urlscan.io logo urlscan.io
SecurityTrails logo

store.xecurify.com Open in urlscan Pro
54.82.41.4  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://candyapples.net/
Effective URL: https://store.xecurify.com/moas/shopify/firewallAccessDenied
Submission: On July 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 14 domains to perform 32 HTTP transactions. The main IP is 54.82.41.4, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is store.xecurify.com. The Cisco Umbrella rank of the primary domain is 203791.
TLS certificate: Issued by Amazon RSA 2048 M03 on March 15th 2024. Valid for: a year.
This is the only time store.xecurify.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 15.197.225.128 16509 (AMAZON-02)
8 2620:127:f00f... 13335 (CLOUDFLAR...)
4 2620:127:f00f... 13335 (CLOUDFLAR...)
1 2a04:4e42::649 54113 (FASTLY)
1 184.95.45.52 20454 (SSASN2)
2 6 54.82.41.4 14618 (AMAZON-AES)
4 23.227.38.74 13335 (CLOUDFLAR...)
1 2620:127:f00f... 13335 (CLOUDFLAR...)
1 151.101.66.133 54113 (FASTLY)
1 23.227.60.200 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 192.229.133.221 15133 (EDGECAST)
32 12
1    15.197.225.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: aec037177372cc6cd.awsglobalaccelerator.com
candyapples.net
8    2620:127:f00f:e:: (Canada)

ASN13335 (CLOUDFLARENET, US)
www.candywarehouse.com
4    2620:127:f00f:ff01:: (Canada)

ASN13335 (CLOUDFLARENET, US)
cdn.shopify.com
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    184.95.45.52 (United States)

ASN20454 (SSASN2, US)
searchserverapi.com
6    54.82.41.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-41-4.compute-1.amazonaws.com
store.xecurify.com
4    23.227.38.74 (Ottawa, Canada)

ASN13335 (CLOUDFLARENET, US)
PTR: shops.myshopify.com
www.candywarehouse.com
1    2620:127:f00f:ff00:: (Canada)

ASN13335 (CLOUDFLARENET, US)
shop.app
1    151.101.66.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
static.klaviyo.com
1    23.227.60.200 (Canada)

ASN13335 (CLOUDFLARENET, US)
PTR: cdn.shopify.com
cdn.shopify.com
1    2606:4700::6810:dfb3 (United States)

ASN13335 (CLOUDFLARENET, US)
static.afterpay.com
1    192.229.133.221 (United States)

ASN15133 (EDGECAST, US)
www.w3schools.com
Apex Domain
Subdomains		 Transfer
12 candywarehouse.com
www.candywarehouse.com
270 KB
6 xecurify.com
store.xecurify.com — Cisco Umbrella Rank: 203791
16 KB
5 shopify.com
cdn.shopify.com — Cisco Umbrella Rank: 2357
11 KB
1 w3schools.com
www.w3schools.com — Cisco Umbrella Rank: 22461
5 KB
1 afterpay.com
static.afterpay.com — Cisco Umbrella Rank: 20044
8 KB
1 klaviyo.com
static.klaviyo.com — Cisco Umbrella Rank: 3409
2 KB
1 shop.app
shop.app — Cisco Umbrella Rank: 3288
575 B
1 searchserverapi.com
searchserverapi.com — Cisco Umbrella Rank: 22290
3 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 816
30 KB
1 candyapples.net
candyapples.net
170 B
0 aspnetcdn.com Failed
ajax.aspnetcdn.com Failed
0 kxcdn.com Failed
searchanise-ef84.kxcdn.com Failed
0 tidio.co Failed
code.tidio.co Failed
0 turnto.com Failed
widgets.turnto.com Failed
32 14
Domain Requested by
12 www.candywarehouse.com www.candywarehouse.com
6 store.xecurify.com 2 redirects www.candywarehouse.com
store.xecurify.com
5 cdn.shopify.com www.candywarehouse.com
1 www.w3schools.com store.xecurify.com
1 static.afterpay.com www.candywarehouse.com
1 static.klaviyo.com www.candywarehouse.com
1 shop.app www.candywarehouse.com
1 searchserverapi.com www.candywarehouse.com
1 code.jquery.com www.candywarehouse.com
1 candyapples.net 1 redirects
0 ajax.aspnetcdn.com Failed searchserverapi.com
0 searchanise-ef84.kxcdn.com Failed searchserverapi.com
0 code.tidio.co Failed www.candywarehouse.com
0 widgets.turnto.com Failed www.candywarehouse.com
32 14

This site contains no links.

Subject Issuer Validity Valid
www.candywarehouse.com
E1		 2024-05-30 -
2024-08-28		 3 months crt.sh
cdn.shopify.com
E6		 2024-07-01 -
2024-09-29		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
searchserverapi.com
E6		 2024-06-27 -
2024-09-25		 3 months crt.sh
xecurify.com
Amazon RSA 2048 M03		 2024-03-15 -
2025-04-14		 a year crt.sh
shop.app
E1		 2024-05-25 -
2024-08-23		 3 months crt.sh
static.klaviyo.com
R3		 2024-05-12 -
2024-08-10		 3 months crt.sh
afterpay.com
GTS CA 1P5		 2024-06-02 -
2024-09-01		 3 months crt.sh
*.w3schools.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-04-03 -
2025-05-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://store.xecurify.com/moas/shopify/firewallAccessDenied
Frame ID: 5ACFCDA9E93A0C2227E5CBA04D43D0FF
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Access Denied

