urlscan.io logo urlscan.io
SecurityTrails logo

order.cava.com Open in urlscan Pro
13.32.121.35  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ablink.em.cava.com/ls/click?upn=5MAHN7XU6fbNRZa0TYHZV7Y85n15LLe7xRbsNQ61vuegcBWFAkAkdQN7gkMm5iN57LmM_ZZlN0-2FN7-2Fb...
Effective URL: https://order.cava.com/stores
Submission: On October 02 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 32 IPs in 5 countries across 24 domains to perform 58 HTTP transactions. The main IP is 13.32.121.35, located in United States and belongs to AMAZON-02, US. The main domain is order.cava.com. The Cisco Umbrella rank of the primary domain is 301487.
TLS certificate: Issued by Amazon on June 7th 2022. Valid for: a year.
This is the only time order.cava.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:212... 16509 (AMAZON-02)
8 13.32.121.35 16509 (AMAZON-02)
1 52.222.206.51 16509 (AMAZON-02)
1 142.250.180.226 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:11a... 20940 (AKAMAI-ASN1)
1 2a02:26f0:11a... 20940 (AKAMAI-ASN1)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a03:2880:f01... 32934 (FACEBOOK)
1 159.53.117.101 7743 (JPMORGAN-...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 199.232.136.157 54113 (FASTLY)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 6 2600:9000:225... 16509 (AMAZON-02)
1 52.25.118.14 16509 (AMAZON-02)
1 52.222.225.250 16509 (AMAZON-02)
1 4 2620:1ec:c11:... 8068 (MICROSOFT...)
3 23.36.163.153 20940 (AKAMAI-ASN1)
1 2a00:1450:402... 15169 (GOOGLE)
3 2a03:2880:f12... 32934 (FACEBOOK)
4 35.190.43.134 15169 (GOOGLE)
1 104.244.42.5 13414 (TWITTER)
1 104.244.42.67 13414 (TWITTER)
1 34.249.72.138 16509 (AMAZON-02)
2 2620:1ec:bdf::45 8068 (MICROSOFT...)
1 34.213.121.197 16509 (AMAZON-02)
2 20.75.32.255 8075 (MICROSOFT...)
1 2 20.234.93.27 8075 (MICROSOFT...)
58 32
1    2600:9000:2127:7200:e:6d34:4580:93a1 (United States)

ASN16509 (AMAZON-02, US)
ablink.em.cava.com
8    13.32.121.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-35.fra60.r.cloudfront.net
order.cava.com
1    52.222.206.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-51.fra56.r.cloudfront.net
d2wy8f7a9ursnm.cloudfront.net
1    142.250.180.226 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s34-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:400e:80c::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a02:26f0:11a::6867:4841 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
1    2a02:26f0:11a::6867:4848 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
1    2606:4700::6812:27 (United States)

ASN13335 (CLOUDFLARENET, US)
api.cava.com
3    2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    159.53.117.101 (United States)

ASN7743 (JPMORGAN-AS7743, US)
safetechpageencryption.chasepaymentech.com
2    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    2a06:98c1:3120::c (United States)

ASN13335 (CLOUDFLARENET, US)
siteimproveanalytics.com
1    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:400d:80a::2004 (Ireland)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
6    2600:9000:225e:e000:6:9280:1080:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.adroll.com
1    52.25.118.14 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-118-14.us-west-2.compute.amazonaws.com
ads.nextdoor.com
1    52.222.225.250 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-225-250.fra56.r.cloudfront.net
sc-static.net
4    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
c.bing.com
3    23.36.163.153 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-153.deploy.static.akamaitechnologies.com
analytics.tiktok.com
1    2a00:1450:4025:401::9b (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
4    35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com
tr.snapchat.com
1    104.244.42.5 (United States)

ASN13414 (TWITTER, US)
t.co
1    104.244.42.67 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    34.249.72.138 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-72-138.eu-west-1.compute.amazonaws.com
d.adroll.com
2    2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    34.213.121.197 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-213-121-197.us-west-2.compute.amazonaws.com
flask.nextdoor.com
2    20.75.32.255 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
b.clarity.ms
2    20.234.93.27 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
Apex Domain
Subdomains		 Transfer
10 cava.com
ablink.em.cava.com
order.cava.com — Cisco Umbrella Rank: 301487
api.cava.com — Cisco Umbrella Rank: 169763
2 MB
7 adroll.com
s.adroll.com — Cisco Umbrella Rank: 2474
d.adroll.com — Cisco Umbrella Rank: 1483
21 KB
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 561
b.clarity.ms — Cisco Umbrella Rank: 5238
c.clarity.ms — Cisco Umbrella Rank: 1017
26 KB
4 snapchat.com
tr.snapchat.com — Cisco Umbrella Rank: 955
1 KB
4 bing.com
bat.bing.com — Cisco Umbrella Rank: 378
c.bing.com — Cisco Umbrella Rank: 224
13 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
237 B
3 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 947
97 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
195 KB
2 nextdoor.com
ads.nextdoor.com — Cisco Umbrella Rank: 6468
flask.nextdoor.com — Cisco Umbrella Rank: 6326
3 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 6301
611 B
2 google.com
www.google.com — Cisco Umbrella Rank: 2
655 B
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
stats.g.doubleclick.net — Cisco Umbrella Rank: 79
2 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 28
20 KB
2 typekit.net
use.typekit.net — Cisco Umbrella Rank: 448
p.typekit.net — Cisco Umbrella Rank: 588
1 KB
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 540
394 B
1 t.co
t.co — Cisco Umbrella Rank: 495
377 B
1 sc-static.net
sc-static.net — Cisco Umbrella Rank: 971
9 KB
1 siteimproveanalytics.com
siteimproveanalytics.com — Cisco Umbrella Rank: 3086
752 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 624
15 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
79 KB
1 chasepaymentech.com
safetechpageencryption.chasepaymentech.com — Cisco Umbrella Rank: 58495
911 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 41
1 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 129
17 KB
1 cloudfront.net
d2wy8f7a9ursnm.cloudfront.net
3 KB
58 24
Domain Requested by
8 order.cava.com order.cava.com
6 s.adroll.com 2 redirects www.googletagmanager.com
order.cava.com
s.adroll.com
4 tr.snapchat.com sc-static.net
order.cava.com
3 www.facebook.com order.cava.com
3 analytics.tiktok.com order.cava.com
analytics.tiktok.com
3 bat.bing.com order.cava.com
bat.bing.com
3 connect.facebook.net order.cava.com
connect.facebook.net
2 c.clarity.ms 1 redirects
2 b.clarity.ms www.clarity.ms
2 www.clarity.ms bat.bing.com
www.clarity.ms
2 www.google.de order.cava.com
2 www.google.com order.cava.com
2 www.google-analytics.com order.cava.com
www.google-analytics.com
1 c.bing.com 1 redirects
1 flask.nextdoor.com order.cava.com
1 d.adroll.com s.adroll.com
1 analytics.twitter.com order.cava.com
1 t.co order.cava.com
1 stats.g.doubleclick.net www.google-analytics.com
1 sc-static.net www.googletagmanager.com
1 ads.nextdoor.com www.googletagmanager.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 siteimproveanalytics.com order.cava.com
1 static.ads-twitter.com order.cava.com
1 www.googletagmanager.com order.cava.com
1 safetechpageencryption.chasepaymentech.com order.cava.com
1 api.cava.com order.cava.com
1 p.typekit.net use.typekit.net
1 use.typekit.net order.cava.com
1 fonts.googleapis.com order.cava.com
1 www.googleadservices.com order.cava.com
1 d2wy8f7a9ursnm.cloudfront.net order.cava.com
1 ablink.em.cava.com 1 redirects
58 33

This site contains no links.

