Submitted URL: http://www.dilmahtea.com/
Effective URL: https://www.dilmahtea.com/
Submission: On June 14 via api from US — Scanned from DE

Summary

This website contacted 9 IPs in 3 countries across 8 domains to perform 48 HTTP transactions. The main IP is 13.33.187.56, located in United States and belongs to AMAZON-02, US. The main domain is www.dilmahtea.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 21st 2023. Valid for: a year.
This is the only time www.dilmahtea.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
38 dilmahtea.com
www.dilmahtea.com
api-web.dilmahtea.com
dmc.dilmahtea.com
2 MB
2 youtube.com
www.youtube.com — Cisco Umbrella Rank: 90
10 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 68
21 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 5
63 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 132
350 B
1 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 877
script.hotjar.com Failed
4 KB
0 google.de Failed
www.google.de Failed
0 googletagmanager.com Failed
www.googletagmanager.com Failed
48 8
Domain Requested by
26 www.dilmahtea.com www.dilmahtea.com
7 api-web.dilmahtea.com www.dilmahtea.com
5 dmc.dilmahtea.com
2 www.youtube.com www.dilmahtea.com
www.youtube.com
2 www.google-analytics.com www.dilmahtea.com
www.google-analytics.com
1 www.google.com
1 stats.g.doubleclick.net www.google-analytics.com
1 static.hotjar.com www.dilmahtea.com
0 www.google.de Failed
0 www.googletagmanager.com Failed www.google-analytics.com
0 script.hotjar.com Failed static.hotjar.com
48 11
Subject Issuer Validity Valid
dilmahtea.com
Amazon RSA 2048 M02
2023-12-21 -
2025-01-17
a year crt.sh
*.hotjar.com
Amazon RSA 2048 M03
2024-05-22 -
2025-06-20
a year crt.sh
*.google-analytics.com
WR2
2024-05-27 -
2024-08-19
3 months crt.sh
api-web.dilmahtea.com
Amazon RSA 2048 M02
2023-09-07 -
2024-10-05
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-05-21 -
2024-08-13
3 months crt.sh
*.google.com
WR2
2024-05-27 -
2024-08-19
3 months crt.sh
dmc.dilmahtea.com
Amazon RSA 2048 M03
2023-08-26 -
2024-09-23
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.dilmahtea.com/
Frame ID: 397F43408E503C8A33974B7660E8979A
Requests: 47 HTTP requests in this frame

Screenshot

Page Title

Pure Ceylon Tea | Best Ceylon Tea Brand | Dilmah Tea Official Website

Page URL History Show full URLs

  1. http://www.dilmahtea.com/ HTTP 307
    https://www.dilmahtea.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

48
Requests

94 %
HTTPS

50 %
IPv6

8
Domains

11
Subdomains

9
IPs

3
Countries

2042 kB
Transfer

5563 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.dilmahtea.com/ HTTP 307
    https://www.dilmahtea.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

