weheartit.com Open in urlscan Pro
198.101.167.73 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tinyurl.com/28553a7s
Effective URL:
https://weheartit.com/entry/356622090
Submission Tags: falconsandbox
Submission: On June 29 via api (June 29th 2021, 1:42:34 pm UTC) from US

Summary HTTP 245 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 53 IPs in 7 countries across 36 domains to perform 245 HTTP transactions. The main IP is 198.101.167.73, located in United States and belongs to RACKSPACE, US. The main domain is weheartit.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 6th 2019. Valid for: 2 years.

This is the only time weheartit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::6814:8b41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	198.101.167.73 198.101.167.73	19994 (RACKSPACE) (RACKSPACE)
23	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3)
1	65.9.77.116 65.9.77.116	16509 (AMAZON-02) (AMAZON-02)
4 7	104.108.145.8 104.108.145.8	16625 (AKAMAI-AS) (AKAMAI-AS)
24	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a02:26f0:10c... 2a02:26f0:10c::5f64:c122	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	104.108.145.107 104.108.145.107	16625 (AKAMAI-AS) (AKAMAI-AS)
1	65.9.77.86 65.9.77.86	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
4	65.9.86.127 65.9.86.127	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
2 6	65.9.77.30 65.9.77.30	16509 (AMAZON-02) (AMAZON-02)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
14	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	2600:9000:210... 2600:9000:2104:f000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:c800:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
5	104.108.145.205 104.108.145.205	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:400c:c0a::9d	15169 (GOOGLE) (GOOGLE)
1 1	2600:1f18:730... 2600:1f18:730:b120:1f6b:b8df:cda6:ffc4	14618 (AMAZON-AES) (AMAZON-AES)
1	3.213.73.156 3.213.73.156	14618 (AMAZON-AES) (AMAZON-AES)
3	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
1 2	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
1	65.9.77.58 65.9.77.58	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:210... 2600:9000:2104:a000:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 3	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
1	34.234.106.43 34.234.106.43	14618 (AMAZON-AES) (AMAZON-AES)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
2	2600:1f18:e8a... 2600:1f18:e8a:cd06:e361:a2ce:b047:17c	14618 (AMAZON-AES) (AMAZON-AES)
2	34.96.81.209 34.96.81.209	15169 (GOOGLE) (GOOGLE)
4 8	54.172.13.178 54.172.13.178	14618 (AMAZON-AES) (AMAZON-AES)
4	64.202.112.191 64.202.112.191	23352 (SERVERCEN...) (SERVERCENTRAL)
1	151.101.114.132 151.101.114.132	54113 (FASTLY) (FASTLY)
8	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:803::2006	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
50	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
3 4	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 3	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
4 9	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1 1	185.29.133.199 185.29.133.199	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	2600:1f18:444... 2600:1f18:444a:4680:252d:a0d8:b19f:2c13	14618 (AMAZON-AES) (AMAZON-AES)
2 2	52.17.54.18 52.17.54.18	16509 (AMAZON-02) (AMAZON-02)
1 2	23.37.43.59 23.37.43.59	16625 (AKAMAI-AS) (AKAMAI-AS)
5 5	52.58.182.33 52.58.182.33	16509 (AMAZON-02) (AMAZON-02)
1 1	146.0.227.107 146.0.227.107	29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH)
1	2a04:4e42:3::300 2a04:4e42:3::300	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
245	53

1 2606:4700:10::6814:8b41 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.101.167.73 (United States)

ASN19994 (RACKSPACE, US)

weheartit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 205.185.216.42 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

assets.whicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.77.116 (United States)

ASN16509 (AMAZON-02, US)

native.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.108.145.8 (Berlin, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-145-8.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

data.whicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:10c::5f64:c122 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.108.145.107 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-145-107.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-pixels.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.77.86 (United States)

ASN16509 (AMAZON-02, US)

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 65.9.86.127 (United States)

ASN16509 (AMAZON-02, US)

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 65.9.77.30 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2104:f000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:c800:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.108.145.205 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-145-205.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b120:1f6b:b8df:cda6:ffc4 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.213.73.156 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Kansas City, United States)

ASN15169 (GOOGLE, US)

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.59.101 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.77.58 (United States)

ASN16509 (AMAZON-02, US)

ob.cheqzone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2104:a000:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.242.197 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.234.106.43 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

idx.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:e8a:cd06:e361:a2ce:b047:17c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.cheqzone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.81.209 (Kansas City, United States)