Subject Issuer Validity Valid
*.cava.com
Amazon		 2022-06-07 -
2023-07-06		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-14 -
2023-10-15		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-28 -
2023-05-28		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-07-11 -
2022-10-09		 3 months crt.sh
safetechpageencryption.chasepaymentech.com
Entrust Certification Authority - L1M		 2022-08-12 -
2023-08-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-22 -
2023-08-22		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
s.adroll.com
Amazon		 2022-07-03 -
2023-08-01		 a year crt.sh
nextdoor.com
Amazon		 2022-05-05 -
2023-06-02		 a year crt.sh
sc-static.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-27 -
2023-01-27		 a year crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2022-09-03 -
2023-03-03		 6 months crt.sh
*.tiktok.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2021-12-13 -
2023-01-13		 a year crt.sh
*.google.de
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.snap.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-08-16 -
2023-08-16		 a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
adroll.mgr.consensu.org
Amazon		 2022-08-10 -
2023-09-08		 a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-27 -
2023-02-27		 a year crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 02		 2022-06-07 -
2023-06-02		 a year crt.sh

This page contains 2 frames:

Primary Page: https://order.cava.com/stores
Frame ID: 9887D9F75FA5AB3F4400ABBC9216D7D3
Requests: 56 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=247fc463-f9aa-46d7-af26-5f2e463ede4b&u_scsid=be91f252-bd88-47e5-8355-a4a3233f85ea&u_sclid=11b4b5f5-e598-4995-8474-00158c394a1f
Frame ID: 3AE5A73DB52D1B0D052A2E444A249006
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

CAVA | Order Online

Page URL History Show full URLs

  1. https://ablink.em.cava.com/ls/click?upn=5MAHN7XU6fbNRZa0TYHZV7Y85n15LLe7xRbsNQ61vuegcBWFAkAkdQN7gkMm5iN... HTTP 302
    https://order.cava.com/stores Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • (?:a|s)\.adroll\.com
Overall confidence: 100%
Detected patterns
  • /bugsnag.*\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Page Statistics

58
Requests

93 %
HTTPS

53 %
IPv6

24
Domains

33
Subdomains

32
IPs

5
Countries

2792 kB
Transfer

3875 kB
Size

24
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ablink.em.cava.com/ls/click?upn=5MAHN7XU6fbNRZa0TYHZV7Y85n15LLe7xRbsNQ61vuegcBWFAkAkdQN7gkMm5iN57LmM_ZZlN0-2FN7-2FbcSnrx80agdSmBIh75LbCS0RWseRbIGM4qqt-2FGRbvmaiP3IRtaVnJznfXdZLYUi1g1h7YwXYoGlV4yugZPO-2BxwOFr-2BAUTZhqEmoTpaCox8fU1tRJdKJnepKsEjsJr2xXHuo-2BbO0xhVzUhX0qPnGWOe7jwiauYQkBgHXcGbsQkaF5kQCdJ-2Bw6fpmMXUBTjrHRNsQ6Cg4r-2BqWiZbLZ2-2F6WfRICpNHs56zRLxZ-2FLwc6Z2Rrv-2Fq6xmC4gNYr-2F2bW71YIrYvjNQSkJWfjpIqmyDhSj5L2YM86ULzWsZ5VlmhGXug2fyZ7nOflydCjFtgdDhm-2B7V0oKudYjKWUrzO-2FWfsrUgdqd5nc0T7yB6rY9hghcyMFLlhr053VEIWzXVpbHXas-2Boow-2BMaLnPn8jFhKIEkSPX4uKRA89nu0xBOFzxkopE6jR-2BV2X5R6TWTCXF57Zfq9Qq1ce36nCg8oSYntIkDtnRdhncbolkieXiME4CyL2l6udOkRzC9dJySDr3MkIDwxUPdAATy2cyoFNWj1TkTSiuyPW111UsV-2FsAeuWyl2LyS39nZ9sKLivEtXXVXhasVqlcK-2FtI0PUq2s0iWZlLB9juVQFhOp9g8Q-2Bl-2F1Ujh42LfX4p7sFHE6zNedMahrWsIe5uy-2BzHuSjuIXA-3D-3D HTTP 302
    https://order.cava.com/stores Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42
  • https://s.adroll.com/j/exp/IFFH3LRNVNEK5DGHSDNZYU/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 43
  • https://s.adroll.com/j/pre/IFFH3LRNVNEK5DGHSDNZYU/DF622QT2ORHCDLKDC3DDPR/fpconsent.js HTTP 302
  • https://s.adroll.com/j/pre/index.js
Request Chain 55
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?CtsSyncId=10F87FE46A8C4473A7D6C2115FF72B99&RedC=c.clarity.ms&MXFR=157BDE5D9FDB633C03F4CC6C9BDB6DE2 HTTP 302
  • https://c.clarity.ms/c.gif?CtsSyncId=10F87FE46A8C4473A7D6C2115FF72B99&MUID=095CD60CD5386E782F75C43DD4536F41

58 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request stores
order.cava.com/
Redirect Chain
  • https://ablink.em.cava.com/ls/click?upn=5MAHN7XU6fbNRZa0TYHZV7Y85n15LLe7xRbsNQ61vuegcBWFAkAkdQN7gkMm5iN57LmM_ZZlN0-2FN7-2FbcSnrx80agdSmBIh75LbCS0RWseRbIGM4qqt-2FGRbvmaiP3IRtaVnJznfXdZLYUi1g1h7YwXYo...
  • https://order.cava.com/stores
3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://order.cava.com/stores
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-35.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ad84e11e1216ec57802a6c2ce2a50bcf18a2ac1df34e4e1a01e4f19db9d720d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=600, no-transform, public
Connection
keep-alive
Content-Length
3384
Content-Type
text/html; charset=utf-8
Date
Sun, 02 Oct 2022 01:32:58 GMT
ETag
"3d475fc128eee088cf981d4fab7e5ca0"
Last-Modified
Thu, 15 Sep 2022 10:47:27 GMT
Server
AmazonS3
Via
1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
X-Amz-Cf-Id
EaACpClwdx6SI2GY1PcYI1JOKU0TE75ao-gz9P8V4JlOmE8XjWNl4Q==
X-Amz-Cf-Pop
FRA60-P1
X-Cache
Error from cloudfront