48 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.dilmahtea.com/
Redirect Chain
  • http://www.dilmahtea.com/
  • https://www.dilmahtea.com/
606 KB
96 KB
Document
General
Full URL
https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
c7309631aba170c8ae184a9d51e0ed915523485b1d1cd60a2d8cf2bb7e6a48d6
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
none
content-encoding
gzip
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
content-type
text/html; charset=utf-8
date
Fri, 14 Jun 2024 14:44:03 GMT
etag
"977a7-eNjicpzzUA5LdlhhXcTO7tq1jRg"
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
referrer-policy
origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
x-amz-cf-id
9kFw3c2z-oh_4oWZB-Gp-UgQaN7IWuwUxa0jvuvtiTGkQHauKFBgJQ==
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://www.dilmahtea.com/
Non-Authoritative-Reason
HSTS
0ed867c.js
www.dilmahtea.com/_nuxt/
4 KB
4 KB
Script
General
Full URL
https://www.dilmahtea.com/_nuxt/0ed867c.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
a995b119f8304608cf9349c2c443fea97156ab3f6bca616eb916734d6f575f30
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:04 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"119c-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
i2LsK4q8RNVEmKXM1eZM4TtaO-AyItC3KjgEoVvnFwI47anYnTIqAA==
7500413.js
www.dilmahtea.com/_nuxt/
236 KB
81 KB
Script
General
Full URL
https://www.dilmahtea.com/_nuxt/7500413.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
f97b2cae324ab06145f3e79e56f5319a6d584876cec87337617575f006210f40
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:04 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"3b124-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
Dlvpw83RMQd1AQ9eML2Q-NsQVDr16tU_-rs8QlhT8P5o2F7SKEStGA==
99e8e75.js
www.dilmahtea.com/_nuxt/
1 MB
331 KB
Script
General
Full URL
https://www.dilmahtea.com/_nuxt/99e8e75.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
9ff360952659704613bbd1d95d08b41bfaaf3c6e1a3ba702cedd9da4ae9b679d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:04 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"138f61-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
EZMNTBWtW5dNNtdwzqAzFBWUMzP3ootABjL0y_RxAkKhoqzASE1bTA==
db610d6.js
www.dilmahtea.com/_nuxt/
864 KB
132 KB
Script
General
Full URL
https://www.dilmahtea.com/_nuxt/db610d6.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
cb0949ca88abc48a4812b0d4de53f3ac5e6b9e4df7d8362967e34fff9a0ef316
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:04 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"d7f71-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
ZSSyX2B8jn4N91lVQh4lxXfVN-6O3-8XCikhbv71aezt9_gMww6fpQ==
c2cf079.js
www.dilmahtea.com/_nuxt/
30 KB
8 KB
Script
General
Full URL
https://www.dilmahtea.com/_nuxt/c2cf079.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
31b0cd6ff28a6223d65c6ab96def5e86c792b8693074fb3bdc264b260cebe94c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:04 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"7868-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
9_7bGFys85LM6-5D4YbmcNL6faSM4fIxICNpiZe49ZaWowxi2MoQyQ==
2ab9dab.js
www.dilmahtea.com/_nuxt/
14 KB
6 KB
Script
General
Full URL
https://www.dilmahtea.com/_nuxt/2ab9dab.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
05a1918f7b009371d463c5a470d85df3a7cafcca9a4ba3af5187407bdcce00f5
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:04 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"396f-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
-hz9HSKj_QL6GxHHsH1qy_Xt4l0MgvuT-zW35tr_XZpHnCBMpO7njg==
preloader.webm
www.dilmahtea.com/images/
11 KB
13 KB
Media
General
Full URL
https://www.dilmahtea.com/images/preloader.webm
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
c1bbca4f74fe50528ac38c8a8c0498ffdc7fe1a868a0bcb306cd462287a10b80
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer
https://www.dilmahtea.com/
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:05 GMT
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
Content-Range
bytes 0-11610/11611
Content-Length
11611
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Thu, 21 Mar 2024 06:05:37 GMT
etag
W/"2d5b-18e5f9d6f68"
x-frame-options
SAMEORIGIN
content-type
video/webm
cache-control
public, max-age=0
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
owoGhd1iF7_3kHiqf46-q_mgijeJYxCVNjs9EWvdLjNiJVKuyGN9cQ==
HKGrotesk-Regular.cab8839.otf
www.dilmahtea.com/_nuxt/fonts/
66 KB
40 KB
Font
General
Full URL
https://www.dilmahtea.com/_nuxt/fonts/HKGrotesk-Regular.cab8839.otf
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
b046d0a2d5aee84490778562132d24c154df87102a667ef878d6c00158dfbce7
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Origin
https://www.dilmahtea.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:05 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"108b8-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/otf
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
pNri3xTNch0QQbtx0uspPKnWgXeVuPj9ZB3egfJH_ZSUTWEHQjZDHw==
icomoon.4b0e6a3.ttf
www.dilmahtea.com/_nuxt/fonts/
55 KB
35 KB
Font
General
Full URL
https://www.dilmahtea.com/_nuxt/fonts/icomoon.4b0e6a3.ttf
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
c6b0619a4075dbdbcd88158490570f82f83bacfb684e0baa4a4bd4f952d26193
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Origin
https://www.dilmahtea.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:05 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"dd6c-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/ttf
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
rpTvhKUB4kSwjh9bI6UHi_Cyhjr1YVh-s8pjoOGpBjcDbhdOtrosaw==
HKGrotesk-Light.5ad7c6f.otf
www.dilmahtea.com/_nuxt/fonts/
67 KB
41 KB
Font
General
Full URL
https://www.dilmahtea.com/_nuxt/fonts/HKGrotesk-Light.5ad7c6f.otf
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
fde5a700e20019e2acd94e2f53355d08474a23fa977b972239e02acd6743ebba
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Origin
https://www.dilmahtea.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:05 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"10b60-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/otf
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
FqtdMolqy4DFzwoidT_MFNzJidRxLdkgd_oQ-cIWBCnEt0PtezCs8w==
HKGrotesk-Medium.c471e9a.otf
www.dilmahtea.com/_nuxt/fonts/
68 KB
43 KB
Font
General
Full URL
https://www.dilmahtea.com/_nuxt/fonts/HKGrotesk-Medium.c471e9a.otf
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
c3c71e98121dfb2fa5eb150b797daaebd38012ef5576b1084e803a6f46c4ff70
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Origin
https://www.dilmahtea.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:05 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"11100-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/otf
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
oRyObHpNa_HEh2LOvVLzaftY9W1b-OmSLANt0PZkBajuRpLG4du4rA==
HKGrotesk-SemiBold.5077391.otf
www.dilmahtea.com/_nuxt/fonts/
68 KB
43 KB
Font
General
Full URL
https://www.dilmahtea.com/_nuxt/fonts/HKGrotesk-SemiBold.5077391.otf
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
f757b63129c2b7b4311b8ea0210a8de5d5798f6fbed0febb5d944d11c2897a7d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Origin
https://www.dilmahtea.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:05 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"1113c-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/otf
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
1xev80LTtlZ03nY14J2UbP4flavML2Fzh6Wt8621Wykbj9ckPXczCg==
PlayfairDisplay-SemiBold.68ac1d2.ttf
www.dilmahtea.com/_nuxt/fonts/
231 KB
113 KB
Font
General
Full URL
https://www.dilmahtea.com/_nuxt/fonts/PlayfairDisplay-SemiBold.68ac1d2.ttf
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
8a5371a6971f2bc236f1f63e85c3833c65c86ecd8b12c904d88454ce76948a32
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Origin
https://www.dilmahtea.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:05 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"39c5c-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/ttf
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
oxf3npB7AzMBeylwWDFvDEKM9h3nddc4Z6oorHdLXE0hJ_CPqswY6A==
fontawesome-webfont.706450d.ttf
