.com/embed/ Frame 0FE7 93 KB
40 KB 239ms
127ms Document
text/html 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

955ccac61897c63128bfc33ade0c7146b9ec248819fdc603df76fb4c9437a0a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jan 2024 23:29:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 rZPCKoUReO0 Show response
www.youtube.com/embed/ Frame 6CE7 94 KB
40 KB 300ms
190ms Document
text/html 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76d3662043ed718a13f5ad2e428a21b577617ed3b93ed7bd96a11abe91e45cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-bTdhIZwobNCUC4pcogL_Qw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jan 2024 23:29:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 630 KB
631 KB 295ms
208ms Image
image/jpeg 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: m5dZZiwnu,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: ZaZ9RMqyoA
alt-svc: h3=":443"; ma=86400
content-length: 644728
x-xss-protection: 1; mode=block
x-amp-source-height: 1249
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 3199
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743873a7b9ad2-MIA
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
H2 200 PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 210 KB
211 KB 241ms
154ms Image
image/png 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c856ca647a5edf9ff56752649cd2bbd3d6d6fb2263d1b473a255534f5bf6f830

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: KE_4p-anu,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: v6oCa1skal
alt-svc: h3=":443"; ma=86400
content-length: 215306
x-xss-protection: 1; mode=block
x-amp-source-height: 340
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
x-amp-source-width: 800
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743873a799ad2-MIA
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 2 MB
2 MB 313ms
226ms Image
image/png 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

349a84fa24c5bda7424681c4ab9a0d265a0966a963f47e975dc5f7f347e3bb1d

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: -jHS4uPc9,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: dnzeFDmWeV
alt-svc: h3=":443"; ma=86400
content-length: 2102142
x-xss-protection: 1; mode=block
x-amp-source-height: 1484
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
x-amp-source-width: 3080
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743873a7e9ad2-MIA
x-amp-published: Wed, 03 Jan 2024 21:02:28 GMT

GET
H2 200 PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 330 KB
331 KB 149ms
62ms Image
image/jpeg 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: 3VXOkvx1H,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: 2vvOVubBmB
alt-svc: h3=":443"; ma=86400
content-length: 338113
x-xss-protection: 1; mode=block
x-amp-source-height: 1062
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 2806
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743873a7f9ad2-MIA
x-amp-published: Wed, 27 Dec 2023 17:21:33 GMT

GET
H2 200 PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 180 KB
180 KB 268ms
182ms Image
image/jpeg 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: ZFdUusQOi,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: cVLp3cRHhJ
alt-svc: h3=":443"; ma=86400
content-length: 184181
x-xss-protection: 1; mode=block
x-amp-source-height: 1108
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 1952
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743873a7d9ad2-MIA
x-amp-published: Fri, 29 Dec 2023 07:51:47 GMT

GET
H2 200 PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 613 KB
614 KB 185ms
99ms Image
image/png 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b311b78042906393bf9c3cdc5bc8115b450b8b31905b1641dec7246fbd4cc85

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: 9nOTFtVJa,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: u3Zlac-den
alt-svc: h3=":443"; ma=86400
content-length: 627998
x-xss-protection: 1; mode=block
x-amp-source-height: 525
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
x-amp-source-width: 3200
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743873a809ad2-MIA
x-amp-published: Thu, 28 Dec 2023 16:15:28 GMT

GET
H2 200 jquery-3.7.1.slim.min.js Show response
code.jquery.com/ 69 KB
24 KB 93ms
28ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 4460578
x-cache: HIT, HIT
content-length: 24036
x-served-by: cache-lga21942-LGA, cache-mia-kmia1760061-MIA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1704410968.169083,VS0,VE0
etag: W/"28feccc0-11278"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 2835, 202

GET
H2 200 player_api Show response
www.youtube.com/ 993 B
2 KB 188ms
82ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7ac9f0e85d1ed4d4ccf7a151ec6b9b80f89baa745841db8efd82713671ff5ab8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: text/javascript; charset=utf-8
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control: private, max-age=0
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 04 Jan 2024 23:29:28 GMT

GET
H2

206

8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

1 MB
1 MB

567ms
566ms

Media
video/mp4

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
x-amz-version-id: null
cf-cache-status: MISS
x-amz-request-id: PS9SPWT7XFTYPN7A
Content-Range: bytes 0-1060947/1060948
Content-Length: 1060948
x-amz-id-2: ExbZKyk7MrFJ3//SWw/sQFwnZp4aQTEfG13xLCFrB3JMSpESriPUSXqUqBlliF29zeIIw1+CY+8=
last-modified: Fri, 22 Dec 2023 15:50:27 GMT
server: cloudflare
etag: "dd3676819bd88a250c875a11e38c307d"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/mp4
cf-ray: 8407438f6ca25731-MIA

Redirect headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: dYhYQwie9,l4p5bDg2e,bgWw7nQ29
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 840743874aaf9ad2-MIA

GET
H2

206

8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/webm_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm

1 MB
1 MB

699ms
602ms

Media
video/webm

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 692db01eb703744d633776b15675c6b2c761732ca585236d376836bf6f04bc9e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
x-amz-version-id: null
cf-cache-status: MISS
x-amz-request-id: T172N22KGGZ1TPVM
Content-Range: bytes 0-1210813/1210814
Content-Length: 1210814
x-amz-id-2: tCQHCftiWPptjYL9fo5Na8YJxvwC6aF7TUVFXcY0NAHPYK+nL5swVq12YaPIIbaCJODd/7Ui/7g=
last-modified: Fri, 22 Dec 2023 17:43:50 GMT
server: cloudflare
etag: "fae641824ad9e109b5a20c2cba506e57"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/webm
cf-ray: 84074388697d5731-MIA

Redirect headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: SiEkUB8QJ,l4p5bDg2e,fH6Lo3_5e
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 840743874ab19ad2-MIA

GET
H2

206

dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/webm_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm

375 KB
376 KB

612ms
612ms

Media
video/webm

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4973f562e7d8f8ad478be1fe1090639ca7b50af5f98c5c13efe61d22fb72665e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
x-amz-version-id: null
cf-cache-status: MISS
x-amz-request-id: PS9SVG0YM20D6ZK7
Content-Range: bytes 0-384464/384465
Content-Length: 384465
x-amz-id-2: V1gchxJ+czk99KAjYn6cCR5K6WVbFsqaz+HEDFqf/NofsufFl8F1euMQnVZsCRGdOE2Xu3A7QnU=
last-modified: Fri, 29 Dec 2023 07:23:44 GMT
server: cloudflare
etag: "dd9940f6d244dca562aef306c8b59fe0"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/webm
cf-ray: 8407438f6ca55731-MIA

Redirect headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: Ffb8Zr4M4,l4p5bDg2e,6oVxns4D8
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 840743875acd9ad2-MIA

GET
H2

206

848c5446-ecbd-46ce-a180-637c5c42845d.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/webm_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm

237 KB
238 KB

632ms
632ms

Media
video/webm

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 744f83518728b979fb7e008389501d1acaa5a3086284274c296f26c5d4cfc8e4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
x-amz-version-id: null
cf-cache-status: MISS
x-amz-request-id: PS9VD1VMRJY7BSGX
Content-Range: bytes 0-243067/243068
Content-Length: 243068
x-amz-id-2: r6PICycmeYUf0/RPsw0lgyIjuXkvtHB2pESKLPMe9MyNW3cpCviQT5EeUmq7zdaCLEaBu5myAVs=
last-modified: Tue, 02 Jan 2024 17:30:06 GMT
server: cloudflare
etag: "bc22e0c363ee3e170f7a975b978bad39"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/webm
cf-ray: 8407438ecb995731-MIA

Redirect headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: K4zby9wxt,l4p5bDg2e,tO41Cj3M_
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 840743875ad19ad2-MIA

GET
H2

206

b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/webm_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm

194 KB
195 KB

658ms
561ms

Media
video/webm

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5ce843cf166fdb4108ebcfe16b22da332149e2bcb4b7d93b3abd0d93e2def8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
x-amz-version-id: null
cf-cache-status: MISS
x-amz-request-id: T17DCJRATZX68KFF
Content-Range: bytes 0-198985/198986
Content-Length: 198986
x-amz-id-2: E5vnMDknvCelNEi2Xti+WvXq7rkghtQRpm6CLVxxtrl6jDGyn/k+UBhLOdnM7jS4FSDahkDrjTM=
last-modified: Tue, 02 Jan 2024 17:20:49 GMT
server: cloudflare
etag: "a2b2c1d6820d46784bd0e0e1ed3190de"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/webm
cf-ray: 84074388697e5731-MIA

Redirect headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: ZBNA9w0AC,l4p5bDg2e,nvYvyivv1
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 840743875ad29ad2-MIA

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd

Request headers

Referer
Origin: https://www.elfcosmetics.co.uk
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 vendor.js Show response
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/ 2 MB
619 KB 34ms
31ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: ryOdsDyPqMma0Bz2j3lHVfVV1PGsqvj5
via: 1.1 361be9423fbc0d226d13a3e0f5517234.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Thu, 04 Jan 2024 23:29:28 GMT
x-amz-cf-pop: ORD52-C2
age: 231009
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1000 si/2611cc8d5868-1700446742-1466524849 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621188
content-length: 633349
x-amz-meta-bundle: 10312
x-served-by: cache-mia-kmia1760069-MIA
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:06 GMT
server: AmazonS3
x-timer: S1704410968.189101,VS0,VE5
etag: W/"2cdf96682220db2ea40feb07d3bdee6d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2621cc8d586f/[118,30,-] 2611cc8d5868/[-,535.316]
accept-ranges: bytes
x-amz-cf-id: CTwTiIpGwb61fx-nXIHsDStIQXH4SLYVBi0F7IlFQFdO8LUzULF_XQ==
x-cache-hits: 1

GET
H2 200 main.js Show response
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/ 2 MB
454 KB 45ms
42ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/main.js?yocs=o_q_
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 0MUSynTyx03nRq3yU4boF4q321TmKQZJ
via: 1.1 6d5eb10703fb0c500533591581396cb8.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Thu, 04 Jan 2024 23:29:28 GMT
x-amz-cf-pop: ORD52-C2
age: 2603435
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1100 si/2611cc028373-1700446746-2095510516 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-cache: Miss from cloudfront, HIT
x-amz-meta-deploy: 621188
content-length: 464645
x-amz-meta-bundle: 10312
x-served-by: cache-mia-kmia1760069-MIA
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:02 GMT
server: AmazonS3
x-timer: S1704410968.189027,VS0,VE6
etag: W/"27402e9d694cdb3cca51cf2f76ddce4f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2621cc023045/[33,-,1701803057312] 2611cc028373/[-,284.478]
accept-ranges: bytes
x-amz-cf-id: FeAQ6s03FF1u_2N_qIFVmXl-rYRqZIInAkKsVdDTOP3htLci1W7o5Q==
x-cache-hits: 1

GET
H2 200 pages-product-list-product-list-page.js Show response
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/ 40 KB
11 KB 74ms
72ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/pages-product-list-product-list-page.js?yocs=o_q_
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: kGo5q_WYPU5req20vNr3VzMYgKtS7.00
via: 1.1 538cf444f0c6dac6454a3baf06f65b9e.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Thu, 04 Jan 2024 23:29:28 GMT
x-amz-cf-pop: ATL58-P7
age: 1711923
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1100 si/33118cae0c65-1699034341-1524216412 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-cache: Hit from cloudfront, MISS
x-amz-meta-deploy: 621188
content-length: 11125
x-amz-meta-bundle: 10312
x-served-by: cache-mia-kmia1760069-MIA
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:05 GMT
server: AmazonS3
x-timer: S1704410968.189446,VS0,VE20
etag: W/"588785bf0bd820aa0bfb16d1f1d1b104"
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 33218cae0c7d/[3,-,1704407525476] 33118cae0c65/[-,6.373]
accept-ranges: bytes
x-amz-cf-id: UMJJ0T0uQ5qYa4-cOrL40Wm4i_MReUHKGIWpBXGA-IZKegHR2Wjv8g==
x-cache-hits: 0