Redirect headers

content-length
52
content-type
text/html; charset=utf-8
date
Sun, 02 Oct 2022 01:32:56 GMT
location
https://order.cava.com/stores
server
nginx
via
1.1 2a5c925255bb252ff0ed65977311f74e.cloudfront.net (CloudFront)
x-amz-cf-id
z2Icil0XjBoB2VkpMxTnvnYgUMqDjL09K3YsYoIxj6ZD2w9EEHR7LA==
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
x-robots-tag
noindex, nofollow
app.261afcd9cd83ed91bbce.css
order.cava.com/ 		142 KB
142 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://order.cava.com/app.261afcd9cd83ed91bbce.css
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-35.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5f33551a5514d0aee9d262afdf6ccd18a98b7c92ea20b8f0f886caaef90d9d01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/stores
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Sun, 02 Oct 2022 01:32:58 GMT
Via
1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
Last-Modified
Thu, 15 Sep 2022 10:47:29 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P1
ETag
"2f20e850d7056828854cfda651c9b536"
X-Cache
RefreshHit from cloudfront
Content-Type
text/css; charset=utf-8
Cache-Control
max-age=31536000, no-transform, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
145112
X-Amz-Cf-Id
wEIGrP03-VwEpzZyg_e9jm6xfphACYEs-GCOoVuT483r2j05JXXJDA==
bugsnag-2.min.js
d2wy8f7a9ursnm.cloudfront.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.222.206.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-206-51.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Tue, 27 Sep 2022 15:53:21 GMT
Content-Encoding
gzip
Via
1.1 6851af5c4f6d355fa4ec39cc8cc0c358.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA56-P3
Age
380377
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
2962
Last-Modified
Wed, 10 Aug 2016 00:30:49 GMT
Server
AmazonS3
ETag
"6103bb5e4ec6141e19e1100caafc780c"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Amz-Cf-Id
GjiogvavpKJBs5GPBRHjTZYTKec5Gcf1WhIbGr67ZAi62KNlkBBdpQ==
app.261afcd9cd83ed91bbce.js
order.cava.com/ 		2 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://order.cava.com/app.261afcd9cd83ed91bbce.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-35.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5fa70938a0771d1fe9539d4b72fcf215248aae7f482b663537a17a8a0ab2779b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/stores
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Sun, 02 Oct 2022 01:32:58 GMT
Via
1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
Last-Modified
Thu, 15 Sep 2022 10:47:29 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P1
ETag
"49d5499374d9351dde2fe1e0528cab75"
X-Cache
RefreshHit from cloudfront
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=31536000, no-transform, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1966873
X-Amz-Cf-Id
3z3VeQapkMCdPDcWmJeIPntaWTEsNhnjDJytg05DA0Vs2EEsGdcX7Q==
conversion.js
www.googleadservices.com/pagead/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.180.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s34-in-f2.1e100.net
Software
cafe /
Resource Hash
44f327eeeb995eabd2810452b355ca82979280a4d7def1bd980d3897e6999af6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:57 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16840
x-xss-protection
0
server
cafe
etag
11313833467736987248
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 02 Oct 2022 01:32:57 GMT
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Serif
Requested by
Host: order.cava.com
URL: https://order.cava.com/app.261afcd9cd83ed91bbce.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a3e0fbb31ea7229f433a1ea02fb9d52c4864862ec41c07a27cadcf990d10c28e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 02 Oct 2022 01:32:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 02 Oct 2022 01:02:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 02 Oct 2022 01:32:57 GMT
emb7nel.css
use.typekit.net/ 		2 KB
870 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/emb7nel.css
Requested by
Host: order.cava.com
URL: https://order.cava.com/app.261afcd9cd83ed91bbce.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a::6867:4841 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
affb4822fa0ce3098029af18a7b75fd34f76ddcec2ac33831c8c13848ebd979b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Sun, 02 Oct 2022 01:32:58 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
638
p.css
p.typekit.net/ 		5 B
195 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=emb7nel&ht=tk&f=10881.10882&a=3405817&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/emb7nel.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a::6867:4848 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

unused62
8096267
date
Sun, 02 Oct 2022 01:32:58 GMT
last-modified
Sat, 16 Oct 2021 08:18:43 GMT
server
nginx
etag
"616a8ae3-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
register
api.cava.com/api/device/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.cava.com/api/device/register
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://order.cava.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
7539aff26f599079-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 02 Oct 2022 01:32:58 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
fbevents.js
connect.facebook.net/en_US/ 		101 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Oct 2022 01:32:58 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26840
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
Dmcy9kAXFV2le/pJHsTG2HH2Tl8Xeqh3c/s5AulvJq5MtnSUSr+jKDuQpRiZzvFIOKlfqNr94DZV9E+9g0gO9A==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
getkey.js
safetechpageencryption.chasepaymentech.com/pie/v1/64750000001815/ 		851 B
911 B 		Script
General
Check archive.org
Download Go to
Full URL
https://safetechpageencryption.chasepaymentech.com/pie/v1/64750000001815/getkey.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/app.261afcd9cd83ed91bbce.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.117.101 , United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software
/
Resource Hash
fbe282f01ad2520b2958e9dd402f789d3fbeff29fc643be2fe2d5ed572c1c0be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 02 Oct 2022 01:32:59 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
548
Expires
Thu, 01 Jan 1970 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/app.261afcd9cd83ed91bbce.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Oct 2022 01:01:59 GMT
last-modified
Sun, 11 Sep 2022 13:50:09 GMT
server
Golfe2
age
1859
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19826
expires
Sun, 02 Oct 2022 03:01:59 GMT
gtm.js
www.googletagmanager.com/ 		227 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5NX9NCP
Requested by
Host: order.cava.com
URL: https://order.cava.com/app.261afcd9cd83ed91bbce.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
edcd2f36805420607fa3a466d2f75a24efed4731165ae034ecfa8a4a9809d87f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
80165
x-xss-protection
0
last-modified
Sun, 02 Oct 2022 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 02 Oct 2022 01:32:58 GMT
register
api.cava.com/api/device/ 		0
0
5a1c8b97554f9e6dd3a74bbffd6e5257.svg
order.cava.com/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://order.cava.com/5a1c8b97554f9e6dd3a74bbffd6e5257.svg
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-35.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1fbb6c077b4a123bea8f94ccd90c31ab633efc6926b35884830758b52d036419