www.dilmahtea.com/_nuxt/fonts/
119 KB
71 KB
Font
General
Full URL
https://www.dilmahtea.com/_nuxt/fonts/fontawesome-webfont.706450d.ttf
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
9e540a087924a6e64790149d735cac022640e4fa6bff6bd65f5e9f41529bf0b3
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Origin
https://www.dilmahtea.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:05 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"1dcec-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/ttf
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
fN11Y2GwEO3bGyj5AawMpMwKTthJTSPJIHlpMRvkuuBC1bYTT3Czlg==
hotjar-2105482.js
static.hotjar.com/c/
9 KB
4 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-2105482.js?sv=6
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/db610d6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-35.ams1.r.cloudfront.net
Software
/
Resource Hash
6bf9ca998c845efd22346325c329c02f6a6a4796e13d9e47a302b906a7f00bd2
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2ef9ad1c8e8d306617a72c1e978a7716.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
etag
W/7e5dbed7dbb978f20eb4af7b4f998b91
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
sPOIvrcUK1xteR6aPEU8wdASe5silwPb_NRskimUJHeQ4OB9RF8TEg==
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/99e8e75.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 14 Jun 2024 13:41:03 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
3783
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 14 Jun 2024 15:41:03 GMT
languages-and-countries
api-web.dilmahtea.com/
3 KB
1 KB
XHR
General
Full URL
https://api-web.dilmahtea.com/languages-and-countries
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/7500413.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:e400:10:7641:5d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Strapi <strapi.io>
Resource Hash
013749e7bbd214abf785a8998a745717141110ab4d9c57d87eb8c19f79094b62
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
5ms
date
Fri, 14 Jun 2024 14:44:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 14b30c40b56ef4c9699e1ca92d5cdc08.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
x-powered-by
Strapi <strapi.io>
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-cache
Miss from cloudfront
access-control-allow-credentials
true
x-amz-cf-id
pGeZ3sU6YDGa6p3_xAvjfuedT6w2E15alst05HDIVjtfHB3WBWxgrA==
graphql
api-web.dilmahtea.com/
9 KB
3 KB
XHR
General
Full URL
https://api-web.dilmahtea.com/graphql
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/7500413.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:e400:10:7641:5d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Strapi <strapi.io>
Resource Hash
9a33f929080f5cf3cdbf657e69c801f4cec7f9928f183e91f2edb382378a452d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://www.dilmahtea.com/
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
104ms
date
Fri, 14 Jun 2024 14:44:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 14b30c40b56ef4c9699e1ca92d5cdc08.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
x-powered-by
Strapi <strapi.io>
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/json
access-control-allow-origin
https://www.dilmahtea.com
x-cache
Miss from cloudfront
access-control-allow-credentials
true
x-amz-cf-id
7oq6HZtkjt3v5ojbkatdBLTSGb34bJDumuTKCOsxnQKwAXDpTxdUuA==
featured_stories
api-web.dilmahtea.com/dmc-apis/
44 KB
15 KB
XHR
General
Full URL
https://api-web.dilmahtea.com/dmc-apis/featured_stories?lang=text_en&type=featured&page=1&size=10&isMedia=1
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/7500413.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:e400:10:7641:5d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Strapi <strapi.io>
Resource Hash
4c12a160f0dcea17290ae9b860b2d73ef1c0a82f1b95deb409e885cf4381e26e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
9103ms
date
Fri, 14 Jun 2024 14:44:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 14b30c40b56ef4c9699e1ca92d5cdc08.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
x-powered-by
Strapi <strapi.io>
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-cache
Miss from cloudfront
access-control-allow-credentials
true
x-amz-cf-id
mxFxuPtiVdQkVZPX5LyZOhZdLZwOE68l1MBYDv7ljB92USgV2Sywkw==
featured_stories
api-web.dilmahtea.com/dmc-apis/
14 KB
5 KB
XHR
General
Full URL
https://api-web.dilmahtea.com/dmc-apis/featured_stories?lang=text_en&type=tea_inspired&page=1&size=10&isMedia=1
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/7500413.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:e400:10:7641:5d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Strapi <strapi.io>
Resource Hash
0d372c954fa819c8d738e01ab1750f21443c75e70752a361eecfa9ba1c7f5e6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
9534ms
date
Fri, 14 Jun 2024 14:44:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 14b30c40b56ef4c9699e1ca92d5cdc08.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
x-powered-by
Strapi <strapi.io>
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-cache
Miss from cloudfront
access-control-allow-credentials
true
x-amz-cf-id
pgbRj1KLNVIKSpRqvVMZrnx7c15Xc5iOreCjk66YXB3Y8HB1TSJSLw==
featured_stories
api-web.dilmahtea.com/dmc-apis/
11 KB
4 KB
XHR
General
Full URL
https://api-web.dilmahtea.com/dmc-apis/featured_stories?lang=text_en&type=purpose&page=1&size=10&isMedia=1
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/7500413.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:e400:10:7641:5d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Strapi <strapi.io>
Resource Hash
e0e84da93a134bbbc1fe29abe63f34071f6d4aeb0664528250ec966445620d1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
8936ms
date
Fri, 14 Jun 2024 14:44:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 14b30c40b56ef4c9699e1ca92d5cdc08.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
x-powered-by
Strapi <strapi.io>
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-cache
Miss from cloudfront
access-control-allow-credentials
true
x-amz-cf-id
yUT8Afk2_3v9z_GLHSGbQiKg8TdBTp4besszT5MGzV6Kxi1UW62bGg==
productsAndInfusions
api-web.dilmahtea.com/dmc-apis/
11 B
423 B
XHR
General
Full URL
https://api-web.dilmahtea.com/dmc-apis/productsAndInfusions?lang=text_en&page=1&size=10
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/7500413.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:e400:10:7641:5d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Strapi <strapi.io>
Resource Hash
8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
928ms
date
Fri, 14 Jun 2024 14:44:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 14b30c40b56ef4c9699e1ca92d5cdc08.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
x-powered-by
Strapi <strapi.io>
vary
Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-cache
Miss from cloudfront
access-control-allow-credentials
true
content-length
11
x-amz-cf-id
vVYffwtWEAeOKExcgL81R-ymz7oQd6rVvA51JGZcbwiYjANc3T5poA==
graphql
api-web.dilmahtea.com/
0
0
Preflight
General
Full URL
https://api-web.dilmahtea.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:e400:10:7641:5d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.dilmahtea.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Authorization,Origin,Accept
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin
*
access-control-max-age
31536000
date
Fri, 14 Jun 2024 14:44:07 GMT
vary
Origin
via
1.1 14b30c40b56ef4c9699e1ca92d5cdc08.cloudfront.net (CloudFront)
x-amz-cf-id
vMCTFJRxB11tstKYuuu9LOGb6_RE1LoMfyauHtn70DC-a2xhkIZhcg==
x-amz-cf-pop
FRA60-P5
x-cache
Miss from cloudfront
x-response-time
0ms
logo.jpg
www.dilmahtea.com/images/
15 KB
17 KB
Image
General
Full URL
https://www.dilmahtea.com/images/logo.jpg
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
6e50fdbb92e7c8ca13444be1770c82bc469e8682828f73031b2a5889b3ac06dc
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:06 GMT
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
content-length
15692
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Thu, 21 Mar 2024 06:05:37 GMT
etag
W/"3d4c-18e5f9d6f68"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
public, max-age=0
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
YXFpzOhcpsYQtcEjfD5a5mFjkU6YCf3mf_LZD8mNNPEsHSOwtILyPw==
modules.db8890ba82a7e392473f.js
script.hotjar.com/
0
0