ASN15169 (GOOGLE, US)

i.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.172.13.178 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES, US)

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 64.202.112.191 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mcdp-nydc1.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.132 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.36 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.133.199 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:444a:4680:252d:a0d8:b19f:2c13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.54.18 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.43.59 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-43-59.deploy.static.akamaitechnologies.com

x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.58.182.33 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.0.227.107 (Ascension Island) 1 redirects

ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::300 (United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
69	googlesyndication.com e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	580 KB
47	whicdn.com assets.whicdn.com data.whicdn.com	631 KB
26	doubleclick.net 3 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net	233 KB
15	2mdn.net s0.2mdn.net	271 KB
15	liadm.com 5 redirects b-code.liadm.com rp.liadm.com rp4.liadm.com idx.liadm.com i.liadm.com i6.liadm.com	19 KB
10	google.com 4 redirects adservice.google.com www.google.com	921 B
10	skimresources.com 1 redirects s.skimresources.com t.skimresources.com p.skimresources.com r.skimresources.com i.skimresources.com	26 KB
9	outbrain.com widgets.outbrain.com widget-pixels.outbrain.com odb.outbrain.com mcdp-nydc1.outbrain.com	84 KB
8	outbrainimg.com tcheck.outbrainimg.com log.outbrainimg.com images.outbrainimg.com	89 KB
6	casalemedia.com 4 redirects dsum-sec.casalemedia.com	5 KB
6	scorecardresearch.com 2 redirects sb.scorecardresearch.com	5 KB
6	googletagservices.com www.googletagservices.com	203 KB
5	ampproject.org cdn.ampproject.org	101 KB
5	bidswitch.net 5 redirects x.bidswitch.net	2 KB
4	amazon-adsystem.com c.amazon-adsystem.com	36 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	cheqzone.com ob.cheqzone.com obs.cheqzone.com	21 KB
3	twitter.com platform.twitter.com syndication.twitter.com	132 KB
3	branch.io cdn.branch.io api2.branch.io	25 KB
2	addthis.com 1 redirects x.dlx.addthis.com	1 KB
2	demdex.net 2 redirects dpm.demdex.net	2 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	9 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	weheartit.com weheartit.com	21 KB
1	criteo.com gum.criteo.com	1 KB
1	taboola.com trc.taboola.com	229 B
1	admixer.net 1 redirects inv-nets.admixer.net	560 B
1	mathtag.com 1 redirects sync.mathtag.com	630 B
1	criteo.net static.criteo.net	38 KB
1	google.de adservice.google.de	853 B
1	app.link app.link	564 B
1	quantcount.com rules.quantcount.com	344 B
1	indexww.com js-sec.indexww.com	42 KB
1	sharethrough.com native.sharethrough.com	94 KB
1	tinyurl.com 1 redirects tinyurl.com	761 B
245	36