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/stores
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Sun, 02 Oct 2022 01:32:59 GMT
Via
1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
Last-Modified
Wed, 04 Jan 2017 19:32:59 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P1
ETag
"5a1c8b97554f9e6dd3a74bbffd6e5257"
X-Cache
RefreshHit from cloudfront
Content-Type
image/svg+xml
Cache-Control
max-age=315360000, no-transform, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4496
X-Amz-Cf-Id
5Wu9tykDhVyijiyw0-kH16enoHiPYuhHjynojyEI5Cdm1GqzG57yhw==
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:58 GMT
content-encoding
gzip
last-modified
Tue, 30 Aug 2022 15:04:19 GMT
etag
"d4de8398858246712016031c834bb061+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15317
x-served-by
cache-iad-kiad7000141-IAD, cache-hhn11550-HHN
siteanalyze_6020290.js
siteimproveanalytics.com/js/ 		48 B
752 B 		Script
General
Check archive.org
Download Go to
Full URL
https://siteimproveanalytics.com/js/siteanalyze_6020290.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d52994b327c797e0d0d410ace642d8cce0c0d3053b558ea94edf00a9ebde07d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:58 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
P1RRQZ4RQHRJSJVP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
68
x-amz-id-2
xcsRxQJpFr48l9RFgWvbBrt39G4zujyCxm/SaxhmaSPEIIhb6kDsorOVMNys+NyzNNLoGmEEuRk=
last-modified
Thu, 21 Jul 2022 10:38:02 GMT
server
cloudflare
etag
"0dd016e9f015564d85bf6b4135df054a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RXDu73OIYWQZSkGfBnugUbnqkLL%2FzejOcfQTHNyTWBhpeZacwrTg4msosQEZkvUNOuskwPueYCexQPddbKFRQzDj2LBvN6DDxc4j4WxiuRhkzBV%2BSb%2FqO8eVcsC5jrKdxqM%2FTe3ot04UNyZG0QxKYHihN9lXxuc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400, no-transform
accept-ranges
bytes
cf-ray
7539aff1e848bb5b-FRA
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/868720658/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/868720658/?random=1664674378473&cv=9&fst=1664674378473&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Forder.cava.com%2Fstores&tiba=CAVA%20%7C%20Order%20Online&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8a167d14ca92556f3632f17178f1a8b81bbbb6083b74075ba7108bc132ff323b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 02 Oct 2022 01:32:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1004
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
2bd1dc2b91930d6fcbf0c281f763ac4e.woff2
order.cava.com/ 		43 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://order.cava.com/2bd1dc2b91930d6fcbf0c281f763ac4e.woff2
Requested by
Host: order.cava.com
URL: https://order.cava.com/app.261afcd9cd83ed91bbce.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-35.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
038943028568899d9f97e37747d7cf59bde4a82f16435a5308f48408516d47f5

Request headers

Referer
https://order.cava.com/app.261afcd9cd83ed91bbce.css
Origin
https://order.cava.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Sun, 02 Oct 2022 01:32:59 GMT
Via
1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P1
X-Cache
Miss from cloudfront
Connection
keep-alive
Content-Length
44068
Last-Modified
Wed, 04 Jan 2017 19:32:58 GMT
Server
AmazonS3
ETag
"2bd1dc2b91930d6fcbf0c281f763ac4e"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, PUT
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, no-transform, public
Accept-Ranges
bytes
X-Amz-Cf-Id
9ty9UONgH6e5XkN1c9qndY9p0WhN807tSdKKL2XGZxyZpBmpdb6Gvg==
308432946216559
connect.facebook.net/signals/config/ 		293 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/308432946216559?v=2.9.84&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b35e4abee092a316233714cb6d2d6eb5de5ae9856b9d1726a2ee35f3de703a33
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 02 Oct 2022 01:32:58 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
6J6uj5H0NUej+jg3V5F8En/gDgRC+HxGewdZdSMsteRXo9/if4POHDqzlDFxIe1TU+zoM12MwTHJwk0hKWGnRA==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j97&a=839093863&t=pageview&_s=1&dl=https%3A%2F%2Forder.cava.com%2Fstores&dp=%2Fstores&ul=en-us&de=UTF-8&dt=CAVA%20%7C%20Order%20Online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=66452075&gjid=929435917&cid=87917523.1664674379&tid=UA-20771256-2&_gid=78733789.1664674379&_r=1&_slc=1&z=1752348634
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://order.cava.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 02 Oct 2022 01:32:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://order.cava.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/868720658/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/868720658/?random=1664674378473&cv=9&fst=1664672400000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Forder.cava.com%2Fstores&tiba=CAVA%20%7C%20Order%20Online&fmt=3&is_vtc=1&random=3109485600&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 02 Oct 2022 01:32:58 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/868720658/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/868720658/?random=1664674378473&cv=9&fst=1664672400000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Forder.cava.com%2Fstores&tiba=CAVA%20%7C%20Order%20Online&fmt=3&is_vtc=1&random=3109485600&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 02 Oct 2022 01:32:58 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
roundtrip.js
s.adroll.com/j/ 		54 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NX9NCP
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:e000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
97f1830c06fe2215ccc2dc9468a64ca11e2725b785f42978dbb996e736bdbf53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