GET
H2 200 PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min
cdn.media.amplience.net/i/elfcosmetics/ 136 KB
137 KB 157ms
155ms Image
image/webp 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min?fmt=auto

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a849e2087ba3ca3777d4b4691ee8c049998b464d490adb00bcafd82a28fa1095

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: TctTAQBDI,l4p5bDg2e,5-jG4GMEO,Cqm_p3RsQ,DtzGFM5oJ
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: p7gAhbfzTx
alt-svc: h3=":443"; ma=86400
content-length: 139608
x-xss-protection: 1; mode=block
x-amp-source-height: 1303
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 855
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743880c719ad2-MIA
x-amp-published: Thu, 21 Dec 2023 20:12:24 GMT

GET
H2 200 PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min
cdn.media.amplience.net/i/elfcosmetics/ 15 KB
15 KB 74ms
73ms Image
image/webp 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min?fmt=auto

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60dfcadddf11dacb678cf78e8b2fc4af594f6fc5993f9e5141ca0a8fa76e634b

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: uxjKxfzJu,l4p5bDg2e,QvpKILV5P,Cqm_p3RsQ,DtzGFM5oJ
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: 130h1xh017
alt-svc: h3=":443"; ma=86400
content-length: 15078
x-xss-protection: 1; mode=block
x-amp-source-height: 2000
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 2000
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743880c739ad2-MIA
x-amp-published: Thu, 21 Dec 2023 20:12:23 GMT

GET
H2 200 PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min
cdn.media.amplience.net/i/elfcosmetics/ 135 KB
135 KB 164ms
163ms Image
image/webp 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min?fmt=auto

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b063bab914cd51698d508946cdadd5faa1e3221a46639ea9c5cb6bae54dd69e

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: HuUXKqcIB,l4p5bDg2e,h1qKNVnZ0,Cqm_p3RsQ,DtzGFM5oJ
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: cumxtR1Kge
alt-svc: h3=":443"; ma=86400
content-length: 137826
x-xss-protection: 1; mode=block
x-amp-source-height: 1324
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 862
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743880c789ad2-MIA
x-amp-published: Thu, 21 Dec 2023 20:12:24 GMT

GET
H2 200 PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min
cdn.media.amplience.net/i/elfcosmetics/ 18 KB
18 KB 74ms
74ms Image
image/webp 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min?fmt=auto

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

907548f0fe7742909ca8ac678d0f172fdd710362ddd32e76789320ef33e1ccf2

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:28 GMT
cf-cache-status: MISS
x-amp-srv: CF
edge-cache-tag: Pw9TVkWGX,l4p5bDg2e,nb-u70u49,Cqm_p3RsQ,DtzGFM5oJ
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: 4OkoM0Coif
alt-svc: h3=":443"; ma=86400
content-length: 18784
x-xss-protection: 1; mode=block
x-amp-source-height: 2400
last-modified: Thu, 04 Jan 2024 23:29:28 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
x-amp-source-width: 2400
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 840743880c7a9ad2-MIA
x-amp-published: Thu, 21 Dec 2023 20:12:23 GMT

GET
H2 404 OtAutoBlock.js
cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/ 0
0 476ms
188ms Script
text/plain 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/OtAutoBlock.js
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/main.js?yocs=o_q_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 334ms
46ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/main.js?yocs=o_q_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: FWT01iLvZ++xUAz3aesSug==
age: 54878
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jan 2024 22:17:18 GMT
server: cloudflare
etag: 0x8DC0CA9BF9BFF37
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 1f518f4a-801e-0043-4dbb-3edfdf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407438f48dbb3d1-MIA

GET
H/1.1 200
OK / Show response
api.ipify.org/ 22 B
222 B 334ms
78ms XHR
application/json 173.231.16.77
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.231.16.77 , United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.1 /
Resource Hash: 8641559408860c1dad48a8852756eae102c740b81dd3a21942616306d9b214cf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Jan 2024 23:29:29 GMT
Server: nginx/1.25.1
Connection: keep-alive
Content-Length: 22
Vary: Origin
Content-Type: application/json

GET
H/1.1 200
OK / Show response
api.ipify.org/ 22 B
222 B 336ms
81ms XHR
application/json 173.231.16.77
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.231.16.77 , United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.1 /
Resource Hash: 8641559408860c1dad48a8852756eae102c740b81dd3a21942616306d9b214cf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Jan 2024 23:29:29 GMT
Server: nginx/1.25.1
Connection: keep-alive
Content-Length: 22
Vary: Origin
Content-Type: application/json

GET
H2 200 www-player.css
www.youtube.com/s/player/da154528/ Frame 0FE7 358 KB
47 KB 56ms
54ms Stylesheet
text/css 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 22:55:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2052
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47436
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 22:55:17 GMT

GET
H2 200 embed.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 0FE7 52 KB
16 KB 77ms
76ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 15:15:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29660
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16296
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 15:15:09 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame 0FE7 322 KB
97 KB 98ms
98ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 22:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3417
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98735
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 22:32:32 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 0FE7 2 MB
767 KB 84ms
83ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:26:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 785283
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 23:26:21 GMT

GET
H3 200 www-player.css
www.youtube.com/s/player/da154528/ Frame 6CE7 358 KB
46 KB 54ms
53ms Stylesheet
text/css 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 22:55:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2052
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47436
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 22:55:17 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 6CE7 52 KB
16 KB 108ms
107ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 15:15:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29660
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16296
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 15:15:09 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame 6CE7 322 KB
96 KB 146ms
145ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 22:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3417
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98735
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 22:32:32 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 6CE7 2 MB
767 KB 127ms
126ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 20:12:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11812
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 785283
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 20:12:37 GMT

GET
H2

200

callback
www.elfcosmetics.co.uk/
Redirect Chain

https://www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcallback&response_type=code&client...
https://www.elfcosmetics.co.uk/callback?usid=2dab3a1a-b4c6-4993-b31a-c82cce4f3fb2&code=0pxl2IqttWBpvbgRFGvZ2El3lvdANB1SKpz1jtu0gko

0
0

334ms
334ms

Fetch
application/json

204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/callback?usid=2dab3a1a-b4c6-4993-b31a-c82cce4f3fb2&code=0pxl2IqttWBpvbgRFGvZ2El3lvdANB1SKpz1jtu0gko
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
via: 1.1 5e9f822a188dc082efd0a9d3918e7402.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 0
x-amz-cf-pop: SFO53-P5
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: be3cface-43ef-4d56-8407-f35963de488b
x-yottaa-optimizations: ob/1000 si/25D1cc028561-1704395137-4091338946 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: RCbWIHAjCYcEafQ=
content-length: 0
x-yottaa-forcecache: true
x-amzn-trace-id: Root=1-65973f5a-4a72c0f6070a7c9c7930eb5e;Sampled=0;lineage=dcd1e669:0
content-type: application/json
cache-control: public, max-age=604800
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028a83/[236,234,-] 25D1cc028561/[-,237.568]
x-amzn-remapped-date: Thu, 04 Jan 2024 23:29:30 GMT
x-amz-cf-id: iEo9H76RLhIll9Z0Lh5znUy7jdG0vezbqlwcjaplYsEgDIWj9f3cOQ==

Redirect headers

date: Thu, 04 Jan 2024 23:29:29 GMT
x-correlation-id: 840743919fe6c6e1
via: 1.1 3122c5a5fddd57d64787165c6e0a17ee.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SFO53-P5
age: 0
x-yottaa-optimizations: ob/0 si/25D1cc028561-1704395137-4091338942 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
content-length: 0
pragma: no-cache
x-ratelimit-1m-remaining: 23160, 1969104
x-ratelimit-1m-reset: 30084, 30084
x-ratelimit-1m-limit: 24000, 2000000
vary: Accept-Encoding
location: https://www.elfcosmetics.co.uk/callback?usid=2dab3a1a-b4c6-4993-b31a-c82cce4f3fb2&code=0pxl2IqttWBpvbgRFGvZ2El3lvdANB1SKpz1jtu0gko
cache-control: no-store
x-yottaa-os: 303
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-eu&code_challenge=6C_Fl5--_jHmj1_a4BWhCJ64RpBC_rb2Bjo1OpTUBsM
x-yottaa-metrics: 2521cc028a7f/[177,175,-] 25D1cc028561/[-,178.777]
cf-ray: 840743919fe6c6e1-SEA
x-amz-cf-id: v7Lf6UqNfGUJeBIZ0ZuZHceqpWEqgNiatlzK6DtAlwFnvUj74mUeKA==

POST
H2 201 / Show response
sdk.iad-05.braze.com/api/v3/data/ 334 B
455 B 99ms
98ms XHR
application/json 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

83f77701d6f8aa2b017e97775fc33276e34463fbe98df196a11d363bca8c3359

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: ee22cddf-904f-484e-a004-0181ff9a3268
X-Braze-TriggersRequest: true
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
Referer: https://www.elfcosmetics.co.uk/
X-Requested-With: XMLHttpRequest

Response headers

date: Thu, 04 Jan 2024 23:29:29 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 09df3687-f479-4ecc-97a0-32d9806566c7
x-served-by: cache-mia-kmia1760067-MIA
x-runtime: 0.041326
etag: W/"83f77701d6f8aa2b017e97775fc33276"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 /
sdk.iad-05.braze.com/api/v3/data/ Frame 0
0 116ms
56ms Preflight 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.co.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Thu, 04 Jan 2024 23:29:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-mia-kmia1760067-MIA

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0FE7 15 KB
15 KB 172ms
65ms Font
font/woff2 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 09:18:45 GMT
x-content-type-options: nosniff
age: 137444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 09:18:45 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0FE7 15 KB
16 KB 159ms
52ms Font
font/woff2 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 13:32:29 GMT
x-content-type-options: nosniff
age: 122220
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 13:32:29 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6CE7 15 KB
15 KB 148ms
126ms Font
font/woff2 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 09:18:45 GMT
x-content-type-options: nosniff
age: 137444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 09:18:45 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6CE7 15 KB
15 KB 131ms
110ms Font
font/woff2 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 13:32:29 GMT
x-content-type-options: nosniff
age: 122220
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 13:32:29 GMT

GET
H2 200 25840211-e69f-428e-bb3b-0787cffdf0e8.json Show response
cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/ 4 KB
2 KB 142ms
86ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/25840211-e69f-428e-bb3b-0787cffdf0e8.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

949062629321267f5e4f5d183435ab758ad7898afe2b31dc262b6b164167ffa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 83871
content-md5: FgAuBFiP8zSeAA1ZcGm5bQ==
content-length: 1495
x-ms-lease-status: unlocked
last-modified: Tue, 13 Dec 2022 17:32:15 GMT
server: cloudflare
etag: 0x8DADD2FFA203B7A
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 41c2cfdd-501e-006f-78e6-1d3370000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840743922e7a0349-MIA
expires: Fri, 05 Jan 2024 23:29:29 GMT

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 756 B
663 B 291ms
290ms XHR
application/json 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

beaa4c503cc4f487c171dc19522dce562ed66b888ca64913bc6b0db58cf0d166

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: ee22cddf-904f-484e-a004-0181ff9a3268
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.co.uk/
X-Requested-With: XMLHttpRequest
X-Braze-ContentCardsRequest: true

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 3d1369c4-c2c2-467e-a88c-3c5026888e14
x-served-by: cache-mia-kmia1760067-MIA
x-runtime: 0.234955
etag: W/"beaa4c503cc4f487c171dc19522dce56"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 63ms
62ms Preflight 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.co.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Thu, 04 Jan 2024 23:29:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-mia-kmia1760067-MIA

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 0FE7
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
189 B