	Domain	Requested by
50	tpc.googlesyndication.com	e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com tpc.googlesyndication.com weheartit.com cdn.ampproject.org securepubads.g.doubleclick.net
24	data.whicdn.com	weheartit.com
23	assets.whicdn.com	weheartit.com assets.whicdn.com
15	s0.2mdn.net	weheartit.com s0.2mdn.net e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com tpc.googlesyndication.com
13	pagead2.googlesyndication.com	weheartit.com e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com securepubads.g.doubleclick.net
11	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net weheartit.com
9	www.google.com	4 redirects e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com weheartit.com tpc.googlesyndication.com
8	googleads.g.doubleclick.net	e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com weheartit.com
8	i.liadm.com	4 redirects b-code.liadm.com i.liadm.com
6	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
6	sb.scorecardresearch.com	2 redirects assets.whicdn.com weheartit.com widgets.outbrain.com
6	www.googletagservices.com	weheartit.com securepubads.g.doubleclick.net e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
6	widgets.outbrain.com	weheartit.com widgets.outbrain.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	x.bidswitch.net	5 redirects
5	e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	images.outbrainimg.com	weheartit.com
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	c.amazon-adsystem.com	weheartit.com c.amazon-adsystem.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	log.outbrainimg.com	widgets.outbrain.com
3	match.adsrvr.org	2 redirects js-sec.indexww.com
3	t.skimresources.com	weheartit.com s.skimresources.com
2	x.dlx.addthis.com	1 redirects i.liadm.com
2	dpm.demdex.net	2 redirects
2	i6.liadm.com	i.liadm.com
2	googleads4.g.doubleclick.net	weheartit.com
2	i.skimresources.com	s.skimresources.com
2	obs.cheqzone.com	ob.cheqzone.com weheartit.com
2	api2.branch.io	cdn.branch.io
2	r.skimresources.com	1 redirects weheartit.com
2	p.skimresources.com	weheartit.com
2	platform.twitter.com	assets.whicdn.com platform.twitter.com
2	www.google-analytics.com	weheartit.com www.google-analytics.com
2	b-code.liadm.com	weheartit.com b-code.liadm.com
2	weheartit.com	assets.whicdn.com
1	ade.googlesyndication.com
1	gum.criteo.com	static.criteo.net
1	trc.taboola.com	i.liadm.com
1	inv-nets.admixer.net	1 redirects
1	sync.mathtag.com	1 redirects
1	mcdp-nydc1.outbrain.com	widgets.outbrain.com
1	odb.outbrain.com	widgets.outbrain.com
1	syndication.twitter.com	platform.twitter.com
1	idx.liadm.com	js-sec.indexww.com
1	static.criteo.net	js-sec.indexww.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	ob.cheqzone.com	widgets.outbrain.com
1	pixel.quantserve.com	weheartit.com
1	rp4.liadm.com	weheartit.com
1	rp.liadm.com	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	widget-pixels.outbrain.com	weheartit.com
1	tcheck.outbrainimg.com	widgets.outbrain.com
1	app.link	cdn.branch.io
1	rules.quantcount.com	secure.quantserve.com
1	s.skimresources.com	assets.whicdn.com
1	secure.quantserve.com	weheartit.com
1	cdn.branch.io	weheartit.com
1	js-sec.indexww.com	weheartit.com
1	native.sharethrough.com	weheartit.com
1	tinyurl.com	1 redirects
245	63

This site contains links to these domains. Also see Links.

Domain
play.watch21.net
www.outbrain.com
3u3oh.rdtk.io
08bb80.llsdzktnxwnnr.com
fastaegis.shop
galleries.parentsdome.com
policies.google.com

Subject Issuer	Validity	Valid
*.weheartit.com Sectigo RSA Domain Validation Secure Server CA	`2019-06-06` - `2021-09-03`	2 years	crt.sh
*.whicdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-06-06` - `2021-09-03`	2 years	crt.sh
*.sharethrough.com Amazon	`2020-09-09` - `2021-10-11`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
b-code.liadm.com DigiCert Secure Site ECC CA-1	`2020-06-23` - `2021-09-22`	a year	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-01`	a year	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2020-09-10` - `2021-10-12`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.outbrainimg.com DigiCert SHA2 Secure Server CA	`2021-05-04` - `2022-05-09`	a year	crt.sh
*.liadm.com Amazon	`2021-03-02` - `2022-03-31`	a year	crt.sh
*.cheqzone.com Amazon	`2021-02-21` - `2022-03-22`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
obs.cheqzone.com R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-26`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh

This page contains 24 frames:

Primary Page: https://weheartit.com/entry/356622090
Frame ID: 16BF43A61568F8AF35075D959C918185
Requests: 112 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Frame ID: 64D6F299759A17C0399213F41D80FD5C
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fweheartit.com
Frame ID: 89D5DAF8EF88AD40729634C3C6F3A7DA
Requests: 2 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.89342006671455
Frame ID: 8C638E5631A870918EC8796769F293D0
Requests: 1 HTTP requests in this frame

Frame: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 941EF116D2B0F739042CAD1201C7D960
Requests: 1 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-028f?s=&cim=&ps=true&ls=false&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: 08934E8E16B22B4BEEFB58FE50A6B3E6
Requests: 8 HTTP requests in this frame

Frame: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9D2B707E4C7E36BE4CF16AA9D44E1738
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMOpfBD9447YAhimm4muATAB&v=APEucNVIdmjBstPejepFGEYIXx3gUglMqde6YhIby3E7V93yFGgmk0JuwY-S6Ci-czhj8U3i3psNgY-K7G3hWtfkmFmfsaN_LLJoS6QIIH-Z45ryPJGNTRRL2tGRmmZOAWJcX77h_i9-7Gf_fiKSaIaRenQO9-fulH5zNe_wlRQE6tgknECf2Xk
Frame ID: 2FDF182948AA7D5F021B1921CD9B4D69
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
Frame ID: FE82415C49877A0C4FDD78C70AD7F9A9
Requests: 13 HTTP requests in this frame