collect
www.google-analytics.com/j/
16 B
223 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1882067308&t=pageview&_s=1&dl=https%3A%2F%2Fwww.dilmahtea.com%2F&dp=%2F&ul=de-de&de=UTF-8&dt=Pure%20Ceylon%20Tea%20%7C%20Best%20Ceylon%20Tea%20Brand%20%7C%20Dilmah%20Tea%20Official%20Website&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABEAAAACAAI~&jid=1351886094&gjid=581121284&cid=1868628923.1718376247&tid=UA-11671701-1&_gid=702569206.1718376247&_r=1&_slc=1&z=1933850584
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
45b9207c503553522d1e4666da1a5f3062613c788feab10472a6b9d532fb361e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 14 Jun 2024 14:44:06 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.dilmahtea.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
350 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-11671701-1&cid=1868628923.1718376247&jid=1351886094&gjid=581121284&_gid=702569206.1718376247&_u=aEBAAEAAEAAAACAAI~&z=644844712
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 14 Jun 2024 14:44:06 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.dilmahtea.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
0
0

favicon.png
www.dilmahtea.com/images/
1 KB
3 KB
Other
General
Full URL
https://www.dilmahtea.com/images/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
200bd220e54a3edae3c7c38a76c9b46b6132bf6c56438eb542de6792883d64bd
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:06 GMT
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
content-length
1383
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Thu, 21 Mar 2024 06:05:36 GMT
etag
W/"567-18e5f9d6b80"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=0
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
vtSlUIJNPpb-DJ8tYzqY49nbG-ZfOVZLYNKgl7tsDgSLUaxSdL7n7g==
ga-audiences
www.google.com/ads/
42 B
63 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-11671701-1&cid=1868628923.1718376247&jid=1351886094&_u=aEBAAEAAEAAAACAAI~&z=146411033
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 14 Jun 2024 14:44:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
0
0