63ms
61ms

XHR
application/json

2607:f8b0:4004:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Server

2607:f8b0:4004:c07::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4eb2da79c4791185df402f50cb6df720163c17fe2ecd0a4b6615a2fe054674d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 04 Jan 2024 23:29:30 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 0FE7 29 B
495 B 159ms
52ms Script
text/javascript 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:20:42 GMT
x-content-type-options: nosniff
age: 528
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 Jan 2024 23:35:42 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
315 B 144ms
77ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71cfd0bf781e3f393bca283fc9d44777a2036985a4ffe9abedf14909e63a8aef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 840743936ae8b3f1-MIA
access-control-allow-headers: Content-Type

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 6CE7
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
242 B

62ms
60ms

XHR
application/json

2607:f8b0:4004:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Server

2607:f8b0:4004:c07::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1d6de537229f01759118be8fdbf1f5fc8a8b9268547b937133a6587978ecca1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 04 Jan 2024 23:29:30 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 6CE7 29 B
89 B 145ms
53ms Script
text/javascript 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:20:42 GMT
x-content-type-options: nosniff
age: 528
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 Jan 2024 23:35:42 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 164ms
55ms Preflight
text/html 2607:f8b0:4004:c1f::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 04 Jan 2024 23:29:30 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0FE7 86 KB
40 KB 67ms
66ms XHR
application/json+protobuf 2607:f8b0:4004:c1f::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

41c6b339f802ba9fa5ecb3ee0c132a5b167f73fdeda6aee6a550e9e100e09eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40449
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 0FE7 116 KB
33 KB 55ms
55ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 22:11:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4668
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33549
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 22:11:42 GMT

GET
H2 200 Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js Show response
www.google.com/js/th/ Frame 0FE7 51 KB
20 KB 160ms
53ms Script
text/javascript 2607:f8b0:4004:c17::67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::67 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ecc34627d4103fbb8d709b714d9489ee16f6f15a153fab36fca0df2dcaf2a77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 22:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 89016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19777
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Jan 2025 22:45:54 GMT

GET
H2 200 default.jpg
i.ytimg.com/vi/bxGKZ6lfJ7A/ Frame 0FE7 3 KB
3 KB 163ms
55ms Image
image/jpeg 2607:f8b0:4004:c1d::77
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/bxGKZ6lfJ7A/default.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::77 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2965
x-xss-protection: 0
server: sffe
etag: "1703142370"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 05 Jan 2024 01:29:30 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 91ms
55ms Preflight
text/html 2607:f8b0:4004:c1f::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 04 Jan 2024 23:29:30 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 6CE7 86 KB
40 KB 128ms
127ms XHR
application/json+protobuf 2607:f8b0:4004:c1f::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f932c8fa69f555f96f55f085e4b5bd1aaef01aaa46546976337d3b4d6b13daf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40571
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 6CE7 116 KB
33 KB 56ms
55ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 22:11:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4668
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33549
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 22:11:42 GMT

GET
H2 200 Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js Show response
www.google.com/js/th/ Frame 6CE7 51 KB
19 KB 105ms
71ms Script
text/javascript 2607:f8b0:4004:c17::67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::67 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ecc34627d4103fbb8d709b714d9489ee16f6f15a153fab36fca0df2dcaf2a77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 22:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 89016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19777
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Jan 2025 22:45:54 GMT

GET
H2 200 default.jpg
i.ytimg.com/vi/rZPCKoUReO0/ Frame 6CE7 2 KB
2 KB 91ms
57ms Image
image/jpeg 2607:f8b0:4004:c1d::77
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/rZPCKoUReO0/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARhyIFYoPTAP&rs=AOn4CLCM5ONTEJwdjxOrSlWBNC86VGolng

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::77 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2380
x-xss-protection: 0
server: sffe
etag: "1703117772"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 05 Jan 2024 01:29:30 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/ 383 KB
92 KB 40ms
40ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uPFqyxtrxGqJsyAvB7RnSg==
age: 56807
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93482
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:45 GMT
server: cloudflare
etag: 0x8DADC66BDFA5EC7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a5ea234d-301e-0069-6d88-1700cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840743940b6fb3d1-MIA

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 0FE7 4 KB
2 KB 162ms
53ms Script
text/javascript 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 04 Jan 2024 23:29:30 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 6CE7 4 KB
2 KB 156ms
54ms Script
text/javascript 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 04 Jan 2024 23:29:30 GMT

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 55ms
55ms Preflight
text/html 2607:f8b0:4004:c1f::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 04 Jan 2024 23:29:30 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0FE7 90 B
134 B 61ms
60ms XHR
application/json+protobuf 2607:f8b0:4004:c1f::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ec94591b09bba9af510903ef3dd17e2fefc7aaa70dfd3777fa662512d9cd1748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 56ms
55ms Preflight
text/html 2607:f8b0:4004:c1f::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 04 Jan 2024 23:29:30 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 6CE7 90 B
134 B 65ms
65ms XHR
application/json+protobuf 2607:f8b0:4004:c1f::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ba74f9b9f217f2c2e5407a5d72b0d555163a2edd5670da8c550df637d1a2004f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

POST
H2 200 token Show response
www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 2 KB
2 KB 337ms
336ms Fetch
application/json 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

f3e566b867796840e8e18c0cdb409fbb1eda960c7411e3dc84f1d007c481793e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-correlation-id: 84074396aa8c27de
cf-cache-status: DYNAMIC
via: 1.1 7ebf86def0385a427d4375fd043f4f94.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SFO53-P5
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc028561-1704395137-4091338950 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
pragma: no-cache
x-ratelimit-1m-remaining: 23143, 1968245
x-ratelimit-1m-reset: 29258, 29257
vary: Accept-Encoding, User-Agent
x-ratelimit-1m-limit: 24000, 2000000
content-type: application/json
cache-control: no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics: 2521cc028a8f/[192,190,-] 25D1cc028561/[-,192.954]
cf-ray: 84074396aa8c27de-SEA
x-amz-cf-id: FBVOAbgPh7na78U1Na7uXON86fJO4aPJUJs-6ZJupyi6aCVsqbxXoA==

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/6e10e834-96b1-4572-80d7-3109ba160fd7/ 73 KB
15 KB 51ms
51ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/6e10e834-96b1-4572-80d7-3109ba160fd7/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71bd66530457656271aa253073fb867cdc9068586f7af54e341667687162909e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 11906
content-md5: FVTe+XzL+4tWjb2VPxjyIQ==
content-length: 15363
x-ms-lease-status: unlocked
last-modified: Tue, 13 Dec 2022 17:32:16 GMT
server: cloudflare
etag: 0x8DADD2FFAAA3EC3
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 73e8b48e-b01e-0058-5103-24e1dc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840743966da00349-MIA
expires: Fri, 05 Jan 2024 23:29:30 GMT

GET
H2 200 iab2Data.json Show response
cdn.cookielaw.org/vendorlist/ 398 KB
57 KB 43ms
42ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/vendorlist/iab2Data.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7daaea0e23f1b46b8cee7ee002e8b5e16dcd602bae7990a073e6f77a40a33984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: T2EO+M5YujGweuw6GKbrmg==
age: 11906
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 58301
x-ms-lease-status: unlocked
last-modified: Thu, 04 Jan 2024 08:21:37 GMT
server: cloudflare
etag: 0x8DC0CFE2B8F0CCA
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: ab7f320e-d01e-0013-22ea-3e1d8f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840743966da10349-MIA

GET
H2 200 otTCF.js Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/ 68 KB
15 KB 40ms
39ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otTCF.js

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f94185bf320b088eb3c40b75de95ac8516680f4036bd287131b34f9c058146a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jNSx0jAViofB7ggqqp6FUQ==
age: 27064
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 15011
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:44 GMT
server: cloudflare
etag: 0x8DADC66BD0C2AD7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e8c255f1-801e-001e-27e6-1dd55b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407439668afb3d1-MIA

GET
H3 204 generate_204
www.youtube.com/ Frame 0FE7 0
10 B 52ms
52ms Image
text/plain 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?3aLKig
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/120/ Frame 0FE7 50 KB
15 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/120/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 18:49:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14705
x-xss-protection: 0
last-modified: Mon, 23 Oct 2023 15:04:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 05 Jan 2024 18:49:03 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/120/ Frame 6CE7 50 KB
14 KB 69ms
69ms Script
text/javascript 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/120/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 18:49:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14705
x-xss-protection: 0
last-modified: Mon, 23 Oct 2023 15:04:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 05 Jan 2024 18:49:03 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 6CE7 0
10 B 52ms
52ms Image
text/plain 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?z0cFTQ
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 13 KB
3 KB 45ms
44ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: vO8A/abKpoPacUrvSk9OSw==
age: 83877
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B7AF38D0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 716fea89-301e-0069-5c71-2200cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 84074397d8170349-MIA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/ 61 KB
12 KB 49ms
48ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: mBGnk7IXt0USbYmXZQhmOw==
age: 83877
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:37 GMT
server: cloudflare
etag: 0x8DADC66B90C98A8
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 926fc64a-e01e-009e-04be-0b2a5d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 84074397d81a0349-MIA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 21 KB
4 KB 40ms
39ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 83877
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 58a0ec20-b01e-0058-05af-0be1dc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 84074397d81c0349-MIA

GET
H2 200 init.js Show response
www.elfcosmetics.co.uk/XT4Gy2ig/ 166 KB
74 KB 194ms
193ms Script
application/javascript 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 90866b38fd24be6bed2586596319aa9965540d37b043d325b6003a3f287d2f79

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
content-encoding: gzip
etag: "2977f-A93t1zn4Sz28LTrpUPkCDrS3OVQ"
active-cdn: Akamai
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
x-yottaa-metrics: 25D1cc028561/[-,3.381]
x-px-hash: YmNmZTI1NTJmOTM3YTg3NTZlNzY0OGE1ZjA5NDlmZGY0ZTMxYjk3Y2Q5ZTM3YjA0NDhlZDU1ZWZjNTJlZDBkOA==
x-yottaa-optimizations: ob/0 si/25D1cc028561-1704395137-4091338953 tts/1704410970900 ti/0 ai/5dbb1b434f1bbf5af87e10a5

POST
H2 204 sessions Show response
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/ 0
1 KB 593ms
592ms XHR
text/plain 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/sessions
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJkYWIzYTFhLWI0YzYtNDk5My1iMzFhLWM4MmNjZTRmM2ZiMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMDk0MCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrS3BGd0hsRmt1Y1J3SHBIbEdZWW1ySVg6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjc3MCwiaWF0IjoxNzA0NDEwOTcwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NTU1MTk3NjYwMzc3NDQ3In0.UIbIHrIrt4Bl9bd3grX3LixGVJof-BszQaeYIex-MJDoF36fif1RzouQoCZUwVerrna5T228tSReqrr-HENqRw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
via: 1.1 60e55687f4f0ad988a569a499b543a0e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: SFO53-P5
age: 0
x-yottaa-optimizations: ob/0 si/25D1cc028561-1704395137-4091338954 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
pragma: no-cache
allow: OPTIONS,POST
access-control-allow-origin: https://www.elfcosmetics.co.uk
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2521cc028a86/[456,456,-] 25D1cc028561/[-,457.639]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/sessions
accept-ranges: bytes
cf-ray: 84074398eb4eeb87-SEA
x-dw-request-base-id: khn9X1s_l2UBAAB_
x-amz-cf-id: SP0i-qmmnRCWdVnKlID_DaKYjque7nyjWRs55Qj4HqQBr3pHQqnKwg==
x-yottaa-os: 204
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 shoppercontext Show response
www.elfcosmetics.co.uk/api/v1/ 57 B
759 B 800ms
799ms XHR
application/json 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/api/v1/shoppercontext?siteId=elf-eu
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: a6cbc4c9c0b39f6d4edd8d4db4e73971e23c1e4b8b9b6ddd5956164b87fd3ebc