Frame: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1C58F7BFFDBC14B00521FAEEE0E6F03C
Requests: 10 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Frame ID: 0EDAC0A1C7BAE046DEAB4B5081D4FE47
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AFB2DDAC496585360B79D5C9FF541D57
Requests: 3 HTTP requests in this frame

Frame: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5CD6F5BDC46705B5B9965A7C1F60673C
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html
Frame ID: 60F7DD3E2EE2412A46DA37F3F13042BD
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html
Frame ID: B62F37651756749AE41E3F9508ED471D
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 568BA89D888F4C57DBBEED76FA8E37C7
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012106212012000/amp4ads-v0.mjs
Frame ID: 7810F55E9A05041F70BF05B2448875E1
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 5E214149B156E97A5ABE407B24B2EFFF
Requests: 2 HTTP requests in this frame

Frame: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5F058D236AD3D64A66E97FDF49227B76
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html
Frame ID: B049B69D1AED28A1AC7C737FE6AA521F
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 8BF19A3BEEBE4111355AF2E53BBEF0D3
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=weheartit.com
Frame ID: F0E745520FBBF74944A03E11C2AE8D70
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 6D87CB9555682215E5E27B3074DED3C7
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0ADBDC4C040D2DA80651F98A97B53CB2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://tinyurl.com/28553a7s HTTP 301
https://weheartit.com/entry/356622090 Page URL

Detected technologies

Ruby (Programming Languages) Expand

Overall confidence: 50%
Detected patterns

meta csrf-param /^authenticity_token$/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 50%
Detected patterns

meta csrf-param /^authenticity_token$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Page Statistics

245
Requests

99 %
HTTPS

43 %
IPv6

36
Domains

63
Subdomains

53
IPs

7
Countries

2686 kB
Transfer

6160 kB
Size

7
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://play.watch21.net/movie/385128/-fast-furious-9.html?ref=weheartit
Title: Watch Now

Search URL Search Domain Scan URL

URL: https://play.watch21.net/movie/385128/-fast-furious-9.html

Search URL Search Domain Scan URL

URL: https://www.outbrain.com/what-is/default/en
Title: Recommended by

Search URL Search Domain Scan URL

URL: https://3u3oh.rdtk.io/60d1a31854b36c0001e64b33?sub1=Revolu%C4%8Dn%C3%AD+nastavovac%C3%AD+br%C3%BDle%2C+kter%C3%A9+v%C5%A1ichni+%C4%8Ce%C5%A1i+cht%C4%9Bj%C3%AD&sub2=00f1be9ca45782b63254b9fb1387488fe6&sub3=$publisher_name$&sub4=$publisher_id$&sub5=00519a749fa6dbc4a7d2d8c27a518ae552&sub6=$section_id$&ref_id=$ob_click_id$&cost=$CPC$&obOrigUrl=true
Title: Revoluční nastavovací brýle, které všichni Češi chtějí cz.glassesclearsight.com

Search URL Search Domain Scan URL

URL: https://08bb80.llsdzktnxwnnr.com/?subid1=$section_name$&adtitle=Cena+zubn%C3%ADch+implant%C3%A1t%C5%AF+v+roce+2021+v%C3%A1s+mo%C5%BEn%C3%A1+p%C5%99ekvap%C3%AD&subid3=$section_id$&site=$publisher_name$_$section_name$&network=outbrain&OutbrainClickId=$ob_click_id$&subid4=ar-cz-d-deim7cz-42380-b1905-ob-sm&kw1=Zubn%C3%AD+Klinika+{City}&kw2=Zubn%C3%AD+Implant%C3%A1ty+{City}&kw3=Zubn%C3%AD+Implant%C3%A1t+Cena&kw4=Celkov%C3%A1+Zubn%C3%AD+N%C3%A1hrada+Cena&backfill=0&obOrigUrl=true
Title: Cena zubních implantátů v roce 2021 vás možná překvapí Zubní implantáty | Hledat reklamy

Search URL Search Domain Scan URL

URL: https://fastaegis.shop/click.php?key=ec1leng9r7do3g1c6uei&ob_click_id=$ob_click_id$&publisher_name=$publisher_name$&ad_title=Diabetics%3A+Here%27s+How+to+Lower+Blood+Sugar+%28It%27s+Genius%21%29&section_id=$section_id$&publisher_id=$publisher_id$&campaign_id=0062f1f022a8c2030c1350e92a165975af&ad_id=0080e6c3a7aab0ae07759df67fdde67a77&time_stamp=$time_stamp$&section_name=$section_name$&obOrigUrl=true
Title: Diabetics: Here's How to Lower Blood Sugar (It's Genius!) Diabetes Freedom