Page URL History Show full URLs

  1. http://candyapples.net/ HTTP 307
    https://candyapples.net/ HTTP 301
    http://www.candywarehouse.com/ HTTP 307
    https://www.candywarehouse.com/ Page URL
  2. https://store.xecurify.com/moas/shopify/firewallAccessDenied Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.afterpay\.com
Overall confidence: 100%
Detected patterns
  • klaviyo\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

32
Requests

81 %
HTTPS

42 %
IPv6

14
Domains

14
Subdomains

12
IPs

2
Countries

344 kB
Transfer

1702 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://candyapples.net/ HTTP 307
    https://candyapples.net/ HTTP 301
    http://www.candywarehouse.com/ HTTP 307
    https://www.candywarehouse.com/ Page URL
  2. https://store.xecurify.com/moas/shopify/firewallAccessDenied Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://candyapples.net/ HTTP 307
  • https://candyapples.net/ HTTP 301
  • http://www.candywarehouse.com/ HTTP 307
  • https://www.candywarehouse.com/
Request Chain 28
  • https://store.xecurify.com/moas/shopify/style.css HTTP 302
  • https://store.xecurify.com/moas/initialize HTTP 302
  • https://store.xecurify.com/moas/login

32 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.candywarehouse.com/
Redirect Chain
  • http://candyapples.net/
  • https://candyapples.net/
  • http://www.candywarehouse.com/
  • https://www.candywarehouse.com/
439 KB
69 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6454dcf50a0b2a73cae632fe1bbed47800e9434864e8693c6ba6c4480c47f9e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
89d1272e4bd5049b-FRA
content-encoding
br
content-language
en
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Tue, 02 Jul 2024 19:48:23 GMT
etag
"cacheable:dacf65a3e79f88dc5e0556f814ffd234"
link
<https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVxfUGSqoXnrIrjfEg7EHqU4lXXtuOn4J%2BdoYNtAqKKgxJUJyvIGvXJOfSZ6Tz%2FXMLQBOhMhBEu4PM811tN27kQED5crNo4VFoMJREX6CD%2BWEyhPCqD7WT2VccY%2BsbpWqO0nXhbM1Ncp9W%2FG1WDAyEPKrpQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=444;desc="gc:102", db;dur=58, fetch;dur=1, render;dur=100, wasm, asn;desc="201011", edge;desc="FRA", country;desc="DE", theme;desc="142968914170", pageType;desc="index", servedBy;desc="h84k", requestID;desc="75f26039-68f8-4072-a6fc-46c452b443b3-1719949703" cfRequestDuration;dur=503.999949 ipv6, earlyhints
strict-transport-security
max-age=7889238
vary
Accept
x-cache
miss
x-content-type-options
nosniff
x-dc
gcp-europe-west3,gcp-europe-west1,gcp-europe-west1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
75f26039-68f8-4072-a6fc-46c452b443b3-1719949703
x-shardid
249
x-shopid
63625199866
x-shopify-nginx-no-cookies
0
x-sorting-hat-podid
249
x-sorting-hat-shopid
63625199866
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block