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJkYWIzYTFhLWI0YzYtNDk5My1iMzFhLWM4MmNjZTRmM2ZiMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMDk0MCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrS3BGd0hsRmt1Y1J3SHBIbEdZWW1ySVg6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjc3MCwiaWF0IjoxNzA0NDEwOTcwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NTU1MTk3NjYwMzc3NDQ3In0.UIbIHrIrt4Bl9bd3grX3LixGVJof-BszQaeYIex-MJDoF36fif1RzouQoCZUwVerrna5T228tSReqrr-HENqRw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
via: 1.1 3fa44d644afdb8749d0c126169e4edfc.cloudfront.net (CloudFront)
content-encoding: gzip
x-amzn-remapped-content-length: 57
x-amz-cf-pop: SFO53-P5
age: 0
x-amzn-remapped-connection: close
x-yottaa-optimizations: ob/1000 si/25D1cc028561-1704395137-4091338955 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-amzn-requestid: 2a5956b7-bdc1-4a8e-aa9c-bc89b7013cab
x-cache: Miss from cloudfront
x-amz-apigw-id: RCbWSFy_CYcEFPQ=
content-length: 79
etag: W/"39-LgPw152VfElAKHYfDt/MyAcU00g"
x-amzn-trace-id: Root=1-65973f5b-0ac6145d0a33e0685cfa22e8;Sampled=0;lineage=dcd1e669:0
content-type: application/json; charset=utf-8
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028523/[700,699,-] 25D1cc028561/[-,701.610]
x-amzn-remapped-date: Thu, 04 Jan 2024 23:29:31 GMT
x-amz-cf-id: JWVDCZFjRkl46sfKDTUQdGhNdpBbxCH4YtWemKni4-IDZEVRr34mFA==

GET
H2 200 geo-ip Show response
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/ 196 B
1 KB 374ms
373ms XHR
application/json 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=38.132.118.68

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

b0ae6ca3caa68945caf45f000efe5b8a052d45d9438cd4ca92221abe5c05e707

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 d2610666ad934f0664cd719e5472324a.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P5
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc028561-1704395137-4091338956 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=38.132.118.68
x-yottaa-metrics: 2521cc028a87/[239,238,-] 25D1cc028561/[-,240.887]
cf-ray: 84074399a9c6c3cb-SEA
x-dw-request-base-id: 22TnJVs_l2UBAAB_
x-amz-cf-id: AlkALPQsBRmqYnbrxv1iwADc59VBOWeMV1WwNlQ1fOwkSy8SYqEDXw==

GET
H2 200 geo-ip Show response
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/ 196 B
1 KB 437ms
436ms XHR
application/json 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=38.132.118.68

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

b0ae6ca3caa68945caf45f000efe5b8a052d45d9438cd4ca92221abe5c05e707

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 d2c4749830ffb9b38a65afd38ea9ccee.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P5
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc028561-1704395137-4091338958 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=38.132.118.68
x-yottaa-metrics: 2521cc028a89/[295,293,-] 25D1cc028561/[-,296.144]
cf-ray: 84074399c9ac2819-SEA
x-dw-request-base-id: SZgXY1s_l2UBAAB_
x-amz-cf-id: z5KMQvQLgPvdz2dDVJlulXd4notBk3ADS5cMjppNimtp0CUUQeRPBA==

GET
H2 200 baskets Show response
www.elfcosmetics.co.uk/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkKpFwHlFkucRwHpHlGYYmrIX/ 11 B
1 KB 562ms
562ms Fetch
application/json 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkKpFwHlFkucRwHpHlGYYmrIX/baskets?siteId=elf-eu

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJkYWIzYTFhLWI0YzYtNDk5My1iMzFhLWM4MmNjZTRmM2ZiMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMDk0MCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrS3BGd0hsRmt1Y1J3SHBIbEdZWW1ySVg6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjc3MCwiaWF0IjoxNzA0NDEwOTcwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NTU1MTk3NjYwMzc3NDQ3In0.UIbIHrIrt4Bl9bd3grX3LixGVJof-BszQaeYIex-MJDoF36fif1RzouQoCZUwVerrna5T228tSReqrr-HENqRw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
x-correlation-id: 8407439afe14c648
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 9c2768a0929bafa62c05433bbf3081ee.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P5
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc028561-1704395137-4091338957 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
content-encoding: gzip
x-cache: Miss from cloudfront
content-length: 37
allow: GET,HEAD,OPTIONS
x-ratelimit-remaining: 999
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0,no-cache,no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkKpFwHlFkucRwHpHlGYYmrIX/baskets?siteId=elf-eu
x-ratelimit-limit: 99999
accept-ranges: bytes
cf-ray: 8407439afe14c648-SEA
x-amz-cf-id: y9g8m5K8nxMAmK7uw93TloX477j_TgS1MpjFpk-_MZ0y04z_vXdHSQ==
x-yottaa-metrics: 2521cc028a8b/[416,413,-] 25D1cc028561/[-,417.173]

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 56ms
56ms Preflight 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.co.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Thu, 04 Jan 2024 23:29:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-mia-kmia1760067-MIA

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 77 B
187 B 151ms
151ms XHR
application/json 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e76f40a34df68fdf68caa572f3ba73162065a0439aa24cdd7d84ed708accb6a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: ee22cddf-904f-484e-a004-0181ff9a3268
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.co.uk/
X-Requested-With: XMLHttpRequest
X-Braze-ContentCardsRequest: true

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 0a683586-b02d-4022-95b1-aa6026c2e99e
x-served-by: cache-mia-kmia1760067-MIA
x-runtime: 0.095012
etag: W/"e76f40a34df68fdf68caa572f3ba7316"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
191 B 156ms
49ms Ping
text/json 64.71.161.52
HURRICANE

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.71.161.52 , United States, ASN6939 (HURRICANE, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 04 Jan 2024 23:29:31 GMT
access-control-expose-headers: X-Results-Data-Source
access-control-allow-credentials: true
cache-control: no-cache
timing-allow-origin: *
content-type: text/json

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/da154528/www-widgetapi.vflset/ 216 KB
67 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a0e2b951191e60b6c3905118d84d9a95a309d355c4eb71dfead2ae2866683ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 22:33:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3390
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68553
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Jan 2025 22:33:01 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ 405 KB
113 KB 128ms
64ms Script
application/javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=GBP&vault=true&components=buttons,messages

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bf3cadd76a2c0e1738fe366ed6210b4cb78ea5ac3ffbbd75d8e79891a18d8f5e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-ZuZje9oQxdmiLpH1L/5o/nlPuv1HfR/+FMkJhGOEYpeeqBJl' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-ZuZje9oQxdmiLpH1L/5o/nlPuv1HfR/+FMkJhGOEYpeeqBJl' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-ZuZje9oQxdmiLpH1L/5o/nlPuv1HfR/+FMkJhGOEYpeeqBJl' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-ZuZje9oQxdmiLpH1L/5o/nlPuv1HfR/+FMkJhGOEYpeeqBJl' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Thu, 04 Jan 2024 23:29:31 GMT
age: 10691
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, MISS, MISS
p3p: true
paypal-debug-id: f6034913c639a
server-timing: "traceparent;desc="00-0000000000000000000f6034913c639a-0eb3c77c284490bc-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 113503
x-xss-protection: 1; mode=block
x-served-by: cache-dfw-kdal2120129-DFW, cache-mia-kmia1760074-MIA, cache-mia-kmia1760074-MIA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f6034913c639a-ac723e4a28c66d6c-01
x-timer: S1704410971.097523,VS0,VE37
etag: W/"1bb5f-Vm7ndCq6/tbcxEP69DKY+y/R6rE"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 234, 0, 0

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
537 B 37ms
36ms Fetch
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 83878
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jan 2024 06:11:24 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 52cf20c3-301e-000b-2d10-3ec2e8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 840743992a6b0349-MIA

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 40ms
39ms Image
image/png 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 54390
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Thu, 04 Jan 2024 03:32:43 GMT
server: cloudflare
etag: 0x8DC0CD5CFC75AFB
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 29490746-c01e-007d-10e5-3e48a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840743993edcb3d1-MIA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 40ms
40ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jan 2024 23:29:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 56820
x-ms-lease-status: unlocked
last-modified: Thu, 04 Jan 2024 03:32:43 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: f81f2af0-701e-0035-13c1-3e5597000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 840743993ee1b3d1-MIA

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 536 B
785 B 128ms
63ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9003538d285387a735ad8de4876c96bb1226b211ee99fa317602c18833224afa

Request headers

Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 04 Jan 2024 23:29:30 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 536

GET
H2 200 local Show response
www.paypal.com/credit-presentment/experiments/ Frame A03C 5 KB
3 KB 33ms
33ms Document
text/html 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=GBP&vault=true&components=buttons,messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d7c9e4e779e47df423f71fb793ce4939653587d8b92a5bc2fb58fe9fa8fe1d3e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-expose-headers: Server-Timing
age: 91485
cache-control: s-maxage=86400, max-age=0
content-encoding: gzip
content-length: 1524
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type: text/html; charset=utf-8
date: Thu, 04 Jan 2024 23:29:31 GMT
dc: ccg11-origin-www-1.paypal.com
edge-cache-tag: up-treatments-zoid
etag: W/"1479-POhWZKysqug/xRhlu2niHghB48s"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f235092999e84
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: "traceparent;desc="00-0000000000000000000f235092999e84-2c6f24b5d3720274-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f235092999e84-adee123489ee1af5-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT, MISS
x-cache-hits: 3651, 15939, 0
x-served-by: cache-dfw-kdal2120123-DFW, cache-mia-kmia1760074-MIA, cache-mia-kmia1760074-MIA
x-timer: S1704410972.993552,VS0,VE6
x-xss-protection: 1; mode=block

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 14 KB
6 KB 66ms
66ms Script
application/x-javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.co.uk&t=xo&v=5.0.417&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8074b63148ebcad03c29f975e0ab7b8146a110122cede91da99d754948e9b548

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-Lf3VVjFtXeHfl5y5Yzk0lSF4LE43HMaC+bGbwsTQ7xVImKwj' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-Lf3VVjFtXeHfl5y5Yzk0lSF4LE43HMaC+bGbwsTQ7xVImKwj' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 04 Jan 2024 23:29:31 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 11643
x-cache: HIT, MISS, MISS
paypal-debug-id: f731286e31dd2
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4797
x-xss-protection: 1; mode=block
x-served-by: cache-dfw-kdal2120057-DFW, cache-mia-kmia1760074-MIA, cache-mia-kmia1760074-MIA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f731286e31dd2-6ded9d89cf835108-01
x-timer: S1704410971.309984,VS0,VE38
etag: W/"3695-yRRKVdvjMTbanJGTqp3qzEY2NIc"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 38, 0, 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1003 B
921 B 146ms
146ms XHR
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3eaee003132998954eb9a92eea8c3fc12785b3d8f862457022d53d1b2fdd8408

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS, MISS, MISS
paypal-debug-id: f938454401339
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-dfw-kdfw8210142-DFW, cache-mia-kmia1760061-MIA, cache-mia-kmia1760061-MIA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f938454401339-ae818a56b6e7a9cd-01
x-timer: S1704410972.640884,VS0,VE116
etag: W/"3eb-XRJ0FVkfV12PHYGm11lQ7V44vtk"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.co.uk
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: none
x-cache-hits: 0, 0, 0

GET
H2 200 gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/ 717 B
1 KB 98ms
97ms Image
image/svg+xml 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/gb.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
x-amz-version-id: 399O12CNwjV32R0kL7ZWcO8hfjZkbpmy
via: 1.1 0a60df055acf18164b14661cb4d16952.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: SFO53-P5
age: 2607966
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/25D1cc028561-1701461947-7200461768 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
x-amz-meta-deploy: 621188
content-length: 431
x-amz-meta-bundle: 10312
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:17 GMT
etag: "09d729feb9edb852ea0daca331a9b058"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028591/[323,321,-] 25D1cc028561/[hit]
x-amz-cf-id: MjwUEnuiHER-kJ-ZOCgG4rnvEw5Kqm1boz2voyn9yW38DIplx76O8A==

POST
H2 200 baskets Show response
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/ 3 KB
2 KB 369ms
368ms XHR
application/json 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/baskets