favicon-32x32.webp
www.dilmahtea.com/images/
734 B
2 KB
Other
General
Full URL
https://www.dilmahtea.com/images/favicon-32x32.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
a28850c9d997ac25cb0a213a0b5d829ff57be50e3205875f81028b816c4f1673
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:07 GMT
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
content-length
734
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Thu, 21 Mar 2024 06:05:36 GMT
etag
W/"2de-18e5f9d6b80"
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=0
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
eRaSIuxCrpu0jG_9m4fMkZ8sGjx2_QlvAEG-rCi0P6c24RHMvuHmjg==
iframe_api
www.youtube.com/
993 B
2 KB
Script
General
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/c2cf079.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
99f0c91286bc72d46a0e900ada363a9c06578f8077fff4ddeaac63f89bf802b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:08 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Fri, 14 Jun 2024 14:44:08 GMT
PlayfairDisplay-Regular.b3721ba.ttf
www.dilmahtea.com/_nuxt/fonts/
231 KB
108 KB
Font
General
Full URL
https://www.dilmahtea.com/_nuxt/fonts/PlayfairDisplay-Regular.b3721ba.ttf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
17e6c4698298ec2bc9fe8f5bf7bc120607ae6d0a357c96e4436d7e69c7747601
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Origin
https://www.dilmahtea.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:08 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"39ab4-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/ttf
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
jBFKy43i7zEe7Smf7L25wiSSraRFFgwJS637tdnT9lnBlMdgEtgDbA==
PlayfairDisplay-Bold.d27b6b1.ttf
www.dilmahtea.com/_nuxt/fonts/
231 KB
114 KB
Font
General
Full URL
https://www.dilmahtea.com/_nuxt/fonts/PlayfairDisplay-Bold.d27b6b1.ttf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
815c21d6d5dc428504bc77ebb32d145164f530e9bc8f9039b36991acc936d5a5
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Origin
https://www.dilmahtea.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:08 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"39c04-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/ttf
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
xnIM0OiRJRqskBCjmoyzrJif5WbO4yY3FL3fWo11lN95IDWBS8Dsgw==
1_bbc5e0ca8f.jpg
www.dilmahtea.com/assets/assets/
184 KB
184 KB
Image
General
Full URL
https://www.dilmahtea.com/assets/assets/1_bbc5e0ca8f.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
de6d608265f3b78c5cd799bbc9ccd145d6341d4e3c092f1a22e7a98e93055ace

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 13 Jun 2024 14:53:23 GMT
x-amz-version-id
.k5rQwFIW7vXUnugGAEvfUGC.Kdsayls
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
last-modified
Thu, 10 Aug 2023 12:50:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
85846
etag
"069d339267a1449f6186601c1937c180"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
188242
x-amz-cf-id
ss_37m0-LuVUi6acdGN8tyB2P0SeLvmSmmAuNFS9gx7-ANvH2kapdQ==
1_bbc5e0ca8f.jpg
www.dilmahtea.com/assets/assets/
184 KB
0
Media
General
Full URL
https://www.dilmahtea.com/assets/assets/1_bbc5e0ca8f.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
de6d608265f3b78c5cd799bbc9ccd145d6341d4e3c092f1a22e7a98e93055ace