Redirect headers

Location
https://www.candywarehouse.com/
Non-Authoritative-Reason
HttpsUpgrades
lazysizes.aio.min.js
www.candywarehouse.com/cdn/shop/t/98/assets/ 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cdn/shop/t/98/assets/lazysizes.aio.min.js?v=158897588034173888241717783851
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdac22006f59b004f0eda365219f37f97722979926f2ae448836936a704562f9
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-east1
age
2165637
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=181.599, imageryFetch;dur=107.346, cfRequestDuration;dur=32.000065, ipv6
alt-svc
h3=":443"; ma=86400
content-length
9128
x-xss-protection
1; mode=block
x-sorting-hat-shopid
63625199866
x-request-id
040e2363-d557-4ea7-b862-ff393a9d496e-1717783902
last-modified
Fri, 07 Jun 2024 18:11:43 GMT
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IDG2nQkFH5PS8gikO4%2F9tDOPny4DG57iL4G3VSVflMj7Fo6cuP%2FQxvSo9NWilOG8WG6R4bTLa5WvbdU1ZmD0IcOgrUa%2BMXe9tBYqRfH9XkhconwVIZ4whwmG1TF%2BjAyoDbb3cvvk81WulJE2bL5wnkKInQs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
x-download-options
noopen
accept-ranges
bytes
cf-ray
89d12731b8f9049b-FRA
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0636/2519/9866/t/98/assets/lazysizes.aio.min.js>; rel="canonical"
x-sorting-hat-podid
249
vendor.aio.min.js
www.candywarehouse.com/cdn/shop/t/98/assets/ 		95 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cdn/shop/t/98/assets/vendor.aio.min.js?v=41859901124936010441717783851
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a4db641e64aba04fb37b4cb9ec067c6182690d88b41d961390a4a72981599c9
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-central1,gcp-us-central1
age
1824911
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=74.765, imageryFetch;dur=61.292, cfRequestDuration;dur=47.000170, ipv6
alt-svc
h3=":443"; ma=86400
content-length
27294
x-xss-protection
1; mode=block
x-sorting-hat-shopid
63625199866
x-request-id
94e2ffbd-ead6-47f1-99e9-7c4dee075546-1717783902
last-modified
Fri, 07 Jun 2024 18:11:43 GMT
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OYoLb7LfuofeV0SYqmFSmk9pZpsSyUQZyEqNBGgpOXhKr3eSAyb4a4g8%2FDn8%2Bx0IVwTTWOajOzqTHSlE2ufIS9nA3YFSetpDMsPhI1B3OvnEhlna%2F49uZIB9rBDlASFDe%2FxFIXu2P2Q9QKQePzzJev7xDsw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
x-download-options
noopen
accept-ranges
bytes
cf-ray
89d12731b8fc049b-FRA
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0636/2519/9866/t/98/assets/vendor.aio.min.js>; rel="canonical"
x-sorting-hat-podid
249
theme.aio.min.js
www.candywarehouse.com/cdn/shop/t/98/assets/ 		444 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cdn/shop/t/98/assets/theme.aio.min.js?v=63556128558602104521717783851
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cff72db9ac4cb08ac60c0587b43e915c6905477e5ef6aac89bfb9e2480a8342
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-east1
age
1755984
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=105.135, imageryFetch;dur=73.597, cfRequestDuration;dur=43.999910, ipv6
alt-svc
h3=":443"; ma=86400
content-length
76992
x-xss-protection
1; mode=block
x-sorting-hat-shopid
63625199866
x-request-id
0ee0d174-717f-45ce-b46f-bdd563597d42-1717783902
last-modified
Fri, 07 Jun 2024 18:11:43 GMT
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pKPDSh%2FQOhmJ4Bm4298n9N9aZwiomhTnR%2BiD3ZI2%2FvY9SQ2dWa1L0FnIPe98DywkiX%2B2X%2BLiH%2FtoYa2%2FHcBfznZngp%2FkXdcJDxLwPrbmaOR49xMkNfBtSEfGVrRmSaNnwR4kjhTtu0G7Aklmo0TTL3Gb1V0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
x-download-options
noopen
accept-ranges
bytes
cf-ray
89d12731b8fd049b-FRA
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0636/2519/9866/t/98/assets/theme.aio.min.js>; rel="canonical"
x-sorting-hat-podid
249
theme.min.css
www.candywarehouse.com/cdn/shop/t/98/assets/ 		438 KB
59 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cdn/shop/t/98/assets/theme.min.css?v=183047871713161377341717783851
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01cf1f54304ab4b7e789be250b6af18be10a1e5e53374dd772fce9562ae5dd2a
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-central1,gcp-us-central1
age
1824910
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=158.232, imageryFetch;dur=32.294, cfRequestDuration;dur=25.999784, ipv6
alt-svc
h3=":443"; ma=86400
content-length
59392
x-xss-protection
1; mode=block
x-sorting-hat-shopid
63625199866
x-request-id
7665bf08-8acd-466f-afe3-c1a6096ea04e-1717783902
last-modified
Fri, 07 Jun 2024 18:11:43 GMT
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LvrUq5llaHQl4gyaaV5d0ebwRIDkKdzcfopYVFiSpyyaEigFNKl%2BoHV9kGHe8qXeDH4sebO5oyPiByQM9II1sMz30Zz6Kcmj%2FvpJRtAQssiU8bsycVlfUo6MX%2FdZuYWjVOi1uJm0hEUqkCc7zDFqqoF2g9I%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
x-download-options
noopen
accept-ranges
bytes
cf-ray
89d12731b8f6049b-FRA
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0636/2519/9866/t/98/assets/theme.min.css>; rel="canonical"
x-sorting-hat-podid
249
quick-add-to-cart.aio.min.js
www.candywarehouse.com/cdn/shop/t/98/assets/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cdn/shop/t/98/assets/quick-add-to-cart.aio.min.js?v=117125094050151676481718074589
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
611efaba058b379469b79bd0f3b8c001c08a73ed4bc1d7d17f9035dc8fbae236
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-central1
age
1806206
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=106.559, imageryFetch;dur=80.806, cfRequestDuration;dur=28.999805, ipv6
alt-svc
h3=":443"; ma=86400
content-length
456
x-xss-protection
1; mode=block
x-sorting-hat-shopid
63625199866
x-request-id
247cdc6b-4eb7-45ec-acfe-abd1ec83e0ab-1718074590
last-modified
Tue, 11 Jun 2024 02:56:30 GMT
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ojXwhJpEbFipl7F8l8rBQfbu29rAqg%2Fe8VFMK7rStYXO3QkB6vdRlZxSQGRjQhW0hML%2FORIEn7lKRYy%2BA0aBwAV8nMCGhZQbBa82IVpksawohpCobq28kmKF8Z9mlPPY0m1%2BWg681CHpEG64LhNYSP1GgdA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
x-download-options
noopen
accept-ranges
bytes
cf-ray
89d12731b901049b-FRA
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0636/2519/9866/t/98/assets/quick-add-to-cart.aio.min.js>; rel="canonical"
x-sorting-hat-podid
249
option_selection_5712952b-0591-4f8e-a2bd-a2e7a70d9f52.js
cdn.shopify.com/s/files/1/0617/7298/8603/files/ 		127 B
686 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0617/7298/8603/files/option_selection_5712952b-0591-4f8e-a2bd-a2e7a70d9f52.js?v=1659206952
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:ff01:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0f2e421d977757f17c8387d9eed4f425745e6460e1c5704d7219178633fe7d9
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-central1
age
4330978
server-timing
imagery;dur=61.350, imageryFetch;dur=48.658, cfRequestDuration;dur=41.999817, ipv6
alt-svc
h3=":443"; ma=86400
content-length
114
x-xss-protection
1; mode=block
x-request-id
7d8af07b-7497-4670-8d9c-86ca70047cad-1715618720
last-modified
Mon, 13 May 2024 16:45:21 GMT
server
cloudflare
x-shopid
61772988603
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BY1omaTHCP9Y6neg7RS10I6rG%2FLuhK7wLYH3IHGwi7iEVapPXHAyfWQGvLk3j5KsZ5tvBj05fTn%2FMZmlDX%2BAPPA5I%2BZU60xysGhJsQhF2tf88WFmr2mLttb2jlbTWhCoaiA2sVQ67XczWRrvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0617/7298/8603/files/option_selection_5712952b-0591-4f8e-a2bd-a2e7a70d9f52.js>; rel="canonical"
cf-ray