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

ec084c769d56ea0093b6fb53e9e4d4d8cfbba7eb29e40e52a9ab77e92222c5c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJkYWIzYTFhLWI0YzYtNDk5My1iMzFhLWM4MmNjZTRmM2ZiMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMDk0MCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrS3BGd0hsRmt1Y1J3SHBIbEdZWW1ySVg6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjc3MCwiaWF0IjoxNzA0NDEwOTcwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NTU1MTk3NjYwMzc3NDQ3In0.UIbIHrIrt4Bl9bd3grX3LixGVJof-BszQaeYIex-MJDoF36fif1RzouQoCZUwVerrna5T228tSReqrr-HENqRw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
via: 1.1 5ef053ed5de62b8aa34580e3bd7d802a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: SFO53-P5
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc028561-1704395137-4091338963 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
content-length: 1012
pragma: no-cache
etag: 08a94621c975bb89381cf7df9b63701bdf79b5e37cf2aef0428ff5e7b882bcf8
allow: OPTIONS,POST
content-type: application/json;charset=UTF-8
x-dw-resource-state: 08a94621c975bb89381cf7df9b63701bdf79b5e37cf2aef0428ff5e7b882bcf8
access-control-allow-origin: https://www.elfcosmetics.co.uk
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2521cc028a8e/[240,238,-] 25D1cc028561/[-,241.225]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/baskets
accept-ranges: bytes
cf-ray: 8407439d6eb0c3cb-SEA
x-dw-request-base-id: 22QKJlw_l2UBAAB_
x-amz-cf-id: u87W77bYJoj7V9u3dFvo8XfIzctK43K3dRGdFoIERdfp37t54Su9oA==
x-yottaa-os: 200
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/ 717 B
1 KB 97ms
97ms Image
image/svg+xml 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/gb.svg
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
x-amz-version-id: 399O12CNwjV32R0kL7ZWcO8hfjZkbpmy
via: 1.1 0a60df055acf18164b14661cb4d16952.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: SFO53-P5
age: 2607966
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/25D1cc028561-1701461947-7200461768 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
x-amz-meta-deploy: 621188
content-length: 431
x-amz-meta-bundle: 10312
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:17 GMT
etag: "09d729feb9edb852ea0daca331a9b058"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028591/[323,321,-] 25D1cc028561/[hit]
x-amz-cf-id: MjwUEnuiHER-kJ-ZOCgG4rnvEw5Kqm1boz2voyn9yW38DIplx76O8A==

GET
H2 200 NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 5 KB
5 KB 178ms
53ms Image
image/png 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:32 GMT
x-amz-version-id: null
cf-cache-status: HIT
age: 45390
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 5378
last-modified: Thu, 04 Jan 2024 10:53:02 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 8407439f0bcadaa9-MIA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
1 KB 177ms
52ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:32 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 37568
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 04 Jan 2024 13:03:24 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 8407439f0bccdaa9-MIA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-snowflake-1044022
elfcosmetics.a.bigcontent.io/v1/static/ 3 KB
2 KB 176ms
52ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-snowflake-1044022?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:32 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 41021
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 04 Jan 2024 12:05:51 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 8407439f0bd0daa9-MIA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 230ms
173ms Preflight 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.co.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.co.uk
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 0
date: Thu, 04 Jan 2024 23:29:31 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f866678b78376
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f866678b78376-4794457ed6b69261-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-content-type-options: nosniff
x-served-by: cache-dfw-kdfw8210032-DFW, cache-mia-kmia1760061-MIA, cache-mia-kmia1760061-MIA
x-timer: S1704410971.464595,VS0,VE146

GET
H2 200 ts
t.paypal.com/ 42 B
548 B 170ms
109ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=95c92811-df2a-4f29-8e3f-9af8b4e63cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704410972023&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Thu, 04 Jan 2024 23:29:32 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 5e263a0f94456
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-dfw-kdfw8210033-DFW, cache-mia-kmia1760094-MIA
pragma: no-cache
correlation-id: 5e263a0f94456
traceparent: 00-00000000000000000005e263a0f94456-0d0ec12ca43ce774-01
x-timer: S1704410972.094375,VS0,VE82
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jan 2024 23:29:32 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame A03C 405 KB
112 KB 32ms
32ms Script
application/javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=GBP&vault=true&components=buttons,messages

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bf3cadd76a2c0e1738fe366ed6210b4cb78ea5ac3ffbbd75d8e79891a18d8f5e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-ZuZje9oQxdmiLpH1L/5o/nlPuv1HfR/+FMkJhGOEYpeeqBJl' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-ZuZje9oQxdmiLpH1L/5o/nlPuv1HfR/+FMkJhGOEYpeeqBJl' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-ZuZje9oQxdmiLpH1L/5o/nlPuv1HfR/+FMkJhGOEYpeeqBJl' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-ZuZje9oQxdmiLpH1L/5o/nlPuv1HfR/+FMkJhGOEYpeeqBJl' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Thu, 04 Jan 2024 23:29:32 GMT
age: 10692
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, HIT, MISS
p3p: true
paypal-debug-id: f6034913c639a
server-timing: "traceparent;desc="00-0000000000000000000f6034913c639a-0eb3c77c284490bc-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 113503
x-xss-protection: 1; mode=block
x-served-by: cache-dfw-kdal2120129-DFW, cache-mia-kmia1760074-MIA, cache-mia-kmia1760074-MIA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f6034913c639a-ac723e4a28c66d6c-01
x-timer: S1704410972.040544,VS0,VE4
etag: W/"1bb5f-Vm7ndCq6/tbcxEP69DKY+y/R6rE"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 234, 1, 0

GET
H2 200 gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/ 717 B
1 KB 97ms
96ms Image
image/svg+xml 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/gb.svg
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:32 GMT
x-amz-version-id: 399O12CNwjV32R0kL7ZWcO8hfjZkbpmy
via: 1.1 0a60df055acf18164b14661cb4d16952.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: SFO53-P5
age: 2607966
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/25D1cc028561-1701461947-7200461768 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
x-amz-meta-deploy: 621188
content-length: 431
x-amz-meta-bundle: 10312
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:17 GMT
etag: "09d729feb9edb852ea0daca331a9b058"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028591/[323,321,-] 25D1cc028561/[hit]
x-amz-cf-id: MjwUEnuiHER-kJ-ZOCgG4rnvEw5Kqm1boz2voyn9yW38DIplx76O8A==

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 600 B
655 B 93ms
92ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: efa6432d15fa717e69d5236fb10926c93dad01d818854cda386c1de369d9b829

Request headers

Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 04 Jan 2024 23:29:31 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600

GET
H2 200 hash Show response
www.paypal.com/credit-presentment/experiments/ Frame A03C 40 B
2 KB 143ms
143ms Fetch
text/html 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_cbff34cf49_mjm6mjk6mzi&disableSetCookie=true&features=disable-set-cookie

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Thu, 04 Jan 2024 23:29:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 0
edge-cache-tag: up-treatments-hash
x-cache: MISS, MISS, MISS
paypal-debug-id: f9384545f1136
server-timing: "traceparent;desc="00-0000000000000000000f9384545f1136-923918e4b60afdb1-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 56
x-xss-protection: 1; mode=block
x-served-by: cache-dfw-kdfw8210074-DFW, cache-mia-kmia1760074-MIA, cache-mia-kmia1760074-MIA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f9384545f1136-587c81203898c953-01
x-timer: S1704410972.151511,VS0,VE112
etag: W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary: Accept-Encoding
content-type: text/html; charset=utf-8
access-control-expose-headers: Server-Timing
cache-control: s-maxage=86400, max-age=0
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0, 0

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 0FE7 28 B
50 B 68ms
66ms XHR
application/json 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time: 1704410972164
Content-Type: application/json
X-YouTube-Utc-Offset: -600
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
X-YouTube-Client-Version: 1.20231217.00.00
X-YouTube-Time-Zone: Pacific/Honolulu
X-Goog-Visitor-Id: CgthOC1kMzFQM1J5ayjY_tysBjIKCgJVUxIEGgAgaw%3D%3D
X-YouTube-Ad-Signals: dt=1704410969675&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 04 Jan 2024 23:29:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
16 KB 120ms
30ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mic/9AFD) /

Resource Hash

20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: bb612b715effa
dc: ccg11-origin-www-1.paypal.com
content-length: 16355
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
server: ECAcc (mic/9AFD)
traceparent: 00-0000000000000000000bb612b715effa-fabdeb41e59ea4a4-01
etag: "64f25363-daa8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Fri, 05 Jan 2024 00:29:32 GMT

POST logger
www.paypal.com/xoplatform/logger/api/ Frame A03C 0
0

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 6CE7 28 B
50 B 68ms
65ms XHR
application/json 2607:f8b0:4004:c1f::88
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::88 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time: 1704410972231
Content-Type: application/json
X-YouTube-Utc-Offset: -600
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
X-YouTube-Client-Version: 1.20231217.00.00
X-YouTube-Time-Zone: Pacific/Honolulu
X-Goog-Visitor-Id: CgthV2ZtZEROM3d0RSjY_tysBjIKCgJVUxIEGgAgPg%3D%3D
X-YouTube-Ad-Signals: dt=1704410969987&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 04 Jan 2024 23:29:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 11 KB
4 KB 274ms
77ms Script
application/javascript 13.226.139.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.139.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-139-94.yto50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ca67abd72277ede1c07eeb903847d902d19ec6e30fb5780a24ddff9d788bb300

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:20:05 GMT
content-encoding: gzip
via: 1.1 fa233eda5c1020134ebe64d4b888f816.cloudfront.net (CloudFront)
last-modified: Thu, 04 Jan 2024 17:50:03 GMT
server: AmazonS3
x-amz-cf-pop: YTO50-C2
age: 568
x-amz-server-side-encryption: AES256
etag: W/"103f216174ff59c350586365462053e4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: pv1NFT_7G-QL9WY222693R2BR_TR9IX0wN5YJQDAAaCH6Xmcod38_w==

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame F836 55 KB
17 KB 29ms
28ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mic/9BA9) /

Resource Hash

7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16892
content-type: text/html
date: Thu, 04 Jan 2024 23:29:32 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "64f25363-dacc"
expires: Fri, 05 Jan 2024 00:29:32 GMT
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id: 6a244898dfca5
server: ECAcc (mic/9BA9)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000006a244898dfca5-3676ecc28503d2fd-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame F836 18 B
209 B 96ms
96ms Fetch
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (daa/7D8C) /

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypalobjects.com/muse/analytics/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
paypal-debug-id: 68e0ca12745ab
dc: ccg11-origin-www-1.paypal.com
content-length: 18
last-modified: Sat, 13 Feb 2021 00:26:56 GMT
server: ECAcc (daa/7D8C)
traceparent: 00-000000000000000000068e0ca12745ab-24e96079de2d5d08-01
etag: "60271cd0-12"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Thu, 04 Jan 2024 23:29:31 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
204 B 101ms
100ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=95c92811-df2a-4f29-8e3f-9af8b4e63cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704410972379&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Thu, 04 Jan 2024 23:29:32 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 3202ef3e13752
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-dfw-kdal2120104-DFW, cache-mia-kmia1760094-MIA
pragma: no-cache
correlation-id: 3202ef3e13752
traceparent: 00-00000000000000000003202ef3e13752-70b14afd29c7d482-01
x-timer: S1704410972.391410,VS0,VE73
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jan 2024 23:29:32 GMT

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame F836 435 B
1 KB 195ms
195ms Fetch
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql?disableSetCookie=true

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aa495e61a7d438cf4e9414dd5eebf26a7bb7b22eb285c2fcf32f3efdcd4693e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-glVQCDW4hxfvKVovGuMP2znaHysInIhBqNWjRZQ5D9Ke9yH/' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
disable-set-cookie: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-glVQCDW4hxfvKVovGuMP2znaHysInIhBqNWjRZQ5D9Ke9yH/' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Thu, 04 Jan 2024 23:29:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS, MISS
paypal-debug-id: f88835576ca2f
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-dfw-kdfw8210099-DFW, cache-mia-kmia1760074-MIA, cache-mia-kmia1760074-MIA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f88835576ca2f-0e1e7602953bbfdd-01
x-timer: S1704410973.631915,VS0,VE167
etag: W/"1b3-7/2yQR0LfqY/bZV/xZdppA0utS0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0, 0