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer
https://www.dilmahtea.com/
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 13 Jun 2024 14:53:23 GMT
x-amz-version-id
.k5rQwFIW7vXUnugGAEvfUGC.Kdsayls
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
last-modified
Thu, 10 Aug 2023 12:50:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
85846
etag
"069d339267a1449f6186601c1937c180"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
Content-Range
bytes 0-188241/188242
accept-ranges
bytes
x-amz-cf-id
ss_37m0-LuVUi6acdGN8tyB2P0SeLvmSmmAuNFS9gx7-ANvH2kapdQ==
Content-Length
188242
www-widgetapi.js
www.youtube.com/s/player/74204f6c/www-widgetapi.vflset/
24 KB
8 KB
Script
General
Full URL
https://www.youtube.com/s/player/74204f6c/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4349329d9810a0dd03edc1841097097667cacc80e4fd9319754b2e4a14a81b96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:34:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
4208
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8211
x-xss-protection
0
last-modified
Wed, 12 Jun 2024 04:23:02 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 14 Jun 2025 13:34:00 GMT
500_500.171741051927852.jpg
dmc.dilmahtea.com/web-space/dmc/press-articles/efa260adfcac648aa5df57fc33520b5e0a3fb0c3/
41 KB
43 KB
Image
General
Full URL
https://dmc.dilmahtea.com/web-space/dmc/press-articles/efa260adfcac648aa5df57fc33520b5e0a3fb0c3/500_500.171741051927852.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-54.fra56.r.cloudfront.net
Software
Apache /
Resource Hash
7f5728a63f6b7c1b2e2c958bde7a334b18041afe1a66a6e29e3be12400e4fa45
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 12:16:06 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
959291
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
42416
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Mon, 03 Jun 2024 10:28:40 GMT
server
Apache
cross-origin-opener-policy
same-origin; report-to=default
expect-ct
max-age=604800
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000
permissions-policy
geolocation=()
accept-ranges
bytes
x-amz-cf-id
ddxMSIBkyniF0cfEIugBlRYYWTNMx0yUhGsawOUDp_z0ipzXh4Kd5g==
expires
Tue, 03 Jun 2025 12:15:58 GMT
500_500.171741110978994.jpg
dmc.dilmahtea.com/web-space/dmc/press-articles/2134834173800a88be598393763c66c179d793a1/
19 KB
20 KB
Image
General
Full URL
https://dmc.dilmahtea.com/web-space/dmc/press-articles/2134834173800a88be598393763c66c179d793a1/500_500.171741110978994.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-54.fra56.r.cloudfront.net
Software
Apache /
Resource Hash
8010293016a94c7b962cc6e9c1e393c781a12ed7219980523f0aede739dda01d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 12:16:06 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
959291
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
19364
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Mon, 03 Jun 2024 10:38:29 GMT
server
Apache
cross-origin-opener-policy
same-origin; report-to=default
expect-ct
max-age=604800
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000
permissions-policy
geolocation=()
accept-ranges
bytes
x-amz-cf-id
6WvHCYG6k5kt7T8qCSO_ofBcs9yo5PDmGvjamPQ10vPwu0aOIEMBUQ==
expires
Tue, 03 Jun 2025 12:15:58 GMT
500_500.171774006019880.jpg
dmc.dilmahtea.com/web-space/dmc/press-news/28903f610228f970292b06382eae94ae10efa9a0/
36 KB
37 KB
Image
General
Full URL
https://dmc.dilmahtea.com/web-space/dmc/press-news/28903f610228f970292b06382eae94ae10efa9a0/500_500.171774006019880.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-54.fra56.r.cloudfront.net
Software
Apache /
Resource Hash
419b471f3fc1ecdab16d3dbef6eaf4a5c836b67ac8869e735de07802bbe47ebc
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 07 Jun 2024 07:11:12 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
631985
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
36657
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Fri, 07 Jun 2024 06:01:01 GMT
server
Apache
cross-origin-opener-policy
same-origin; report-to=default
expect-ct
max-age=604800
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000
permissions-policy
geolocation=()
accept-ranges
bytes
x-amz-cf-id
kGQxrl6H3TpzZ97KwqAzpaanCKqU3NyqKDJ9hL5ahg_T78ZYY28sAQ==
expires
Sat, 07 Jun 2025 07:11:00 GMT
500_500.171507146424956.jpg
dmc.dilmahtea.com/web-space/dmc/press-articles/55da3f56239d2acf0ec75f787f59ad0673af5057/
43 KB
44 KB
Image
General
Full URL
https://dmc.dilmahtea.com/web-space/dmc/press-articles/55da3f56239d2acf0ec75f787f59ad0673af5057/500_500.171507146424956.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-54.fra56.r.cloudfront.net
Software
Apache /
Resource Hash
eb17b3d76e10600c008ce0056f07db2b3cfc920272a8ec6c04215fc83f24fff0
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 07 May 2024 09:24:32 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
3302385
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
43792
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 07 May 2024 08:44:24 GMT
server
Apache
cross-origin-opener-policy
same-origin; report-to=default
expect-ct
max-age=604800
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000
permissions-policy
geolocation=()
accept-ranges
bytes
x-amz-cf-id
0uBiTjpkfQw11rmwJ_jAy7GgnCHrFX51p7LuV8bq4Pqoym94Pf_Y2Q==
expires
Wed, 07 May 2025 09:24:01 GMT
500_500.171498664587825.jpg
dmc.dilmahtea.com/web-space/dmc/press-articles/e4dd8a3f00e999f798719337af6085d777f539d5/
38 KB
39 KB
Image
General
Full URL
https://dmc.dilmahtea.com/web-space/dmc/press-articles/e4dd8a3f00e999f798719337af6085d777f539d5/500_500.171498664587825.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-54.fra56.r.cloudfront.net
Software
Apache /
Resource Hash
2974212e9ad29d685d75deaa94443ac9394c8a839b3a715abfda46d228b22ad8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 09:14:42 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.oos.yesdiner.com xpay.ebeyonds.com chimpstatic.com cdn-images.mailchimp.com z.moatads.com dmc.dilmahtea.com elearning.schooloftea.org fonts.googleapis.com www.schooloftea.org data: static.dammore.com analytics.dammore.com dmc.dilmahtea.com ; frame-ancestors 'self' ;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
3389375
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
38431
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Mon, 06 May 2024 09:10:46 GMT
server
Apache
cross-origin-opener-policy
same-origin; report-to=default
expect-ct
max-age=604800
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000
permissions-policy
geolocation=()
accept-ranges
bytes
x-amz-cf-id
TfA58bHromf4eTPJSQ7Vq3ugLq4N4fmN4QDygsOHatTatXEXpxyCxQ==
expires
Tue, 06 May 2025 09:14:11 GMT
2_d164a9873a.jpg
www.dilmahtea.com/assets/assets/
123 KB
124 KB
Image
General
Full URL
https://www.dilmahtea.com/assets/assets/2_d164a9873a.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
70a239fab0f3797805a51446bdcf53d98942b8f05a6ddee8f72557b8d3dde2ed