89d12731be151da0-FRA
preconnect.js
cdn.shopify.com/s/files/1/0617/7298/8603/files/ 		830 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0617/7298/8603/files/preconnect.js?v=1659207000
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:ff01:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd1131db170033a158806fa2c201313d8061df3abb205265b6aa25eb04a0a38c
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:23 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-dc
gcp-us-central1,gcp-us-east1
age
4322178
server-timing
imagery;dur=87.928, imageryFetch;dur=79.008, cfRequestDuration;dur=35.000086, ipv6
alt-svc
h3=":443"; ma=86400
content-length
358
x-xss-protection
1; mode=block
x-request-id
aecafbc9-13f8-4e12-b102-6d737f95c03d-1715627524
last-modified
Mon, 13 May 2024 19:12:05 GMT
server
cloudflare
x-shopid
61772988603
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dP7vqyOMTdX7F4xqiPi5jVDTZXmKz5IyEz0dqxDER1fmi1t6VwA4fQdZ60pdsarkGhe6vrh062T0JRrFqI5JmK%2FTJs5ZJD%2BzSdeuJ6st%2BRQSO4BkTdmbQ%2BMhO0t5dXuU0YO3gWIPIvq%2FhO4IHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0617/7298/8603/files/preconnect.js>; rel="canonical"
cf-ray
89d12731be1a1da0-FRA
font-settings.aio.min.css
www.candywarehouse.com/cdn/shop/t/98/assets/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cdn/shop/t/98/assets/font-settings.aio.min.css?v=98464137025494802221717783851
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0033c6aa9420454e9735a56a8df8ec120f50b57e762a683c95e32c00064a8dc
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-central1,gcp-us-east1
age
1820208
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=105.280, imageryFetch;dur=90.677, cfRequestDuration;dur=32.999992, ipv6
alt-svc
h3=":443"; ma=86400
content-length
527
x-xss-protection
1; mode=block
x-sorting-hat-shopid
63625199866
x-request-id
50fb66ff-3e6c-426e-bd1e-fd2cd534c0ce-1717783902
last-modified
Fri, 07 Jun 2024 18:11:43 GMT
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BE8oLLAevRPWqSzx8FYt9FGrtt9R6tDF4gCTSFTDkN6UKf0WNS9Ff%2BxYHiU8iCHHxHsR67bm18vo4E1Yoph7fUT1PeuQ0cbNl9UL5ZDRjV2gSnQKkOGVaVoRMRmRGyP4vqwCuCX6X%2FBBNSNiKXRl20Te%2F%2Bo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
x-download-options
noopen
accept-ranges
bytes
cf-ray
89d12731c904049b-FRA
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0636/2519/9866/t/98/assets/font-settings.aio.min.css>; rel="canonical"
x-sorting-hat-podid
249
custom.min.css
www.candywarehouse.com/cdn/shop/t/98/assets/ 		1 KB
839 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cdn/shop/t/98/assets/custom.min.css?v=132293651894807298431717783851
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3483b757b1586ee1d1b7d03f4af6ca62c5b9e969caceca893218dd3ac787422f
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-central1
age
1822631
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=50.436, imageryFetch;dur=38.659, cfRequestDuration;dur=26.999950, ipv6
alt-svc
h3=":443"; ma=86400
content-length
302
x-xss-protection
1; mode=block
x-sorting-hat-shopid
63625199866
x-request-id
fcd777d0-5411-4ec1-ae91-feff048b3af1-1717783902
last-modified
Fri, 07 Jun 2024 18:11:43 GMT
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gLsatESIf19UDVYj4Mi3X7qroI7JVLLNiBSBRVBIl95vQVAaOHwPuOK9%2FsNRHuWxXvPgcjp9entdtzkSPQyQDLDVwQJzsBXc%2BDO%2FrOiB%2BLoLDeZPmOCwlg4z%2Fq0MzEcWDVDZCrM8ZQtu3Hg6cQXXJ6PraYk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
x-download-options
noopen
accept-ranges
bytes
cf-ray
89d12731c906049b-FRA
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0636/2519/9866/t/98/assets/custom.min.css>; rel="canonical"
x-sorting-hat-podid
249
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Origin
https://www.candywarehouse.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
1354275
x-cache
HIT, HIT
content-length
30875
x-served-by
cache-lga21931-LGA, cache-mxp6968-MXP
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1719949704.065205,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
19, 358410
init.js
searchserverapi.com/widgets/shopify/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://searchserverapi.com/widgets/shopify/init.js?a=8A3Q1f8y1j
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.95.45.52 , United States, ASN20454 (SSASN2, US),
Reverse DNS
Software
nginx /
Resource Hash
2093cce11df69f1ef401044631c181b025b9aa567b3d45d0476ae56c066203c3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 02 Jul 2024 19:48:24 GMT
content-encoding
gzip
last-modified
Tue, 02 Jul 2024 07:05:23 GMT
server
nginx
etag
W/"6683a6b3-1abb"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
expires
Tue, 02 Jul 2024 19:48:23 GMT
check
store.xecurify.com/moas/rest/shopify/ 		87 B
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://store.xecurify.com/moas/rest/shopify/check?shop=candywarehouseinc.myshopify.com
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.82.41.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-41-4.compute-1.amazonaws.com
Software
Apache/2.4.58 () OpenSSL/3.0.8 /
Resource Hash
226e45a90f334806b17268e14ef268079c96729409f0c3247ec3f8da1aba705c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
access-control-allow-credentials
true
server
Apache/2.4.58 () OpenSSL/3.0.8
access-control-allow-headers
Content-Type,Authorization
access-control-max-age
3600
access-control-allow-methods
POST,GET,OPTIONS,DELETE,PUT
content-type
application/json;charset=UTF-8
preloads.js
www.candywarehouse.com/checkouts/internal/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/checkouts/internal/preloads.js?locale=en-US
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
838b1fd9682ea2ccc8dac94a93929838786e96e2dd6bb686eec1157f33e2ba1e
Security Headers
Name Value
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
strict-transport-security
max-age=7889238
x-content-type-options
nosniff
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
server-timing
cfRequestDuration;dur=71.000099
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yExAq2IRXh5uMwaXXfcl0jAIw82zRusvJcF9D1pJjPRtiA1BYaZIFutBuEREoaqNZmD1TSXrBdLN2Zx6mb3yz4pLkLwKejmH6BAr8NjXMtz9cP6mgDIJy5SGk3ppa8FUdd15ykjONes%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; encoding=utf-8
access-control-allow-origin
*
x-download-options
noopen
cache-control
no-store, no-cache, must-revalidate
timing-allow-origin
*
cf-ray
89d127344dfa03a6-FRA
preloads.js
shop.app/checkouts/internal/ 		0
575 B 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.app/checkouts/internal/preloads.js?locale=en-US&shop_id=63625199866
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:ff00:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Origin
https://www.candywarehouse.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing
cfRequestDuration;dur=41.000128, ipv6
alt-svc
h3=":443"; ma=86400
content-length
0
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RVTPkuRCh5i2YfA9o%2BNZLEDBbKqBvcPUM9NKxz2%2BIRffdrAIGIJ1cNKqhTR2dhnWBMNUjHvpqj6OWfQTr5upw7af%2FnwWqP9Es5nmTPOmMwOT8y%2B%2Bm%2BS%2FnY5HsKQfAaTnM%2FUpPydA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=60
timing-allow-origin
*
cf-ray
89d127359ecf18b3-FRA
load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js
www.candywarehouse.com/cdn/shopifycloud/shopify/assets/storefront/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cdn/shopifycloud/shopify/assets/storefront/load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Origin