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 140ms
140ms Preflight 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,disable-set-cookie
Access-Control-Request-Method: POST
Origin: https://www.paypalobjects.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,disable-set-cookie
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Thu, 04 Jan 2024 23:29:32 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f93845475ce6e
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f93845475ce6e-264945fb22d02b88-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-served-by: cache-dfw-kdal2120142-DFW, cache-mia-kmia1760061-MIA, cache-mia-kmia1760061-MIA
x-timer: S1704410972.490913,VS0,VE112

GET
H2 200 company_toolkit.js Show response
cdn-scripts.signifyd.com/api/ 4 KB
2 KB 77ms
77ms Script
application/javascript 13.226.139.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.139.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-139-94.yto50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:05:42 GMT
content-encoding: gzip
via: 1.1 fa233eda5c1020134ebe64d4b888f816.cloudfront.net (CloudFront)
last-modified: Tue, 30 May 2023 10:18:44 GMT
server: AmazonS3
x-amz-cf-pop: YTO50-C2
age: 1431
x-amz-server-side-encryption: AES256
etag: W/"2c3950f122b3977df61b0e077aaa92c8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: 8W8ogM7-JFDQyX-L8KPsT9s-uOpU0gXDDXxVuP2_-qb0V46dv8yH7A==

GET
H2 200 gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/ 717 B
1 KB 97ms
96ms Image
image/svg+xml 204.2.133.97
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/gb.svg
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:29:32 GMT
x-amz-version-id: 399O12CNwjV32R0kL7ZWcO8hfjZkbpmy
via: 1.1 0a60df055acf18164b14661cb4d16952.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: SFO53-P5
age: 2607967
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/25D1cc028561-1701461947-7200461768 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
x-amz-meta-deploy: 621188
content-length: 431
x-amz-meta-bundle: 10312
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:17 GMT
etag: "09d729feb9edb852ea0daca331a9b058"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028591/[323,321,-] 25D1cc028561/[hit]
x-amz-cf-id: MjwUEnuiHER-kJ-ZOCgG4rnvEw5Kqm1boz2voyn9yW38DIplx76O8A==

GET
H/1.1 200
OK gs3ky0d9s5rg19bv.js Show response
imgs.signifyd.com/ 95 KB
13 KB 316ms
101ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/gs3ky0d9s5rg19bv.js?4getk3bvy0ybefls=w2txo5aa&4s3bka9pi5j8umyk=L2ZmMzU0MzkyZmY4YmMwMWVmYzI4YThmYWEx

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e30b05da95d8a3b7d9bd18879b0c06638a5d1f8a03b6bd5757d77800d31889aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 23:29:32 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK xJc4vnUMvHlJXqO6 Show response
imgs.signifyd.com/ Frame CFC9 272 KB
46 KB 108ms
107ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/xJc4vnUMvHlJXqO6?5d43f296895c2a61=5RtqhAZ0XU79dpbYSbgX1PswzGeN90nFqd6GSiMZqF0gswPlToQfT47glNPD9zWX7xpJUqWfYwpYYPs_xNnEp5yoQ1sidomuDY5GcESr-ccfzAQdHWY6m5tmt3txlnMVQSCbEBp6B0pzF3Ot3KnI3JXjTEd9tUg4WdfwiZ0tMhAuwlzKLHsxZWIUZmXVf3e-IyDXeNTB5vTNm1nn&jb=3d3b2c2e62796f75355d63666e677f732e627b6d35556b666c657f732d32383939246a7b6a77374b60786f6d6d2c607b68354b687a6765672d3032393a3a

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/gs3ky0d9s5rg19bv.js?4getk3bvy0ybefls=w2txo5aa&4s3bka9pi5j8umyk=L2ZmMzU0MzkyZmY4YmMwMWVmYzI4YThmYWEx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

b6cb28349e6bad5f5440bcb1cb7f8e0f57b0d3209c30cfea30f52d102423688e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
tmx-nonce: d2fa991e6b1b0727
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK dqdMjPCiy57j7vSh
imgs.signifyd.com/ Frame CFC9 81 B
475 B 291ms
96ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/dqdMjPCiy57j7vSh?222eda8a71fd0347=tGfkYaki9QYrrzAsgfvosvpRSkMGw81NId4jJJof2FY-IyzOeTsCrxl-K7VRctbG3E08OvCo4T2xS714K-CUtlf-RO5gUKHXYIEsibJZsYgHcAl7rEHwEbkuZQy6qowsX0MPZKsAngsH1gC-I5opzwfPegaVKJQOiGsyj6I

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK jfXUM2sTnkNV-laZ
imgs.signifyd.com/ Frame CFC9 81 B
475 B 291ms
97ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/jfXUM2sTnkNV-laZ?1ab9e7a785c81870=qBjj09IZzNwPrlfHLjMwCHEWQRqgsApWOaGUnn5lkww-l8cUs-hqtvndmeDw1_tpFlq2jGlVfEShdxjRKzbukEu-ZyFWC7FE-M7y_s4--LKwaqbrBvWUE7FuCNOs6lTkKD1Vq6eusblFvSV_PcLFLVDXDNj3ZfjDW5wlkr4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame CFC9 81 B
538 B 291ms
96ms XHR
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/xJc4vnUMvHlJXqO6?5d43f296895c2a61=5RtqhAZ0XU79dpbYSbgX1PswzGeN90nFqd6GSiMZqF0gswPlToQfT47glNPD9zWX7xpJUqWfYwpYYPs_xNnEp5yoQ1sidomuDY5GcESr-ccfzAQdHWY6m5tmt3txlnMVQSCbEBp6B0pzF3Ot3KnI3JXjTEd9tUg4WdfwiZ0tMhAuwlzKLHsxZWIUZmXVf3e-IyDXeNTB5vTNm1nn&jb=3d3b2c2e62796f75355d63666e677f732e627b6d35556b666c657f732d32383939246a7b6a77374b60786f6d6d2c607b68354b687a6765672d3032393a3a

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, w2txo5aa/d2fa991e6b1b0727l2zmmzu0mzkyzmy4ymmwmwvmyzi4ythmywex
Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Thu, 04 Jan 2024 23:29:33 GMT
Server: Apache
Etag: 344cf3417bd54a9692a998ed78e25dd6
Content-Type: image/png
Access-Control-Allow-Origin: https://www.elfcosmetics.co.uk
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Tue, 02 Jan 2029 23:29:33 GMT

GET
H/1.1 200
OK 29i-CLSD11IW_VMx Show response
imgs.signifyd.com/ Frame 7CCD 90 KB
13 KB 101ms
100ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/29i-CLSD11IW_VMx?b075b1c4c6b880e6=aFuO9PzK8UZoAEfYV_FAq8eo07gVbk0lG_qZ-9AKwQiMTJr4ZwHjmi1UEUWlCUqnDRmVpAFbaB9P-tvR4I65eJVLS7T-UxVuUivmN7FZe_0waeWENLs4BBetoeCouSDiB9kPkxRsGTR-01YLpKqqX1fo2BkWWJ64I17LoVna7d5B2bTCgl0OrMcS4beiZ0WnA6VOeJsIDtfB9zhh86g

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

648cfbb799a7314b8783e7e0afa8a2da1d234f0c8f475e606fe3ded6f5981bf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 04 Jan 2024 23:29:33 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content EkgEfjcwOtpV5Pu7 Show response
imgs.signifyd.com/ Frame CFC9 0
387 B 98ms
98ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK q4TzcRo4cyqzbPA9 Show response
h.online-metrix.net/ Frame 090A 103 KB
15 KB 303ms
99ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/q4TzcRo4cyqzbPA9?e0f0b2ff28524e42=6h09U31vaOzlthUNFMPlziBPWRDpMwSI9m23PuxhIpwbtYXAlXpRLlKIFzt2mtBG5g5YB13ed03aUZD3uAZvrspZwQX5UcglCHNiIIg5WJv3J5_sAdr6G6pw-IuMJGstHQW09SzY4_G4Ssp0bIszDMy4GnSjJ_ctQUADaMxFTCQDO16TVS0Lvba7W37fYVuE4mMywswTqXElLC7ecL2C

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

a-sac.h.online-metrix.net

Software

Apache /

Resource Hash

044bd1c53f46b3fcde2820e7052c3b46c944d0aa415ef18f2c5488a9daa33559

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 04 Jan 2024 23:29:33 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK yDF2oopbWm35MxdU Show response
imgs.signifyd.com/ Frame C05C 90 KB
13 KB 108ms
100ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/yDF2oopbWm35MxdU?eb3e7cdde39db3a0=fmZa0kIDtApRe8loZtTse_5NZ6TS0N-dpcksBUr4EcBeSy9rAXDQOXv3v8OvYaVprn8dFxKpMgZ4b4lMwKK0VB9lhpCx3jCQScOU7ZTQgum47alFgVUp1r1tzgJb6PmN9QfE-krl-cZuz1DB33HGm4SMP3zfHVONpFZsGrHkn-CA3_HvBfO9jqTdQDFf-fThixd25kVuPdq7vugqsoVr