X-Amz-Version-Id
_1pMdIg8ZKVWvWVsd.6_G47b4IRenbWR
Content-Encoding
gzip
Via
1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Date
Sun, 02 Oct 2022 01:29:49 GMT
Age
216
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Thu, 29 Sep 2022 16:19:02 GMT
Server
AmazonS3
Etag
W/"0cd31c666a232bba0fd6ab0fef962f75"
Vary
Accept-Encoding
Access-Control-Max-Age
600
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
jbLyk-yanF7FDwP9We81YyXGVAXOGbmhdFCz_bI3NINyl0tapIW1Qw==
ndp.js
ads.nextdoor.com/public/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.nextdoor.com/public/pixel/ndp.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NX9NCP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.25.118.14 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-25-118-14.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
09f4901e0b0dc161eee6f30ecb384c5e777f5768754b4583f7ccff038d7fc810
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.lightning.force.com nextdoor.com *.nextdoor.com nextdoor-test.com *.nextdoor-test.com;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:59 GMT
content-security-policy
frame-ancestors 'self' *.lightning.force.com nextdoor.com *.nextdoor.com nextdoor-test.com *.nextdoor-test.com;
content-encoding
gzip
last-modified
Thu, 29 Sep 2022 20:44:59 GMT
server
istio-envoy
etag
W/"633603cb-19c7"
vary
Accept-Encoding
content-type
application/javascript
x-envoy-upstream-service-time
1
scevent.min.js
sc-static.net/ 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NX9NCP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.225.250 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-225-250.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
6533db921fa04e1546686ca9111f2cc38032b09365026cf886e3b4d8f58020d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:58 GMT
content-encoding
gzip
via
1.1 82386e4e4f56a0c01411d1aea6f3fd46.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-P4
x-cache
LambdaGeneratedResponse from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
access-control-allow-headers
Content-Type
content-length
8757
x-amz-cf-id
igcjYAXMCA_NocQBUoODsFCnLiPfyp7yeWZ5io3GrWgRbU8a33nU_w==
bat.js
bat.bing.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Sun, 02 Oct 2022 01:32:57 GMT
last-modified
Thu, 28 Jul 2022 17:32:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 6A152A16A05D4165B60DECE2DA8AB359 Ref B: FRAEDGE1420 Ref C: 2022-10-02T01:32:58Z
etag
"80a8697a8a2d81:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
11367
events.js
analytics.tiktok.com/i18n/pixel/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8STODK02NERG4EK0OJ0&lib=ttq
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.163.153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-36-163-153.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a044d75c4cc763f8c041782e2d1416fc1dd2e161f3d62d031e828c5881750b2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-akamai-request-id
14612b3e.15dcdaeb
date
Sun, 02 Oct 2022 01:32:58 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-cache
TCP_MISS from a23-36-161-153.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
x-parent-response-time
93,23.36.161.153
server-timing
cdn-cache; desc=MISS, edge; dur=88, origin; dur=5, inner; dur=3
content-length
955
pragma
no-cache
server
nginx
x-tt-logid
20221002013258FFE6F69C6D9207B72C19
x-cache-remote
TCP_MISS from a23-220-104-209.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
5,23.220.104.209
x-tt-trace-host
01385de415a5676f228044e2b0b95088651170bc7c5aa867653d316ea95ac88f4b95f68583c9c55785cafd76adbf69e843ba13010fe3a4f2a42268b374e2e651d0537a014fe6dcf794ac4803a33f4f4b3cc3d1e194c3bf11a3b7a5782246033f42
expires
Sun, 02 Oct 2022 01:32:58 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-20771256-2&cid=87917523.1664674379&jid=66452075&gjid=929435917&_gid=78733789.1664674379&_u=YEBAAEAAAAAAAC~&z=2120979861
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4025:401::9b Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://order.cava.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sun, 02 Oct 2022 01:32:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://order.cava.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
720101308646521
connect.facebook.net/signals/config/ 		293 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/720101308646521?v=2.9.84&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f768585b1536bd4863fdf22962ddc86d9216ecbeac81d22aacb17fe1a5d6f517
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 02 Oct 2022 01:32:58 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
2kErYciMl2vWVuq+1PIjTM56sCf0cX2xH9/X8aaMwyJP5DKRGxFSFhV5k6KsEuOOo6pkInl9me9XB+rwooB+vg==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=308432946216559&ev=PageView&dl=https%3A%2F%2Forder.cava.com%2Fstores&rl=&if=false&ts=1664674378632&sw=1600&sh=1200&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664674378630.1981699191&it=1664674378496&coo=false&rqm=GET
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 02 Oct 2022 01:32:58 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
8f7bac378918c86553ea74331a592cb0.jpg
order.cava.com/ 		95 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://order.cava.com/8f7bac378918c86553ea74331a592cb0.jpg
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-35.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8e423383d3be2a40b83db6f40a7af5bbbd02be428dfb73ef5d22fe2ae676b641

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/stores
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Sun, 02 Oct 2022 01:33:00 GMT
Via
1.1 1877c1d3c1c0435e896415d580d52c52.cloudfront.net (CloudFront)
Last-Modified
Wed, 04 Jan 2017 19:33:01 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P1
ETag
"8f7bac378918c86553ea74331a592cb0"
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
Cache-Control
max-age=315360000, no-transform, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
96967
X-Amz-Cf-Id
Qt7LFzJOwFgwp3l_jZk9dl2h6lAzXqOtHqhWAxIXYyYLQgxDZJpfGQ==
b4004a65c860322e1261dd69da960bfc.woff2
order.cava.com/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://order.cava.com/b4004a65c860322e1261dd69da960bfc.woff2
Requested by
Host: order.cava.com
URL: https://order.cava.com/app.261afcd9cd83ed91bbce.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-35.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
897b09bbba043a4bbe2de18cb38fc13edd2a1286554a4e78fe68dd3bda78c96c

Request headers

Referer
https://order.cava.com/app.261afcd9cd83ed91bbce.css
Origin
https://order.cava.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Sun, 02 Oct 2022 01:32:59 GMT
Via
1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P1
X-Cache
Miss from cloudfront
Connection
keep-alive
Content-Length
45104
Last-Modified
Wed, 04 Jan 2017 19:33:05 GMT
Server
AmazonS3
ETag
"b4004a65c860322e1261dd69da960bfc"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, PUT
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, no-transform, public
Accept-Ranges
bytes
X-Amz-Cf-Id
n3YSSuzY3TAzQyf5P_sfLd5kpJlK3-LYifeNnITK83RU7SvAfEn6yQ==
d8c7e4512645f895048e57d62a823a08.woff2
order.cava.com/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://order.cava.com/d8c7e4512645f895048e57d62a823a08.woff2
Requested by
Host: order.cava.com
URL: https://order.cava.com/app.261afcd9cd83ed91bbce.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-35.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fe74bca1db05ee86384c38d7ccbe3ea90b2f60fb928c1ce2d7f17e92d75f9ca5