https://www.candywarehouse.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
4275739
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=90.316, imageryFetch;dur=38.169, cfRequestDuration;dur=22.000074
alt-svc
h3=":443"; ma=86400
content-length
3324
x-xss-protection
1; mode=block
x-request-id
61dc225e-86fe-4018-9d9e-ae1b8f925530-1715639751
last-modified
Mon, 13 May 2024 22:35:51 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XVVTopFpwMiOSEst3L6kJ%2BuKzhaY0M1Yl%2FL29m1sErSCgG9cU%2BgHb80U9h5GLjSgRWDC6t9D%2BmVcGmCaTfqUVktkS2d6Hjcz8%2FbWybChJLyvZezYtTC0fjKvMIF0OS8o5eeCG3NXJFo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
cf-ray
89d127353f6403a6-FRA
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js>; rel="canonical"
x-sorting-hat-podid
-1
storefront-80e528be853eac23af2454534897ca9536b1d3d04aa043b042f34879a3c111c8.js
www.candywarehouse.com/cdn/shopifycloud/shopify/assets/shopify_pay/ 		51 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cdn/shopifycloud/shopify/assets/shopify_pay/storefront-80e528be853eac23af2454534897ca9536b1d3d04aa043b042f34879a3c111c8.js?v=20220906
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Origin
https://www.candywarehouse.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
age
1827709
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=302.794, imageryFetch;dur=31.855, cfRequestDuration;dur=25.000095
alt-svc
h3=":443"; ma=86400
content-length
18677
x-xss-protection
1; mode=block
x-request-id
05b26f06-50f9-48aa-ac2f-04059415fb2a-1715618548
last-modified
Mon, 13 May 2024 16:42:28 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WnwKxUuDGtCJz9DkOM8KZKSyxG70%2FaihX1hhrMx50qTtkEryq7s7%2BhkQlTGFseKuR0ozRWns%2BzK%2FMK3Bdzbl3se49v9gG6%2BRN9NCh9SxcBoGHt%2BfDp7VX%2FkhUrZG6BJKtEugt9cKUhk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
cf-ray
89d12735aff203a6-FRA
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/shopify_pay/storefront-80e528be853eac23af2454534897ca9536b1d3d04aa043b042f34879a3c111c8.js>; rel="canonical"
x-sorting-hat-podid
-1
klaviyo.js
static.klaviyo.com/onsite/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=RZNRPP
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
base-uri 'none'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Tue, 02 Jul 2024 19:48:24 GMT
age
1376
x-cache
HIT, HIT
content-length
1060
x-served-by
cache-lga21982-LGA, cache-fra-etou8220087-FRA
server
nginx
x-timer
S1719949705.759624,VS0,VE1
etag
"424dbb409fb7d1a57aa5ec77b888aa42"
allow
GET, OPTIONS
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
content-language
en-us
cache-control
max-age=1, stale-while-revalidate=10800
access-control-allow-credentials
true
content-type
application/javascript
vary
Accept-Encoding
accept-ranges
bytes
access-control-allow-headers
x-cache-hits
37, 0
acc-main.js
cdn.shopify.com/extensions/78e627ff-d595-4a0a-a5b6-f84514d21739/accessibly-12/assets/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/extensions/78e627ff-d595-4a0a-a5b6-f84514d21739/accessibly-12/assets/acc-main.js
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:ff01:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
558313
server-timing
imagery;dur=64.333, imageryFetch;dur=39.524, cfRequestDuration;dur=54.000139, ipv6
alt-svc
h3=":443"; ma=86400
content-length
3520
x-xss-protection
1; mode=block
x-request-id
64958ede-3bf2-4b25-aa3d-6775c6fbd112-1719391384
last-modified
Wed, 26 Jun 2024 08:43:04 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7VSg%2FyVm7ChvCfxUGq9vBEOsfG9MG0MEiGPdNQ%2B8oEULDVmJUTXXhHz7smHzD1HvC1DgTS1OOue56z6kmOg8kJwyONTDV3hR%2B8cpk2bujK%2BTAkKYN3UxIbbzhmJhC7NUKxnMSKq9H36SEQBLGg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/78e627ff-d595-4a0a-a5b6-f84514d21739/accessibly-12/assets/acc-main.js>; rel="canonical"
cf-ray
89d127364dc51da0-FRA
globo.alsobought.min.js
cdn.shopify.com/extensions/9679c128-060d-44e7-a513-e729eaaa02a7/glo-related-products-upsell-58/assets/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/extensions/9679c128-060d-44e7-a513-e729eaaa02a7/glo-related-products-upsell-58/assets/globo.alsobought.min.js
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
997394
server-timing
imagery;dur=71.040, imageryFetch;dur=49.891, cfRequestDuration;dur=30.999899
alt-svc
h3=":443"; ma=86400
content-length
2894
x-xss-protection
1; mode=block
x-request-id
ddf2d9a0-8753-411f-bd44-919abbd6bdd2-1718952285
last-modified
Fri, 21 Jun 2024 06:44:45 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EDuVpLqTVmO1sbNU5TUC9F2WjiSEyZ6hvhfRwytA0tTFoSbXcQIeGXC9K2AzDhsPK8rctDkCSvemRz43ZDQcCEqzbrNEWXz90qP9FKTTOvRm3CuRr5C5%2BRX3jwUrDGtVLg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/9679c128-060d-44e7-a513-e729eaaa02a7/glo-related-products-upsell-58/assets/globo.alsobought.min.js>; rel="canonical"
cf-ray
89d12736ed4c44fe-TXL
optimizer.js
cdn.shopify.com/s/files/1/0617/7298/8603/files/ 		1 KB
977 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0617/7298/8603/files/optimizer.js?v=1659207041
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:ff01:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4180326c8a66f760ed87ecd74b5b3dec948ce15f898e1576c70fc50003ed6e43
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-east1
age
4308540
server-timing
imagery;dur=63.121, imageryFetch;dur=35.627, cfRequestDuration;dur=29.999971, ipv6
alt-svc
h3=":443"; ma=86400
content-length
466
x-xss-protection
1; mode=block
x-request-id
3300df57-1c59-4b2d-aef0-f50c2db3015c-1715641164
last-modified
Fri, 03 May 2024 21:51:27 GMT
server
cloudflare
x-shopid
61772988603
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uCDtZqWzE0%2BFZWO5IjrH0bPGSOhGhnbTDLoLO4Q3ytQGbwTfg2LISbiHiROj68joPrcGWdjLhQBq61eSpd28NT3pFSO1OB6kAGuJ25oCZIwOrGkFdgHPqTXwZsb2vr0hqz95mFnyVj6DKSiQyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0617/7298/8603/files/optimizer.js>; rel="canonical"
cf-ray
89d12731ee7b1da0-FRA
turnto.js
widgets.turnto.com/v5/widgets/pgKKi1tJis5MWYCsite/js/ 		0
0
kgahhi0m4cbvjsue85p9fpeof2exc8pd.js
code.tidio.co/ 		0
0
shopify-afterpay-javascript.js
static.afterpay.com/ 		34 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.afterpay.com/shopify-afterpay-javascript.js
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:dfb3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13e13534966a74c4020150eff6fd80a60342ef3a2eb86812b61fe352d56a7848
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
via
1.1 7115bbde016dc7107bc64db76ba40c56.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
x-amz-meta-jets3t-original-file-date-iso8601
2024-02-15T05:33:38.221Z
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P7
age
48331
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-meta-md5-hash
786b1dfa3257f90ae460229a72ab537a
last-modified
Thu, 15 Feb 2024 05:34:53 GMT
server
cloudflare
etag
W/"786b1dfa3257f90ae460229a72ab537a"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=3600
cf-ray
89d127328be88fd4-FRA
x-amz-cf-id
WmDrKJWl2juQ_Bj3YYVhMyKQF8-eNVnF_zrl42EawytRF_lxhMsFnA==
expires
Tue, 02 Jul 2024 20:48:24 GMT
update.js
www.candywarehouse.com/cart/ 		73 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.candywarehouse.com/cart/update.js
Requested by
Host: www.candywarehouse.com
URL: https://www.candywarehouse.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=769a5d3f-d8e2-4a50-b33c-531b12a79363-1719949704
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=769a5d3f-d8e2-4a50-b33c-531b12a79363-1719949704