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

a1ce47e5ab61a063ff7a3cdb1bec6782f5dd500467a3595127895a70e49ecadf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 04 Jan 2024 23:29:33 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=97
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
204 EkgEfjcwOtpV5Pu7 Show response
imgs.signifyd.com/ Frame CFC9 0
218 B 136ms
98ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/EkgEfjcwOtpV5Pu7?dddd1f787ae80b20=jV4prHBd1pTWd6uUdMTpp4ncciriHYV-GbPsEteEq5OxmW4gdNsL7_P-YCw2l2bzMyWBwMT-fNUvr6jUckMF-Vfc7CtigiYD961o02Ys6VhvBzfcgv1ikrWGZeyEyDvOjIY7v-6j75CB1KjqR4v4budSsfo&ja=393a3f3a2e2c633d253c3a382c7235302e6e35333e323270393838302e616e353934303870333838382c737871373a703a2e6c707a35392e39343238243b3a30382c393e38322c393a323a24393c3030243b38383a243936383824333a3232243826382665743569303a32696a616e6b3f3d64646e6e6c316f69303439393c3538346031693d6926656e353c2e71636c35303e2e64623d687c7e7a7b2f3b49253a4e2d304e75757f266f64666b6f7b656d76696b7b2c6967267f6b253a4c696779656d74616b25617a6b6f61666b64732e7064353b2470603535326e3a3261613e68696e686d39313b6a3f313035636d386e3b626c623a6c3c2468603564693d3c3262613c3d3e6a3e3a3a343e3a30636c37346c306e6b663b31393f6b246a7b673f5d61666e6f777b2f38383b392e6a7b6a354160706d656d2f3a303932382e62716f7d355563666c6577732e60796a7f354b687a6765672e6c6a6b353e2e6e6c6d35302e6c6d7c783f3a2e7c70643d586b69616c616b253a4e406d666d6e7d647f2e6d6974607a353630383b663b6b3a68656338386f3e696b3d36383830306966333d3d3e38316e643c3d303a313c39663c6d696b32346c69333c6b6e6a643f3a3b333b333b3e692c6c7235687c7c7871253b4927384e2d3846777f7d246d666e6b6f7b656d76616171266b65267563253a4e6b6d73656d76636b2569726965636469667b2e70357864776f6b6c576e66697360253d4d6e636c7b6d237a647d6d696e577d63666e677f7357656d6661635d78646b71657a253d4d6e636c7b6d237a647d6d696e576b6e67686d57616b7a67606976273d4d6c696c7b65297864776761665d7b7d61696b7461676f2d3f4d6e61647b6d23786e776f61645773606f6b637f63766d2d374f6e69667365297a667d6d61665f7a6d696e786e63716d782d354d6669647b67217864776d616655766c6b557a646b716d722d3d4d64696e716d297a64756f6966576c6776696474782d3d4f666164796f297a647d67616657717e655d7e616f7f657a253d4d6e636c7b6d237a647d6d696e57606b7e6b2d3d456e6964716d246564576935776d626f645f67624f44273838392430253a3a22477a6d6647442d3a324d51273a383826302d32384b60706f65617767215f6f6247442f38384d445b4c2d3a38475b273038392438253a30204778676e4f442738384d592532384d465b462d3a304d5b2d3038332c382d3838436072676561776d215f676843617e57656a41637c2f3a38576d6a4f4e494c45444d55616e7b7469666b67645769707869717925334a2f38384f505c5f6a646d6c6c5d6f61666769782d334a2d3a3245505c5d69676465725f6a7f6c6e6f7a576869646e5d6e6e6d697c2f3b422d32384d50565f6e646d6b7c57686c65666e2f3b482d3a304d505c5d6e70636f576e6d707c682d3b4a2732384d5a5e577b6261646d78557c6f707c757a6d576e6766273b4a2f3a304d585c577c67787c7d706f576b656d707a6f797b6367665f6a787c612d31402d3a3a4d585c5f7c6d7076757a6d5d6967657a72657b79636764577a677c6b2d314a2730384d525c5f7c65707c7d7065576e6b667c6d785f61666379677e7a6770616b2d314a2730384d525c5f7b524f4a2d31422d3a32454d5b55656c6d676f667e57616e6c6d705d7d6b6c7c2d394a253a30474d5b5d666a675d786d666e657257676378676978253b4a2d30384d475b57797c616664697a6c5d646d7a6b7c697c6376657b2f394a2f3a384f4d5b57766d7a767d7a6f5766646f697c2d31422d3a32454d5b557465707e7f7a6f576e6c67697c5d646b6c6d69782d334a253a38474753577c67727c7d78655f606b666e556e646f697c2d314a273038474f5b5f7c65707c7d7065576063666e576c6c6f697e556463666d617a2d3b402d3032474d5957766d727c6d705d617a7a63735767686a656b7e2f3b482d3a305f4d4a45445d616764657a5f6a756e6e6d705f6e646d6b7c2d3942253a3a5d4d484f445f6b6765727a67717b6d6e57746d787c7d7a675f697b76692d3b482532385d4f4a4d445763676578706d71716d6c557c6570747d7a6d5d657c6b27394a2d3830574d484d44556b676d787a6d717b6766577c6f70747d726d576d7663392d31482d3a3a57454a4d4657696765707a6d7b716d665d7c6d727c757a65577b3b76632d3b402f3a385d45424f46556b656578726d7b7b676c5d766d707e7d726d5f7b3b7c615f7b7a65682d3b482532385d4f4a4d4457646d6a7d65577067666c6f7a657a5f61666e6d253b4a2738385f4f424744556e6d7a7c605f7c6d70767d70672d3b482d3238574d4a4f4e5f6c7a637d576a7f66666d78792d394a2d32385f4d404f4e5d6467796d5f6b6f667c6d7a742d3b402f3a385d45424f4655657f647c69576c7a637f33342e6f66576835336e6e3d66666e3c353e386c6e6334383d6f3e386a6d306d3f3c663a37373c3e3b38346c343a3d3124776f64743741667e656c2d383a41646b26267f6f6470354b6c7c6d662d3238497a617b27323847726f664f462532384f646f63666d266b6b6c3f39&jb=39373f2e647b3d4d6770636466692d324e3d26322d3032205f63666467777b2d3a324e5c2d303a39382430253b482f3a3a5f616e3e3c2d314a273038703c3c292d32384978726c6d5f676843617e25324e3f393f243b3e253a38204940564f442d384b253a3064616367253a38456f6b636529253a3a4960786765652d3a4e333a322c38263c3839312e393a312732385b636c697a6325324e3f393f243b3e

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK SD3w7peY65blOMRL
w2txo5aaitzludfp4z3nqresf7jp7wne5heipvied2fa991e6b1b0727sac.d.aa.online-metrix.net/ Frame CFC9 81 B
438 B 877ms
98ms Image
image/png 192.225.158.3
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aaitzludfp4z3nqresf7jp7wne5heipvied2fa991e6b1b0727sac.d.aa.online-metrix.net/SD3w7peY65blOMRL?fd6ed8a3f5707845=0z8MOzb4bnji35L3NMamTb1TGmz95L-0f-n6P7d4MwGw1llLx8flnfbVNvShWUvEFyb91v_3akpF12vTCUz01lfyWR1bTkxN3VkvAiHe3r9awVAecFmP8EgyD3_UjyDWZDRgFN3fhZPFa6Swvm6DYZ9-p49NaUhYf6Te

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.3 , United States, ASN30286 (THM, US),

Reverse DNS

d.aa.online-metrix.net

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Jan 2024 23:29:34 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 gm4gK-0-867i2Vbn
imgs.signifyd.com/ Frame CFC9 0
400 B 149ms
101ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/gm4gK-0-867i2Vbn?c39d0709eb1c9e6b=XuaIW4HBVRMznHFD60YcWAtO7PtGiABA5OKCRpVsCLl1whrbY-MHXCkrHm1SNxFRRI087nzTC5dgY9cnaAiVbMvEWtNT1JfcWKl_hgbjW_xpZtfa8yGoKTh_XvcM1EErZkjZuBPZuAjc9GnrtW6gc5HP9bL670REW4EwbzCtWC-sOXrNxzsJ2at45FucWuBVoK4KgX6xH5MElV8ARSE&jf=3c333c2e7b63645f7a646e357e6c7a5f727f5d517e666b4d4f45723664577c652e71696c57666b7c6d373137383e3e393a313f332e7b616657767b786d377f656a3a6d6b6c71612e7b6b6e57636f793d3b3a3f3139383933383e38353a633a3e3c326b653b64383a3833303e383a3869303c34386b6f396c3a3b3831383f38313c303238383e3a323b636c6a6e33613c6c61396938683433396f3d313e306b393e6a383a3033313c6c393d3839353c6b693063386c67686c393a3236316e3d386e6b3d343c396e353131333e30693d313d326c3f3d31363b6d3b3b6b3d3d39383133696a6f3c38383f3a38663c34316938323e333e36316b3c6736393e31323c6b3f37353d6b2c7b636c5773616f3531383637383a3838373e616b3d3063306b3b37326e3a3d31643b386839393f30303c316a353e3260313c3c3f313f3838693c64333b3f32333a3c3a39636e3d3d3a6e383e316e6e6e323a303338386c6b326c393a306d66333a6c313e6b393a61643a3f6c6b393c3065693f6b663f67306b693d6c3131656b383a33643d6a353f6e3d3a62306e3e6c6a3b6a3c61312e7b6b6e703f38

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content pPzUGBo5BOGgVqLm Show response
imgs.signifyd.com/ Frame 7CCD 0
387 B 98ms
97ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/pPzUGBo5BOGgVqLm?b5f7ee4981416767=Xw9L284N1HVIrs9WQWsYbO8nLJFkdFen5vYmDjUqJYvbrxs0KH8Ko-JMP6mmb2cIjxgOpWNT-uN24XoojfYa5mENjibL_Euvkk7xPYZmo6ajdisGu4D7i9UwUonN9jxPobhI4XIxkbVUIzXskbl2pegs-2o&jf=3b342c647b683d306c3a68313f313f326a3b38363a3a3a313e3b693831356e3c6a35313d6a6133

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/29i-CLSD11IW_VMx?b075b1c4c6b880e6=aFuO9PzK8UZoAEfYV_FAq8eo07gVbk0lG_qZ-9AKwQiMTJr4ZwHjmi1UEUWlCUqnDRmVpAFbaB9P-tvR4I65eJVLS7T-UxVuUivmN7FZe_0waeWENLs4BBetoeCouSDiB9kPkxRsGTR-01YLpKqqX1fo2BkWWJ64I17LoVna7d5B2bTCgl0OrMcS4beiZ0WnA6VOeJsIDtfB9zhh86g

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imgs.signifyd.com/29i-CLSD11IW_VMx?b075b1c4c6b880e6=aFuO9PzK8UZoAEfYV_FAq8eo07gVbk0lG_qZ-9AKwQiMTJr4ZwHjmi1UEUWlCUqnDRmVpAFbaB9P-tvR4I65eJVLS7T-UxVuUivmN7FZe_0waeWENLs4BBetoeCouSDiB9kPkxRsGTR-01YLpKqqX1fo2BkWWJ64I17LoVna7d5B2bTCgl0OrMcS4beiZ0WnA6VOeJsIDtfB9zhh86g
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 rY3RAR5bT4UibvjW
h.online-metrix.net/ Frame 090A 0
400 B 100ms
100ms Image
image/png 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/rY3RAR5bT4UibvjW?b302885f57507f39=VUUsH8XaKA1FlBxPZGWFQsb-UXN3KhvFwbmg4BJIww0Xba8ZrAI2GoWwVHuqgrh6jB_cTcI_jDvaJT3Nj7WKgeWdmaXgmY668Y_OUxL7cJ7S8hTPfa8_4yFiOmdSizNKv9ldEy2tYZ9vF-zL9x4RDizJ7Uvk0pl026rcroSTG1BB2xR_EfX4HqsPKu5vJZVoW9PvJh6-yKkNBnvpzIs&jf=3c33322e7b63645f7a646e357e6c7a5f5f4a43674d767a4e3c5041793b4b4f472e71696c57666b7c6d373137383e3e393a313f332e7b616657767b786d377f656a3a6d6b6c71612e7b6b6e57636f793d3b3a3f3139383933383e38353a633a3e3c326b653b64383a3833303e383a3869303c34386b6f396c3a3b3831383f38313c303238383e3e613f36303d3e67633938323d6c69396363696c6c6c3a6b3f346b316b316e63303a3a383f646e636a6d3f36386b6d3b386e3f3339353d333b3e6e6e6c623a3d303b3f63636a693a3c396c643d6d6b34316a6a306e6e6b3c33316a3a32313f6e39386d6c6e663834643b3d393e646c313838303034383961686e3e3d396538392c7b636c5773616f3531383634383a38393038636d383f3b323b3132326b396931626c3d386b6e6d39303d6d69336c32306d393f3f3169663a6e6b3a343e3b356c6c306c64613e6e6f3b3a3e3a623b3f3a373032303a393a38636e39313d6d3a386e6d31393c6a6939663f383d3e3a396d3738696b3a3a33603d303d6c38303330396b32356e6a643a3e386e3731313d6f39383d30346a6a3f247b6b647a353b

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

a-sac.h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://h.online-metrix.net/q4TzcRo4cyqzbPA9?e0f0b2ff28524e42=6h09U31vaOzlthUNFMPlziBPWRDpMwSI9m23PuxhIpwbtYXAlXpRLlKIFzt2mtBG5g5YB13ed03aUZD3uAZvrspZwQX5UcglCHNiIIg5WJv3J5_sAdr6G6pw-IuMJGstHQW09SzY4_G4Ssp0bIszDMy4GnSjJ_ctQUADaMxFTCQDO16TVS0Lvba7W37fYVuE4mMywswTqXElLC7ecL2C
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content EkgEfjcwOtpV5Pu7 Show response
imgs.signifyd.com/ Frame CFC9 0
387 B 98ms
98ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Jan 2024 23:29:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/

Domain: www.paypal.com
URL: https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Verdicts & Comments Add Verdict or Comment