Search URL Search Domain Scan URL

URL: https://galleries.parentsdome.com/movie-scene-quiz/2?utm_source=outbrain&utm_medium=$publisher_name$-$section_name$&utm_term=$publisher_name$&utm_content=00c0184b889c99057b3ced054b076d2ed3&utm_campaign=xpd-ob-ww2-d-moviesquiz-21.06.18-5561-p20_scbs_chrome-4428&utm_cpc=$cpc$&utm_template=ajax&obOrigUrl=true
Title: Quiz: Can You Name These Movies From A Single Photo? Parentsdome Galleries

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tinyurl.com/28553a7s HTTP 301
https://weheartit.com/entry/356622090 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49

https://rp.liadm.com/j?tna=v2.0.1&aid=a-028f&wpn=lc-bundle&pu=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&se=e30&dtstmp=1624974132081 HTTP 302
https://rp4.liadm.com/j?tna=v2.0.1&aid=a-028f&wpn=lc-bundle&pu=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&se=e30&dtstmp=1624974132081&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true

Request Chain 50

https://sb.scorecardresearch.com/b?c1=2&c2=30386324&ns__t=1624974132133&ns_c=UTF-8&cv=3.5&c8=Fast%20and%20Furious%209%20Movie%20Full%20Watch%20Online%20Free%20F9%20(2021)&c7=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=30386324&ns__t=1624974132133&ns_c=UTF-8&cv=3.5&c8=Fast%20and%20Furious%209%20Movie%20Full%20Watch%20Online%20Free%20F9%20(2021)&c7=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&c9=

Request Chain 55

https://r.skimresources.com/api/ HTTP 307
https://r.skimresources.com/api/?xguid=01F9C0311V2KB8H2YETH5RTXC1&persistence=1&checksum=75fc9a15b98af6410a3f3d5a6078113d136db7c6b0e24a519e7e13706966c3b6

Request Chain 115

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1&C=1

Request Chain 116

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YNsjNUHqCr9E3sW9-y3F3AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1&C=1

Request Chain 117

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOwqhkiP7UWgQ9d3Q-bozNQ&google_cver=1

Request Chain 118

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyMzYxMTg5MTYzMzUwOTYwNw%3D%3D

Request Chain 145

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-028f%2F0%2F4f25b6cd75d2498db24b1900631f48cc%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&c366163e-7a3c-4ce1-9de6-cfeedc071dd2 HTTP 302
https://i.liadm.com/s/e/a-028f/0/4f25b6cd75d2498db24b1900631f48cc?mpid=7156&muid=b98060db-2335-4100-ae13-b94bbbd5e883

Request Chain 146

https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveintent&ttd_tpi=1 HTTP 302
https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=7b3db960-2660-4447-9cf2-b4f62d63f81e HTTP 303
https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=7b3db960-2660-4447-9cf2-b4f62d63f81e&_li_chk=true&previous_uuid=3b162eec2c684e0b83039eff06a92313 HTTP 303
https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=7b3db960-2660-4447-9cf2-b4f62d63f81e

Request Chain 147

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-028f%2F0%2F4f25b6cd75d2498db24b1900631f48cc%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-028f%2F0%2F4f25b6cd75d2498db24b1900631f48cc%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://i.liadm.com/s/e/a-028f/0/4f25b6cd75d2498db24b1900631f48cc?mpid=82775&muid=19702210040059847712222283151091135034

Request Chain 148

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2 HTTP 302
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&rd=Y

Request Chain 149

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05 HTTP 303
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05&_li_chk=true&previous_uuid=3e65c86245b74fddbbfa318b63593965

Request Chain 150

https://x.bidswitch.net/sync?ssp=liveintent&user_id=c366163e-7a3c-4ce1-9de6-cfeedc071dd2 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=liveintent&user_id=c366163e-7a3c-4ce1-9de6-cfeedc071dd2 HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dliveintent%26bsw_param%3D1ee36996-5323-4e8d-bab5-cb48de622e05%26gdpr%3D%26consent%3D%26gdpr_pd%3D HTTP 302
https://x.bidswitch.net/sync?dsp_id=354&user_id=5020b8acda8c4480b001207e7b7524d7&ssp=liveintent&bsw_param=1ee36996-5323-4e8d-bab5-cb48de622e05&gdpr=&consent=&gdpr_pd= HTTP 302
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05 HTTP 303
https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05