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.candywarehouse.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 02 Jul 2024 19:48:24 GMT
strict-transport-security
max-age=7889238
x-content-type-options
nosniff
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=769a5d3f-d8e2-4a50-b33c-531b12a79363-1719949704
content-encoding
gzip
x-permitted-cross-domain-policies
none
x-dc
gcp-europe-west3,gcp-us-central1,gcp-us-central1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
server-timing
processing;dur=166, cfRequestDuration;dur=307.000160
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block; report=/xss-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=769a5d3f-d8e2-4a50-b33c-531b12a79363-1719949704
x-sorting-hat-shopid
63625199866
x-request-id
769a5d3f-d8e2-4a50-b33c-531b12a79363-1719949704
x-shardid
249
server
cloudflare
x-shopid
63625199866
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
content-language
en-US
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=60LaBYB%2FZmKbIzh%2F4n7UlcOu1HGM2Keis5rGK%2FfjRbyxgNH9YTYS3FLJblSZUMaP%2FOtHbmbgW4AEGbhB4kgcU9xTOBxU7b1ueeeOfjlwhg9PStwylHIlZExjq5rUF8Awp6NJNqCf45Y%3D"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
89d127331bfa03a6-FRA
x-sorting-hat-podid
249
templates.8A3Q1f8y1j.js
searchanise-ef84.kxcdn.com/ 		0
0
jquery-3.6.0.min.js
ajax.aspnetcdn.com/ajax/jQuery/ 		0
0
preload_data.8A3Q1f8y1j.js
searchanise-ef84.kxcdn.com/ 		0
0
Primary Request firewallAccessDenied
store.xecurify.com/moas/shopify/ 		815 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://store.xecurify.com/moas/shopify/firewallAccessDenied
Requested by
Host: store.xecurify.com
URL: https://store.xecurify.com/moas/rest/shopify/check?shop=candywarehouseinc.myshopify.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.82.41.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-41-4.compute-1.amazonaws.com
Software
Apache/2.4.58 () OpenSSL/3.0.8 /
Resource Hash
6cbc5e6b9e146bfadcd25ba6475212fb301b4de60c9bf8bc3233a6bbb3dd1089