Request headers

Referer
https://order.cava.com/app.261afcd9cd83ed91bbce.css
Origin
https://order.cava.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Sun, 02 Oct 2022 01:33:00 GMT
Via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P1
X-Cache
Miss from cloudfront
Connection
keep-alive
Content-Length
29520
Last-Modified
Wed, 04 Jan 2017 19:33:07 GMT
Server
AmazonS3
ETag
"d8c7e4512645f895048e57d62a823a08"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, PUT
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, no-transform, public
Accept-Ranges
bytes
X-Amz-Cf-Id
N2m7e6ePJW7IZqnKa8LSLFsgL4EGMUU1X8aiaxEn8s6fHVWi01KtiA==
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-20771256-2&cid=87917523.1664674379&jid=66452075&_u=YEBAAEAAAAAAAC~&z=88550297
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 02 Oct 2022 01:32:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-20771256-2&cid=87917523.1664674379&jid=66452075&_u=YEBAAEAAAAAAAC~&z=88550297
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 02 Oct 2022 01:32:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
init
tr.snapchat.com/ 		126 B
478 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/init?pids=247fc463-f9aa-46d7-af26-5f2e463ede4b
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
a14fb59bd1bc75ba4be4118b788398d2e50d11f3ff8b8d87b537d710e7b1d1d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 google
server
API Gateway
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://order.cava.com
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
is_enabled
tr.snapchat.com/collector/ 		78 B
163 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/collector/is_enabled?pids=247fc463-f9aa-46d7-af26-5f2e463ede4b&tld=com
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
f029570707570adad39a91957394459f0aff88940b8c6074e6db934ceead6fdd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 google
server
API Gateway
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://order.cava.com
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
17557495.js
bat.bing.com/p/action/ 		1 KB
851 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/17557495.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8f86badfa6027c7bfb6d82aeb265d73d290ef81fce7042814498d8fc4aaebc1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Sun, 02 Oct 2022 01:32:58 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7402D802A3A0486A8CA3012A148ADCD9 Ref B: FRAEDGE1420 Ref C: 2022-10-02T01:32:58Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private,max-age=60
content-length
667
0
bat.bing.com/action/ 		0
175 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=17557495&Ver=2&mid=282705db-6fed-4a9d-93b2-2e4fd7dfe6f5&sid=259e1e8041f211edb46faddab6d3c733&vid=259e4b9041f211eda265c582768faea3&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=CAVA%20%7C%20Order%20Online&p=https%3A%2F%2Forder.cava.com%2Fstores&r=&lt=2844&evt=pageLoad&sv=1&rn=239376
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sun, 02 Oct 2022 01:32:58 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 91DF695D185C46119CF26EA81478DDC2 Ref B: FRAEDGE1420 Ref C: 2022-10-02T01:32:58Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
i
tr.snapchat.com/cm/ Frame 3AE5 		0
294 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/cm/i?pid=247fc463-f9aa-46d7-af26-5f2e463ede4b&u_scsid=be91f252-bd88-47e5-8355-a4a3233f85ea&u_sclid=11b4b5f5-e598-4995-8474-00158c394a1f
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer
https://order.cava.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Sun, 02 Oct 2022 01:32:58 GMT
server
API Gateway
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via
1.1 google
x-envoy-upstream-service-time
0
p
tr.snapchat.com/ 		68 B
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?trackId=2ba52b87-7485-42d5-815d-ca6f01875fc9&pid=247fc463-f9aa-46d7-af26-5f2e463ede4b&ev=PAGE_VIEW&pl=https%3A%2F%2Forder.cava.com%2Fstores&ts=1664674378746&rf=&v=1.6.0&if=false&bt=1d53c387&intg=gtm&m_sl=3063&m_rd=3106&m_pi=2843.7999999523163&m_dcl=2843.899999976158&m_fcps=2867.399999976158&m_pl=0&m_ic=0&m_pv=v2&u_c1=70bd663d-87da-4dd7-8249-134b41c5fc08&u_scsid=be91f252-bd88-47e5-8355-a4a3233f85ea&u_sclid=11b4b5f5-e598-4995-8474-00158c394a1f&s_r_ids=0
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
68
/
www.facebook.com/tr/ 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=720101308646521&ev=PageView&dl=https%3A%2F%2Forder.cava.com%2Fstores&rl=&if=false&ts=1664674378750&sw=1600&sh=1200&v=2.9.84&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=29&fbp=fb.1.1664674378630.1981699191&it=1664674378496&coo=false&tm=1&rqm=GET
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 02 Oct 2022 01:32:58 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
priority
u=3,i
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/IFFH3LRNVNEK5DGHSDNZYU/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
784 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
HTTP/1.1
Server
2600:9000:225e:e000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

X-Amz-Version-Id
U3dsSGRYl2soVpEEAxBIaMUfj33DKRpK
Date
Sat, 01 Oct 2022 22:48:03 GMT
Via
1.1 816b7f4e336674d9d7828ef4700482e8.cloudfront.net (CloudFront)
Age
9897
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
28
Last-Modified
Wed, 21 Sep 2022 22:19:29 GMT
Server
AmazonS3
Etag
"5816cced8568d223aa09d889f300692b"
Vary
Accept-Encoding
Access-Control-Max-Age
600
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
52Hf10wxX30f5EWczVlN9cMvvxTql1goENuXOSK212zEPpIkWENZ8A==

Redirect headers

Date
Sat, 01 Oct 2022 14:07:58 GMT
Via
1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Age
41100
X-Amz-Cf-Pop
FRA60-P4
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
zybmpIx68vi2WrzG3sj6hGImplXe-4b79G9fHbAO71yvZpfK7aQPsw==
index.js
s.adroll.com/j/pre/
Redirect Chain
  • https://s.adroll.com/j/pre/IFFH3LRNVNEK5DGHSDNZYU/DF622QT2ORHCDLKDC3DDPR/fpconsent.js
  • https://s.adroll.com/j/pre/index.js
0
756 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/index.js
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
HTTP/1.1
Server
2600:9000:225e:e000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

X-Amz-Version-Id
nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date
Sat, 01 Oct 2022 02:49:37 GMT
Via
1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Age
81802
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Wed, 15 Jan 2020 23:54:18 GMT
Server
AmazonS3
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Vary
Accept-Encoding
Access-Control-Max-Age
600
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
n-Xs2CLxcy0MoboffaR42LH-n-2otW2WqMlDI7g587ORDNlPyN8ofg==

Redirect headers

Date
Sat, 01 Oct 2022 14:07:58 GMT
Via
1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Age
41099
X-Amz-Cf-Pop
FRA60-P4
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Location
https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
1nenY4Rf1oGIVYHNH2nJVTGDYKZumfOSV-_257p74HvgqaVBLjUyrA==
index.js
s.adroll.com/j/pre/IFFH3LRNVNEK5DGHSDNZYU/DF622QT2ORHCDLKDC3DDPR/ 		0
809 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/IFFH3LRNVNEK5DGHSDNZYU/DF622QT2ORHCDLKDC3DDPR/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:e000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

X-Amz-Version-Id
4_nvS2keQ9o_HkJoDEVolTAdwFU_vSvX
Date
Sun, 02 Oct 2022 01:32:58 GMT
Via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
Age
2937
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Tue, 27 Sep 2022 00:38:49 GMT
Server
AmazonS3
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Vary
Accept-Encoding
Access-Control-Max-Age
600
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
Re6fvv6rdwdQDLbYduNp-_u6nOFn6Wp67oWvOf2FjPowfx1mxBb_5g==
adsct
t.co/i/ 		43 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=cb57c6a3-6dfb-44f7-98e3-073ec02f781c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=2b8f3df8-76bf-4e7d-b236-f8fa2c1a0f52&tw_document_href=https%3A%2F%2Forder.cava.com%2Fstores&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvp3f&type=javascript&version=2.3.27
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-response-time
111
date
Sun, 02 Oct 2022 01:32:58 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
ad0fe9d38aa5533c
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
4aa863f8cd3f70870282f9ceff622a53730a38ec5c1faf4ab1aa32e268a18500
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=cb57c6a3-6dfb-44f7-98e3-073ec02f781c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=2b8f3df8-76bf-4e7d-b236-f8fa2c1a0f52&tw_document_href=https%3A%2F%2Forder.cava.com%2Fstores&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvp3f&type=javascript&version=2.3.27
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-response-time
116
date
Sun, 02 Oct 2022 01:32:58 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
1597c9b92f03dac5
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
a3f49202ac486176fba4359587c3a77eec58564ae827a984ed0be963266b0acd
content-length
43
IFFH3LRNVNEK5DGHSDNZYU
d.adroll.com/consent/check/ 		449 B
542 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/IFFH3LRNVNEK5DGHSDNZYU?arrfrr=https%3A%2F%2Forder.cava.com%2Fstores&_s=16cc8ac96bf268c713f584727439dc97&_b=2
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.72.138 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-72-138.eu-west-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
12a5431c2a5164ac6596d2eac38c00e815a17bf3c22bd48fe969d15172fc3991