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
EGyi6mxtJV4ZSFRtKep3K4UyzmHg_1tR
date
Fri, 14 Jun 2024 14:44:19 GMT
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
last-modified
Thu, 10 Aug 2023 12:50:34 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
6080
x-amz-server-side-encryption
AES256
etag
"b9fee139caf60e2d512f9dab26f6588d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
126383
x-amz-cf-id
12OhtmFWM4kJZzMwfwfQFxFkTTdppA4zHIxCsgoTQi936Pvftq7Sgw==
a89e0e4.js
www.dilmahtea.com/_nuxt/
22 KB
8 KB
Script
General
Full URL
https://www.dilmahtea.com/_nuxt/a89e0e4.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/0ed867c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
030535b8a03ef40c7f30f8588d90724edcb0d1f9f35b3c5bf2a28ee5ca8a3e14
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:21 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"5725-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
4QAd68odRapiw4SlanrfkgGLmhNJqwjY1kLjKfxNrg1s7NF-YLRYnQ==
3a7ffc5.js
www.dilmahtea.com/_nuxt/
527 KB
176 KB
Script
General
Full URL
https://www.dilmahtea.com/_nuxt/3a7ffc5.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/0ed867c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
2f618886b5022806f0c49495b7aefe685b70914062ee1fbc88bc67810288ff7e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:21 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"83cc0-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
Ik4eHwIeO2gNcvLq3J6c_QUoOZu_ij55nfICMncj4U_NxCgghU4lJg==
8a82955.js
www.dilmahtea.com/_nuxt/
8 KB
4 KB
Script
General
Full URL
https://www.dilmahtea.com/_nuxt/8a82955.js
Requested by
Host: www.dilmahtea.com
URL: https://www.dilmahtea.com/_nuxt/0ed867c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-56.fra60.r.cloudfront.net
Software
/
Resource Hash
8472750457439ca146046cfcfc38fe28b85b20691ce538ca52697eda8529bb44
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.dilmahtea.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 14:44:21 GMT
content-encoding
gzip
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 31 May 2024 15:20:33 GMT
etag
W/"1ee2-18fcf3d01e8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
autoplay=(self), fullscreen=*, geolocation=(self)
accept-ranges
bytes
x-amz-cf-id
CEpf9rn0r-iVd7MNIo2uQ7E_6lkYPCy28aDOgoUHEqECAWETaHqtPw==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
script.hotjar.com
URL
https://script.hotjar.com/modules.db8890ba82a7e392473f.js
Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-194ZNY6CYM&cx=c&_slc=1
Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-11671701-1&cid=1868628923.1718376247&jid=1351886094&_u=aEBAAEAAEAAAACAAI~&z=146411033

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady function| _ object| L function| $ function| hj object| _hjSettings object| $nuxt object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled object| google_tag_data function| ga object| gaplugins boolean| ga-disable-UA-11671701-1 object| gaGlobal object| gaData object| dataLayer object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady

6 Cookies

Domain/Path Name / Value
.dilmahtea.com/ Name: _ga
Value: GA1.2.1868628923.1718376247
.dilmahtea.com/ Name: _gid
Value: GA1.2.702569206.1718376247
.dilmahtea.com/ Name: _gat
Value: 1
.youtube.com/ Name: YSC
Value: jvlpiIDjn7M
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: zNRtN4jnfPY
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJERRIEEgAgVA%3D%3D