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.candywarehouse.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Authorization
access-control-allow-methods
POST,GET,OPTIONS,DELETE,PUT
access-control-max-age
3600
content-language
en
content-length
815
content-type
text/html;charset=UTF-8
date
Tue, 02 Jul 2024 19:48:24 GMT
server
Apache/2.4.58 () OpenSSL/3.0.8
login
store.xecurify.com/moas/
Redirect Chain
  • https://store.xecurify.com/moas/shopify/style.css
  • https://store.xecurify.com/moas/initialize
  • https://store.xecurify.com/moas/login
12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://store.xecurify.com/moas/login
Requested by
Host: store.xecurify.com
URL: https://store.xecurify.com/moas/shopify/firewallAccessDenied
Protocol
H2
Server
54.82.41.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-41-4.compute-1.amazonaws.com
Software
Apache/2.4.58 () OpenSSL/3.0.8 /
Resource Hash
c93130e0a5e4f350b5739b2cce71e1a1acde7f4fbb9172a4b8f2eb07269f7a51

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://store.xecurify.com/moas/shopify/firewallAccessDenied
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 02 Jul 2024 19:48:25 GMT
server
Apache/2.4.58 () OpenSSL/3.0.8
access-control-max-age
3600
access-control-allow-methods
POST,GET,OPTIONS,DELETE,PUT
content-language
en
content-type
text/html;charset=UTF-8
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Authorization

Redirect headers

date
Tue, 02 Jul 2024 19:48:25 GMT
server
Apache/2.4.58 () OpenSSL/3.0.8
access-control-max-age
3600
access-control-allow-methods
POST,GET,OPTIONS,DELETE,PUT
content-language
en
location
/moas/login
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Authorization
content-length
0
w3.css
www.w3schools.com/w3css/4/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.w3schools.com/w3css/4/w3.css
Requested by
Host: store.xecurify.com
URL: https://store.xecurify.com/moas/shopify/firewallAccessDenied
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.221 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6796) / ASP.NET
Resource Hash
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com;
X-Content-Security-Policy frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://store.xecurify.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com;
content-encoding
gzip
date
Tue, 02 Jul 2024 19:48:25 GMT
last-modified
Mon, 01 Jul 2024 06:42:20 GMT
server
ECS (frb/6796)
age
129494
etag
"0ee47d281cbda1:0+gzip"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
cache-control
public,max-age=31536000,public
accept-ranges
bytes
content-length
5256
x-content-security-policy
frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com;
favicon.ico
store.xecurify.com/ 		0
554 B 		Other
General
Check archive.org
Download Go to
Full URL
https://store.xecurify.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.82.41.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-41-4.compute-1.amazonaws.com
Software
Apache/2.4.58 () OpenSSL/3.0.8 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://store.xecurify.com/moas/shopify/firewallAccessDenied
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 19:48:25 GMT
server
Apache/2.4.58 () OpenSSL/3.0.8
access-control-max-age
3600
access-control-allow-methods
POST,GET,OPTIONS,DELETE,PUT
content-type
image/vnd.microsoft.icon
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Authorization
content-length
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
widgets.turnto.com
URL
https://widgets.turnto.com/v5/widgets/pgKKi1tJis5MWYCsite/js/turnto.js
Domain
code.tidio.co
URL
https://code.tidio.co/kgahhi0m4cbvjsue85p9fpeof2exc8pd.js?extensionVersion=1.3.0
Domain
searchanise-ef84.kxcdn.com
URL
https://searchanise-ef84.kxcdn.com/templates.8A3Q1f8y1j.js
Domain
ajax.aspnetcdn.com
URL
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js
Domain
searchanise-ef84.kxcdn.com
URL
https://searchanise-ef84.kxcdn.com/preload_data.8A3Q1f8y1j.js