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:59 GMT
server
nginx/1.20.0
content-length
449
content-type
application/javascript
17557495
www.clarity.ms/tag/uet/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/uet/17557495
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/17557495.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f8a9d364dabc121791960a0f353950076073342ed5879ee9610d2783dd282e14

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-type
application/x-javascript
date
Sun, 02 Oct 2022 01:32:58 GMT
cache-control
no-cache, no-store
expires
-1
x-azure-ref
0S+o4YwAAAAAws7Pm1cDzSop8yGMg0LmoQlJVMzBFREdFMDQxMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache
CONFIG_NOCACHE
request-context
appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
main.Mi4wLjAuNTVfMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		336 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.Mi4wLjAuNTVfMQ.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8STODK02NERG4EK0OJ0&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.163.153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-36-163-153.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e9bd9db83268ae9694965b94341b1ac5c2da802cfb7d87ed5b1b2727d8ea5ed2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-akamai-request-id
15dcdb49
date
Sun, 02 Oct 2022 01:32:58 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20220927123930BB6B437539000E0022C4
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-36-161-153.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01f053d182073be71d547ade5dd50871625f5bbb9a7f4540ebd66f9973d7e4d4441e443f28f0763187f9930c1e3e39ceed6ec07874d09f3a0b78dc96f779e172ae822ad9cfc22a65630ea5aeaa89233310
server-timing
cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
content-length
96584
pixel
analytics.tiktok.com/api/v2/ 		0
690 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.Mi4wLjAuNTVfMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.163.153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-36-163-153.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://order.cava.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1ddcc56c.15dcdba6
date
Sun, 02 Oct 2022 01:32:59 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-cache
TCP_MISS from a23-36-161-153.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
x-parent-response-time
103,23.36.161.153
server-timing
cdn-cache; desc=MISS, edge; dur=90, origin; dur=15, inner; dur=11
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20221002013259750F055A8EA1B0B12915
x-cache-remote
TCP_MISS from a23-220-104-205.deploy.akamaitechnologies.com (AkamaiGHost/10.9.4-44125806) (-)
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
15,23.220.104.205
x-tt-trace-host
01385de415a5676f228044e2b0b95088651170bc7c5aa867653d316ea95ac88f4bca0d6dd85e367c3a130d7c0df855ef88b6ea5262f4244cf6e1a9b84a3679b267b3cc2f198de772a3d2433f8242c061f4979b4df935fe625d31fbbfe589622aaa
expires
Sun, 02 Oct 2022 01:32:59 GMT
/
www.facebook.com/tr/ 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=308432946216559&ev=Microdata&dl=https%3A%2F%2Forder.cava.com%2Fstores&rl=&if=false&ts=1664674379134&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22CAVA%20%7C%20Order%20Online%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22CAVA%20%7C%20Order%20Online%22%2C%22og%3Adescription%22%3A%22order.cava.com%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fd2dk1lz1pgt72l.cloudfront.net%2FCampaign%2FWeb%2F2017_fall_hero_bowl.jpg%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Forder.cava.com%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.84&r=stable&ec=1&o=30&fbp=fb.1.1664674378630.1981699191&it=1664674378496&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 02 Oct 2022 01:32:59 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
priority
u=3,i
clarity.js
www.clarity.ms/eus2/s/0.6.42/ 		53 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/eus2/s/0.6.42/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/17557495
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
d97ca913935c9897ac4e255d17e14c8a3f0d8513681fe5b6736c4921fc5dd078

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:58 GMT
content-encoding
br
last-modified
Wed, 01 Jun 2022 12:22:22 GMT
etag
"1d8d4495324d7d4"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript;charset=utf-8
x-azure-ref
0S+o4YwAAAABjW/zwdp33TIwsB5NbEctUQlJVMzBFREdFMDQxMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
cache-control
public,max-age=86400
accept-ranges
bytes
request-context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
pixel
flask.nextdoor.com/ 		0
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flask.nextdoor.com/pixel?pid=b6cb8556-7dd5-4f3f-8005-27c45b0df48f&ev=PAGE_VIEW&pl=https%3A%2F%2Forder.cava.com%2Fstores&ndclid=&rf=&sem=&tm=1
Requested by
Host: order.cava.com
URL: https://order.cava.com/stores
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.213.121.197 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-213-121-197.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 01:32:59 GMT
x-envoy-upstream-service-time
3
server
istio-envoy
context-id
3039a602-fb1c-4d8c-9227-c11fbc16f0a5
collect
b.clarity.ms/ 		0
174 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://b.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.42/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://order.cava.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin
https://order.cava.com
date
Sun, 02 Oct 2022 01:32:59 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?CtsSyncId=10F87FE46A8C4473A7D6C2115FF72B99&RedC=c.clarity.ms&MXFR=157BDE5D9FDB633C03F4CC6C9BDB6DE2
  • https://c.clarity.ms/c.gif?CtsSyncId=10F87FE46A8C4473A7D6C2115FF72B99&MUID=095CD60CD5386E782F75C43DD4536F41
42 B
392 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?CtsSyncId=10F87FE46A8C4473A7D6C2115FF72B99&MUID=095CD60CD5386E782F75C43DD4536F41
Protocol
H2
Server
20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://order.cava.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 02 Oct 2022 01:33:00 GMT
last-modified
Tue, 13 Sep 2022 19:54:52 GMT
server
Microsoft-IIS/10.0
etag
"8d3298b0aac7d81:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Sun, 02 Oct 2022 01:32:59 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: BD8FE0B5471C4EC5BB31762F212A99E9 Ref B: FRAEDGE1420 Ref C: 2022-10-02T01:33:00Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?CtsSyncId=10F87FE46A8C4473A7D6C2115FF72B99&MUID=095CD60CD5386E782F75C43DD4536F41
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
collect
b.clarity.ms/ 		0
48 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://b.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.42/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://order.cava.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin
https://order.cava.com
date
Sun, 02 Oct 2022 01:33:00 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.cava.com
URL
https://api.cava.com/api/device/register

Verdicts & Comments Add Verdict or Comment

117 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| Bugsnag function| fbq function| _fbq object| __core-js_shared__ function| google_trackConversion object| Braintree function| _ string| GoogleAnalyticsObject function| ga object| dataLayer function| twq object| google_conversion_id object| google_custom_params object| google_remarketing_only function| GooglemKTybQhCsO object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_tag_data object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_gcl_cookie_path object| google_gcl_cookie_flags object| google_gcl_cookie_domain object| google_gcl_cookie_max_age_seconds object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| google_gtm_experiments object| gaplugins object| gaGlobal object| gaData object| google_tag_manager object| _fbq_gtm_ids string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded function| ndp function| snaptr object| uetq string| TiktokAnalyticsObject object| ttq object| snaptrContext boolean| triedToSendCookieToNative object| WebJSBridge function| UET function| UET_init function| UET_push object| ueto_722bd7abc6 string| adroll_sid object| adroll object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback object| regeneratorRuntime object| twttr object| adroll_exp_list object| __adroll_consent_data object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks boolean| __adroll_consent boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country function| clarity object| PIE