3 Console Messages

Source Level URL
Text
security error URL: https://static.hotjar.com/c/hotjar-2105482.js?sv=6(Line 2)
Message:
Refused to load the script 'https://script.hotjar.com/modules.db8890ba82a7e392473f.js' because it violates the following Content Security Policy directive: "script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.google-analytics.com/analytics.js(Line 23)
Message:
Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-194ZNY6CYM&cx=c&_slc=1' because it violates the following Content Security Policy directive: "script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.dilmahtea.com/
Message:
Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-11671701-1&cid=1868628923.1718376247&jid=1351886094&_u=aEBAAEAAEAAAACAAI~&z=146411033' because it violates the following Content Security Policy directive: "img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-web.dilmahtea.com
dmc.dilmahtea.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
www.dilmahtea.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.youtube.com
script.hotjar.com
www.google.de
www.googletagmanager.com
13.33.187.56
142.250.186.36
18.239.94.35
18.66.112.54
2600:9000:2646:e400:10:7641:5d80:93a1
2a00:1450:4001:80f::200e
2a00:1450:4001:811::200e
2a00:1450:400c:c0b::9b
013749e7bbd214abf785a8998a745717141110ab4d9c57d87eb8c19f79094b62
030535b8a03ef40c7f30f8588d90724edcb0d1f9f35b3c5bf2a28ee5ca8a3e14
05a1918f7b009371d463c5a470d85df3a7cafcca9a4ba3af5187407bdcce00f5
0d372c954fa819c8d738e01ab1750f21443c75e70752a361eecfa9ba1c7f5e6a
17e6c4698298ec2bc9fe8f5bf7bc120607ae6d0a357c96e4436d7e69c7747601
200bd220e54a3edae3c7c38a76c9b46b6132bf6c56438eb542de6792883d64bd
2974212e9ad29d685d75deaa94443ac9394c8a839b3a715abfda46d228b22ad8
2f618886b5022806f0c49495b7aefe685b70914062ee1fbc88bc67810288ff7e
31b0cd6ff28a6223d65c6ab96def5e86c792b8693074fb3bdc264b260cebe94c
419b471f3fc1ecdab16d3dbef6eaf4a5c836b67ac8869e735de07802bbe47ebc
4349329d9810a0dd03edc1841097097667cacc80e4fd9319754b2e4a14a81b96
45b9207c503553522d1e4666da1a5f3062613c788feab10472a6b9d532fb361e
4c12a160f0dcea17290ae9b860b2d73ef1c0a82f1b95deb409e885cf4381e26e
6bf9ca998c845efd22346325c329c02f6a6a4796e13d9e47a302b906a7f00bd2
6e50fdbb92e7c8ca13444be1770c82bc469e8682828f73031b2a5889b3ac06dc
70a239fab0f3797805a51446bdcf53d98942b8f05a6ddee8f72557b8d3dde2ed
7f5728a63f6b7c1b2e2c958bde7a334b18041afe1a66a6e29e3be12400e4fa45
8010293016a94c7b962cc6e9c1e393c781a12ed7219980523f0aede739dda01d
815c21d6d5dc428504bc77ebb32d145164f530e9bc8f9039b36991acc936d5a5
8472750457439ca146046cfcfc38fe28b85b20691ce538ca52697eda8529bb44
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a5371a6971f2bc236f1f63e85c3833c65c86ecd8b12c904d88454ce76948a32
8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0
99f0c91286bc72d46a0e900ada363a9c06578f8077fff4ddeaac63f89bf802b6
9a33f929080f5cf3cdbf657e69c801f4cec7f9928f183e91f2edb382378a452d
9e540a087924a6e64790149d735cac022640e4fa6bff6bd65f5e9f41529bf0b3
9ff360952659704613bbd1d95d08b41bfaaf3c6e1a3ba702cedd9da4ae9b679d
a28850c9d997ac25cb0a213a0b5d829ff57be50e3205875f81028b816c4f1673
a995b119f8304608cf9349c2c443fea97156ab3f6bca616eb916734d6f575f30
b046d0a2d5aee84490778562132d24c154df87102a667ef878d6c00158dfbce7
c1bbca4f74fe50528ac38c8a8c0498ffdc7fe1a868a0bcb306cd462287a10b80
c3c71e98121dfb2fa5eb150b797daaebd38012ef5576b1084e803a6f46c4ff70
c6b0619a4075dbdbcd88158490570f82f83bacfb684e0baa4a4bd4f952d26193
c7309631aba170c8ae184a9d51e0ed915523485b1d1cd60a2d8cf2bb7e6a48d6
cb0949ca88abc48a4812b0d4de53f3ac5e6b9e4df7d8362967e34fff9a0ef316
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6d608265f3b78c5cd799bbc9ccd145d6341d4e3c092f1a22e7a98e93055ace
e0e84da93a134bbbc1fe29abe63f34071f6d4aeb0664528250ec966445620d1e
eb17b3d76e10600c008ce0056f07db2b3cfc920272a8ec6c04215fc83f24fff0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f757b63129c2b7b4311b8ea0210a8de5d5798f6fbed0febb5d944d11c2897a7d
f97b2cae324ab06145f3e79e56f5319a6d584876cec87337617575f006210f40
fde5a700e20019e2acd94e2f53355d08474a23fa977b972239e02acd6743ebba