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

16 Cookies

Domain/Path Name / Value
store.xecurify.com/moas Name: JSESSIONID
Value: 384c58765d8e4ba49eeb81741d46dcc5
www.candywarehouse.com/ Name: keep_alive
Value: 3ec473b4-e41f-472e-9120-1c296d65f3d1
www.candywarehouse.com/ Name: secure_customer_sig
Value:
www.candywarehouse.com/ Name: localization
Value: US
www.candywarehouse.com/ Name: cart_currency
Value: USD
.candywarehouse.com/ Name: _tracking_consent
Value: %7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22DE%22%2C%22reg%22%3A%22GDPR%22%7D
.candywarehouse.com/ Name: _cmp_a
Value: %7B%22purposes%22%3A%7B%22p%22%3Atrue%2C%22a%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D
.candywarehouse.com/ Name: _shopify_y
Value: fd2f140b-2ef5-4568-bfe9-17b7d7954b01
.candywarehouse.com/ Name: _shopify_s
Value: 74c4d054-cb15-4d8f-9723-07e3721b984c
.candywarehouse.com/ Name: _orig_referrer
Value:
.candywarehouse.com/ Name: _landing_page
Value: %2F
www.candywarehouse.com/ Name: receive-cookie-deprecation
Value: 1
.afterpay.com/ Name: __cf_bm
Value: yjdqnUYPOsSYshuWmGunoFwD3G5HFabBQRc0dtk2Mo4-1719949704-1.0.1.1-yrPXZtPDW49RsJtcSQovsfo9v5RAUZAJLhFPqyrodZztKzP7Xbmgk0Ylaz3BcG7PWg7AFUNMYw6LH3XgV5eWbla1CITjC798jSjEHQ2Ar0E
.afterpay.com/ Name: _cfuvid
Value: 3QVc39KaO6sw1zCTbh3PnyfkZoITJmIG9KzimofNWA4-1719949704149-0.0.1.1-604800000
store.xecurify.com/ Name: AWSALB
Value: 7G99FdI+50b71/k+RbMN90o77lDy6yPxObqWXdUttoSby3ukncBnRfNh8qSRJG0lYetAkTV0c+Q/l5qw+oo5MVhYfx4cjvxj+G2yTmJspannzohw67k1SnC1/QD5
store.xecurify.com/ Name: AWSALBCORS
Value: 7G99FdI+50b71/k+RbMN90o77lDy6yPxObqWXdUttoSby3ukncBnRfNh8qSRJG0lYetAkTV0c+Q/l5qw+oo5MVhYfx4cjvxj+G2yTmJspannzohw67k1SnC1/QD5

2 Console Messages

Source Level URL
Text
network error URL: https://www.candywarehouse.com/cart/update.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://store.xecurify.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
candyapples.net
cdn.shopify.com
code.jquery.com
code.tidio.co
searchanise-ef84.kxcdn.com
searchserverapi.com
shop.app
static.afterpay.com
static.klaviyo.com
store.xecurify.com
widgets.turnto.com
www.candywarehouse.com
www.w3schools.com
ajax.aspnetcdn.com
code.tidio.co
searchanise-ef84.kxcdn.com
widgets.turnto.com
15.197.225.128
151.101.66.133
184.95.45.52
192.229.133.221
23.227.38.74
23.227.60.200
2606:4700::6810:dfb3
2620:127:f00f:e::
2620:127:f00f:ff00::
2620:127:f00f:ff01::
2a04:4e42::649
54.82.41.4
01cf1f54304ab4b7e789be250b6af18be10a1e5e53374dd772fce9562ae5dd2a
13e13534966a74c4020150eff6fd80a60342ef3a2eb86812b61fe352d56a7848
2093cce11df69f1ef401044631c181b025b9aa567b3d45d0476ae56c066203c3
226e45a90f334806b17268e14ef268079c96729409f0c3247ec3f8da1aba705c
3483b757b1586ee1d1b7d03f4af6ca62c5b9e969caceca893218dd3ac787422f
4180326c8a66f760ed87ecd74b5b3dec948ce15f898e1576c70fc50003ed6e43
5a4db641e64aba04fb37b4cb9ec067c6182690d88b41d961390a4a72981599c9
611efaba058b379469b79bd0f3b8c001c08a73ed4bc1d7d17f9035dc8fbae236
6cbc5e6b9e146bfadcd25ba6475212fb301b4de60c9bf8bc3233a6bbb3dd1089
7cff72db9ac4cb08ac60c0587b43e915c6905477e5ef6aac89bfb9e2480a8342
838b1fd9682ea2ccc8dac94a93929838786e96e2dd6bb686eec1157f33e2ba1e
b6454dcf50a0b2a73cae632fe1bbed47800e9434864e8693c6ba6c4480c47f9e
bdac22006f59b004f0eda365219f37f97722979926f2ae448836936a704562f9
c0033c6aa9420454e9735a56a8df8ec120f50b57e762a683c95e32c00064a8dc
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5
c93130e0a5e4f350b5739b2cce71e1a1acde7f4fbb9172a4b8f2eb07269f7a51
cd1131db170033a158806fa2c201313d8061df3abb205265b6aa25eb04a0a38c
d0f2e421d977757f17c8387d9eed4f425745e6460e1c5704d7219178633fe7d9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e