24 Cookies

Domain/Path Name / Value
sc-static.net/scevent.min.js Name: X-AB
Value: 0d6e407936704bd380072f5891d28b0e
order.cava.com/ Name: cg_device
Value: 2e1e88ca-0a9e-9826-57bf-d9487ea7e921
.cava.com/ Name: _ga
Value: GA1.2.87917523.1664674379
.cava.com/ Name: _gid
Value: GA1.2.78733789.1664674379
.cava.com/ Name: _gat
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.cava.com/ Name: _gcl_au
Value: 1.1.62177537.1664674379
.cava.com/ Name: _fbp
Value: fb.1.1664674378630.1981699191
.bing.com/ Name: MUID
Value: 095CD60CD5386E782F75C43DD4536F41
.cava.com/ Name: _uetsid
Value: 259e1e8041f211edb46faddab6d3c733
.cava.com/ Name: _uetvid
Value: 259e4b9041f211eda265c582768faea3
.cava.com/ Name: _scid
Value: 70bd663d-87da-4dd7-8249-134b41c5fc08
.snapchat.com/ Name: sc_at
Value: v2|H4sIAAAAAAAAAAXBgRUAIAQFwIm8p8hnnFKmMHx3U2wnV1LlCtLLmwLTiX35Q+SFnO5hpgYVePMHI/33RzIAAAA=
.t.co/ Name: muc_ads
Value: afff66f6-d302-4bc7-8a68-f5b4ad6eec76
.twitter.com/ Name: personalization_id
Value: "v1_6tkIZJTRt76FIxvHdpYhvQ=="
.cava.com/ Name: _tt_enable_cookie
Value: 1
.cava.com/ Name: _ttp
Value: e935e31d-ac86-4d75-aade-370a69c43420
www.clarity.ms/ Name: CLID
Value: f413714968eb4f11bfc3ad8d9e22ccec.20221002.20231002
.cava.com/ Name: _clck
Value: v2tdy0|1|f5d|0
.cava.com/ Name: _clsk
Value: d55ezb|1664674379821|1|1|b.clarity.ms/collect
.c.bing.com/ Name: SRM_B
Value: 095CD60CD5386E782F75C43DD4536F41
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 095CD60CD5386E782F75C43DD4536F41
.c.clarity.ms/ Name: ANONCHK
Value: 0

2 Console Messages

Source Level URL
Text
javascript error URL: https://order.cava.com/stores
Message:
Access to fetch at 'https://api.cava.com/api/device/register' from origin 'https://order.cava.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://api.cava.com/api/device/register
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ablink.em.cava.com
ads.nextdoor.com
analytics.tiktok.com
analytics.twitter.com
api.cava.com
b.clarity.ms
bat.bing.com
c.bing.com
c.clarity.ms
connect.facebook.net
d.adroll.com
d2wy8f7a9ursnm.cloudfront.net
flask.nextdoor.com
fonts.googleapis.com
googleads.g.doubleclick.net
order.cava.com
p.typekit.net
s.adroll.com
safetechpageencryption.chasepaymentech.com
sc-static.net
siteimproveanalytics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tr.snapchat.com
use.typekit.net
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
api.cava.com
104.244.42.5
104.244.42.67
13.32.121.35
142.250.180.226
159.53.117.101
199.232.136.157
20.234.93.27
20.75.32.255
23.36.163.153
2600:9000:2127:7200:e:6d34:4580:93a1
2600:9000:225e:e000:6:9280:1080:93a1
2606:4700::6812:27
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:801::2002
2a00:1450:4001:806::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:400d:80a::2004
2a00:1450:400e:80c::200a
2a00:1450:4025:401::9b
2a02:26f0:11a::6867:4841
2a02:26f0:11a::6867:4848
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a06:98c1:3120::c
34.213.121.197
34.249.72.138
35.190.43.134
52.222.206.51
52.222.225.250
52.25.118.14
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
038943028568899d9f97e37747d7cf59bde4a82f16435a5308f48408516d47f5
09f4901e0b0dc161eee6f30ecb384c5e777f5768754b4583f7ccff038d7fc810
12a5431c2a5164ac6596d2eac38c00e815a17bf3c22bd48fe969d15172fc3991
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1fbb6c077b4a123bea8f94ccd90c31ab633efc6926b35884830758b52d036419
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d
44f327eeeb995eabd2810452b355ca82979280a4d7def1bd980d3897e6999af6
5f33551a5514d0aee9d262afdf6ccd18a98b7c92ea20b8f0f886caaef90d9d01
5fa70938a0771d1fe9539d4b72fcf215248aae7f482b663537a17a8a0ab2779b
6533db921fa04e1546686ca9111f2cc38032b09365026cf886e3b4d8f58020d6
6ad84e11e1216ec57802a6c2ce2a50bcf18a2ac1df34e4e1a01e4f19db9d720d
7d52994b327c797e0d0d410ace642d8cce0c0d3053b558ea94edf00a9ebde07d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
897b09bbba043a4bbe2de18cb38fc13edd2a1286554a4e78fe68dd3bda78c96c
8a167d14ca92556f3632f17178f1a8b81bbbb6083b74075ba7108bc132ff323b
8e423383d3be2a40b83db6f40a7af5bbbd02be428dfb73ef5d22fe2ae676b641
8f86badfa6027c7bfb6d82aeb265d73d290ef81fce7042814498d8fc4aaebc1c
97f1830c06fe2215ccc2dc9468a64ca11e2725b785f42978dbb996e736bdbf53
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc
a044d75c4cc763f8c041782e2d1416fc1dd2e161f3d62d031e828c5881750b2a
a14fb59bd1bc75ba4be4118b788398d2e50d11f3ff8b8d87b537d710e7b1d1d2
a3e0fbb31ea7229f433a1ea02fb9d52c4864862ec41c07a27cadcf990d10c28e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
affb4822fa0ce3098029af18a7b75fd34f76ddcec2ac33831c8c13848ebd979b
b35e4abee092a316233714cb6d2d6eb5de5ae9856b9d1726a2ee35f3de703a33
d97ca913935c9897ac4e255d17e14c8a3f0d8513681fe5b6736c4921fc5dd078
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9bd9db83268ae9694965b94341b1ac5c2da802cfb7d87ed5b1b2727d8ea5ed2
edcd2f36805420607fa3a466d2f75a24efed4731165ae034ecfa8a4a9809d87f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f029570707570adad39a91957394459f0aff88940b8c6074e6db934ceead6fdd
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f768585b1536bd4863fdf22962ddc86d9216ecbeac81d22aacb17fe1a5d6f517
f8a9d364dabc121791960a0f353950076073342ed5879ee9610d2783dd282e14
fbe282f01ad2520b2958e9dd402f789d3fbeff29fc643be2fe2d5ed572c1c0be
fe74bca1db05ee86384c38d7ccbe3ea90b2f60fb928c1ce2d7f17e92d75f9ca5