113 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.elfcosmetics.co.uk/	1970-01-21 02:12:26	Name: _pxhd Value: 4DoEyk68flh53CLtqsjGZEAPdICaWrLIZq7iBFXaeTNunK9TYBKVXq9yvy50jjGbQyGMD8fGsZeyyvWCDqinLw==:Bw8tHeiHsukQ53Vt8JYBwoi3eNdsU4-W1Y42NTvSGCDB4kjdlHofvAoJ4KL3s9QgHUR2cwna9eboC22Hk0s0I-S-sYL4KcnaLAI1KS2wMJU=
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: lxzLSYlU-7E
.youtube.com/	1970-01-20 21:46:02	Name: VISITOR_INFO1_LIVE Value: aWfmdDN3wtE
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: initAuthComplete Value: true
.elfcosmetics.co.uk/	1970-01-21 03:02:50	Name: ab.storage.sessionId.ee22cddf-904f-484e-a004-0181ff9a3268 Value: %7B%22g%22%3A%22c10f499c-a229-e5ad-d530-e56c8c11adf6%22%2C%22e%22%3A1704412769236%2C%22c%22%3A1704410969236%2C%22l%22%3A1704410969236%7D
.elfcosmetics.co.uk/	1970-01-21 03:02:50	Name: ab.storage.deviceId.ee22cddf-904f-484e-a004-0181ff9a3268 Value: %7B%22g%22%3A%2297cab59d-793f-6cc5-c50d-645768c9a7a9%22%2C%22c%22%3A1704410969239%2C%22l%22%3A1704410969239%7D
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: scapi Value: prd:2dab3a1a-b4c6-4993-b31a-c82cce4f3fb2:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJkYWIzYTFhLWI0YzYtNDk5My1iMzFhLWM4MmNjZTRmM2ZiMiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMDk0MCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrS3BGd0hsRmt1Y1J3SHBIbEdZWW1ySVg6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjc3MCwiaWF0IjoxNzA0NDEwOTcwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NTU1MTk3NjYwMzc3NDQ3In0.UIbIHrIrt4Bl9bd3grX3LixGVJof-BszQaeYIex-MJDoF36fif1RzouQoCZUwVerrna5T228tSReqrr-HENqRw
.elfcosmetics.co.uk/	1970-01-21 02:12:26	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Jan+04+2024+13%3A29%3A31+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202211.2.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcosmetic-criminals&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C5%3A0%2CSTACK42%3A0
.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: pxcts Value: 1c71d45d-ab59-11ee-bc48-48c4cc400637
.elfcosmetics.co.uk/	1970-01-21 02:12:26	Name: _pxvid Value: 1932ad1a-ab59-11ee-9bb3-194f1f68e7c3
www.elfcosmetics.co.uk/	1970-01-20 21:46:02	Name: dwanonymous_d0d57f92086b8d4216742497990aeda2 Value: abkKpFwHlFkucRwHpHlGYYmrIX
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: dwsid Value: gwuDlkGmVTwTmcQR5UMPUlZG0x-FhrynGJ5IQtMdnolirvhtY26t5KZTm17_CVvvfemNbNLvNHhptKHAM9HsRA==
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: __cq_dnt Value: 1
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: dw_dnt Value: 1
.elfcosmetics.co.uk/	1970-01-20 17:26:51	Name: _px3 Value: 21eaa74179f2d5bcebab993cc520d55a1fc8710fb820a0f8e7c83c7ef387583e:A6ARZ9Y696nWRy3kwLin3GDzCt5UFABOnJH0xTP7sVCEsFGQmJHBCzMAxD05O8arrYcTYQFDivyKgrTUi0P07g==:1000:C3v/F2QageNCjZL+AS3R+LLpdiU5ZGFn8mU5Xxl4g/sDxvxmeafHHQ/Iid9eJJdcgmISvp/r5tUxnX6TThK7NQ3r64KPrB+YFybFO1QlLfkApDDqFEcVPwZVjk7zI341g2q4RMB3njl9H+RRMjXecPQzOIWPpVkKgS7mso8lN/aMER9oZV/vqGxBkuoEeq+LdScjxlxYo63e23VeTNRe54C/ilNx1xC2ferr3cUoQeA=
imgs.signifyd.com/	1970-01-21 03:02:50	Name: thx_guid Value: 49a52403bf182675e47f585f007a8065

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.elfcosmetics.co.uk/cosmetic-criminals(Line 349) Message: Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ from frame with URL https://www.elfcosmetics.co.uk/cosmetic-criminals. Domains, protocols and ports must match.
security	error	URL: https://www.elfcosmetics.co.uk/cosmetic-criminals(Line 349) Message: Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ from frame with URL https://www.elfcosmetics.co.uk/cosmetic-criminals. Domains, protocols and ports must match.
security	error	URL: https://www.elfcosmetics.co.uk/cosmetic-criminals(Line 349) Message: Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ from frame with URL https://www.elfcosmetics.co.uk/cosmetic-criminals. Domains, protocols and ports must match.
javascript	error	URL: https://www.elfcosmetics.co.uk/cosmetic-criminals(Line 349) Message: Access to image at 'https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=o_' from origin 'https://www.elfcosmetics.co.uk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=o_ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/OtAutoBlock.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.media.amplience.net
cdn.static.amplience.net
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
elfcosmetics.a.bigcontent.io
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
i.ytimg.com
imgs.signifyd.com
jnn-pa.googleapis.com
qoe-1.yottaa.net
sdk.iad-05.braze.com
static.doubleclick.net
t.paypal.com
w2txo5aaitzludfp4z3nqresf7jp7wne5heipvied2fa991e6b1b0727sac.d.aa.online-metrix.net
www.cosmeticscriminals.co.uk
www.elfcosmetics.co.uk
www.google.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.youtube.com
cdn-fsly.yottaa.net
www.paypal.com
13.226.139.94
151.101.129.21
151.101.2.133
151.101.65.35
151.101.66.133
173.231.16.77
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
204.2.133.238
204.2.133.97
2606:4700:4400::6812:2089
2606:4700:4400::ac40:91b7
2606:4700:4400::ac40:952f
2606:4700:4400::ac40:9ba6
2606:4700::6812:83ec
2607:f8b0:4004:c06::5e
2607:f8b0:4004:c06::94
2607:f8b0:4004:c07::9c
2607:f8b0:4004:c09::5e
2607:f8b0:4004:c17::67
2607:f8b0:4004:c1d::77
2607:f8b0:4004:c1f::5f
2607:f8b0:4004:c1f::88
2a04:4e42:200::649
35.190.10.96
64.71.161.52
044bd1c53f46b3fcde2820e7052c3b46c944d0aa415ef18f2c5488a9daa33559
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
0b063bab914cd51698d508946cdadd5faa1e3221a46639ea9c5cb6bae54dd69e
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
1f94185bf320b088eb3c40b75de95ac8516680f4036bd287131b34f9c058146a
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
2d5ce843cf166fdb4108ebcfe16b22da332149e2bcb4b7d93b3abd0d93e2def8
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
349a84fa24c5bda7424681c4ab9a0d265a0966a963f47e975dc5f7f347e3bb1d
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eaee003132998954eb9a92eea8c3fc12785b3d8f862457022d53d1b2fdd8408
40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0
41c6b339f802ba9fa5ecb3ee0c132a5b167f73fdeda6aee6a550e9e100e09eab
49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b
4973f562e7d8f8ad478be1fe1090639ca7b50af5f98c5c13efe61d22fb72665e
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4eb2da79c4791185df402f50cb6df720163c17fe2ecd0a4b6615a2fe054674d7
4ecc34627d4103fbb8d709b714d9489ee16f6f15a153fab36fca0df2dcaf2a77
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8
5a0e2b951191e60b6c3905118d84d9a95a309d355c4eb71dfead2ae2866683ee
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
60dfcadddf11dacb678cf78e8b2fc4af594f6fc5993f9e5141ca0a8fa76e634b
648cfbb799a7314b8783e7e0afa8a2da1d234f0c8f475e606fe3ded6f5981bf2
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
692db01eb703744d633776b15675c6b2c761732ca585236d376836bf6f04bc9e
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
6ba07ba06a310dd256e809b55b3176a61a570a1e9f426a915ea94802b9d8b1b4
6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
71bd66530457656271aa253073fb867cdc9068586f7af54e341667687162909e
71cfd0bf781e3f393bca283fc9d44777a2036985a4ffe9abedf14909e63a8aef
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
744f83518728b979fb7e008389501d1acaa5a3086284274c296f26c5d4cfc8e4
76d3662043ed718a13f5ad2e428a21b577617ed3b93ed7bd96a11abe91e45cf6
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7ac9f0e85d1ed4d4ccf7a151ec6b9b80f89baa745841db8efd82713671ff5ab8
7daaea0e23f1b46b8cee7ee002e8b5e16dcd602bae7990a073e6f77a40a33984
8074b63148ebcad03c29f975e0ab7b8146a110122cede91da99d754948e9b548
83f77701d6f8aa2b017e97775fc33276e34463fbe98df196a11d363bca8c3359
8641559408860c1dad48a8852756eae102c740b81dd3a21942616306d9b214cf
8b311b78042906393bf9c3cdc5bc8115b450b8b31905b1641dec7246fbd4cc85
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
9003538d285387a735ad8de4876c96bb1226b211ee99fa317602c18833224afa
907548f0fe7742909ca8ac678d0f172fdd710362ddd32e76789320ef33e1ccf2
90866b38fd24be6bed2586596319aa9965540d37b043d325b6003a3f287d2f79
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
949062629321267f5e4f5d183435ab758ad7898afe2b31dc262b6b164167ffa0
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
955ccac61897c63128bfc33ade0c7146b9ec248819fdc603df76fb4c9437a0a0
98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2
a1ce47e5ab61a063ff7a3cdb1bec6782f5dd500467a3595127895a70e49ecadf
a1d6de537229f01759118be8fdbf1f5fc8a8b9268547b937133a6587978ecca1
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a6cbc4c9c0b39f6d4edd8d4db4e73971e23c1e4b8b9b6ddd5956164b87fd3ebc
a849e2087ba3ca3777d4b4691ee8c049998b464d490adb00bcafd82a28fa1095
aa495e61a7d438cf4e9414dd5eebf26a7bb7b22eb285c2fcf32f3efdcd4693e9
af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615
b0ae6ca3caa68945caf45f000efe5b8a052d45d9438cd4ca92221abe5c05e707
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b6cb28349e6bad5f5440bcb1cb7f8e0f57b0d3209c30cfea30f52d102423688e
ba74f9b9f217f2c2e5407a5d72b0d555163a2edd5670da8c550df637d1a2004f
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
beaa4c503cc4f487c171dc19522dce562ed66b888ca64913bc6b0db58cf0d166
bf3cadd76a2c0e1738fe366ed6210b4cb78ea5ac3ffbbd75d8e79891a18d8f5e
c856ca647a5edf9ff56752649cd2bbd3d6d6fb2263d1b473a255534f5bf6f830
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca67abd72277ede1c07eeb903847d902d19ec6e30fb5780a24ddff9d788bb300
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346
d7c9e4e779e47df423f71fb793ce4939653587d8b92a5bc2fb58fe9fa8fe1d3e
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1
e30b05da95d8a3b7d9bd18879b0c06638a5d1f8a03b6bd5757d77800d31889aa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e76f40a34df68fdf68caa572f3ba73162065a0439aa24cdd7d84ed708accb6a0
e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f
ec084c769d56ea0093b6fb53e9e4d4d8cfbba7eb29e40e52a9ab77e92222c5c9
ec94591b09bba9af510903ef3dd17e2fefc7aaa70dfd3777fa662512d9cd1748
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
efa6432d15fa717e69d5236fb10926c93dad01d818854cda386c1de369d9b829
f3e566b867796840e8e18c0cdb409fbb1eda960c7411e3dc84f1d007c481793e
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
f932c8fa69f555f96f55f085e4b5bd1aaef01aaa46546976337d3b4d6b13daf1
fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5

www.elfcosmetics.co.uk Open in urlscan Pro 204.2.133.97 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

140 Requests

91 %HTTPS

50 %IPv6

21 Domains

28 Subdomains

28 IPs

1 Countries

11703 kBTransfer

22663 kBSize

16 Cookies

17 Outgoing links

Page URL History

Redirected requests

140 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.elfcosmetics.co.uk Open in urlscan Pro
204.2.133.97 Public Scan

Screenshot
Live screenshot

Full Image

140
Requests

91 %
HTTPS

50 %
IPv6

21
Domains

28
Subdomains

28
IPs

1
Countries

11703 kB
Transfer

22663 kB
Size

16
Cookies

140 HTTP transactions
3 data transactions