Request Chain 178

https://sb.scorecardresearch.com/b?c1=7&c2=14320224&c3=39003&cs_ucfr=1&ns__t=1624974134259&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2FobUserSync.html%23pid%3D39003%26dmpenabled%3Dfalse%26filterDMP%3D%26csenabled%3Dtrue%26d%3D%26obcnsnt%3Dfalse%26gdpr%3D1%26cmpNeeded%3Dfalse%26gdprVer%3Dnull%26ccpa%3D1---%26country%3DCZ&c9=https%3A%2F%2Fweheartit.com%2F HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=14320224&c3=39003&cs_ucfr=1&ns__t=1624974134259&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2FobUserSync.html%23pid%3D39003%26dmpenabled%3Dfalse%26filterDMP%3D%26csenabled%3Dtrue%26d%3D%26obcnsnt%3Dfalse%26gdpr%3D1%26cmpNeeded%3Dfalse%26gdprVer%3Dnull%26ccpa%3D1---%26country%3DCZ&c9=https%3A%2F%2Fweheartit.com%2F

Request Chain 202

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 203

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 211

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 234

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

245 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request 356622090 Show response
weheartit.com/entry/
Redirect Chain

https://tinyurl.com/28553a7s
https://weheartit.com/entry/356622090

51 KB
16 KB

707ms
424ms

Document
text/html

198.101.167.73
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://weheartit.com/entry/356622090

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.101.167.73 , United States, ASN19994 (RACKSPACE, US),

Reverse DNS

Software

nginx / Our wonderful users

Resource Hash

9d4df683a2aacf70c255ac503c0f6907ec9e74c2b310945ced111785f0eb4acb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: weheartit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Tue, 29 Jun 2021 13:42:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Accept-Language,User-Agent,X-WeHeartIt-Client
x-set-locale: en
x-robots-tag: noindex, noimageindex
x-user-auth: no
x-origin-server: weheartit-web-3.cas115
x-powered-by: Our wonderful users
etag: W/"31560418d6cdb3411fa45a4ed732e974"
cache-control: max-age=0, private, must-revalidate
set-cookie: locale=en; domain=.weheartit.com; path=/; expires=Sat, 29 Jun 2041 13:42:10 -0000 __whiAnonymousID=da7fdf691c494593baa72f530a35b65e; path=/; expires=Sat, 29 Jun 2041 13:42:10 -0000 auth=no; domain=.weheartit.com; path=/; expires=Wed, 29 Jun 2022 13:42:10 -0000 _whisession=ec8471386f7d3b7ba53df41973a6b0b4; path=/; expires=Wed, 30 Jun 2021 13:42:10 -0000; HttpOnly
x-request-id: 61406603-b40a-4ac4-82e9-1bd157a504b2
x-runtime: 0.159834
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security: max-age=0; preload
Content-Encoding: gzip

Redirect headers

date: Tue, 29 Jun 2021 13:42:10 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.26
location: https://weheartit.com/entry/356622090
cache-control: max-age=0, public, s-max-age=900, stale-if-error: 86400
referrer-policy: unsafe-url
set-cookie: TCSR-a52db35fa3af9c0376b0cc022612589d=eyJpdiI6IkcwYkNkbWhYT1Brckpvbm56YmZPUnc9PSIsInZhbHVlIjoibTZZRWk3M0VMSDBrdFVmSDdmcjErYlIxbU9Rb0hkdE1cL1ZBV1ZcL085XC9KaHFyQXQwK2FJc0YxVlFTRVlyTDcwTiIsIm1hYyI6IjNiZTY3NjQzZGZkMmZjM2U5YTQ4Nzg4YWVlMmY0YTdkZmM5NzBjYzVjMGE3ODllZWE5MjA3NTk2NTc0MzM0YzkifQ%3D%3D; expires=Tue, 29-Jun-2021 13:47:10 GMT; Max-Age=300; path=/; domain=.tinyurl.com; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
cf-request-id: 0af99a920c00004ea90b397000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 666f93967db74ea9-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H/1.1 200
OK application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
assets.whicdn.com/assets/ 141 KB
31 KB 196ms
56ms Stylesheet
text/css 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 86d71e83c3a8b591cb664faf3c82483fa88bcc7f3117d9e1a452566571d54a6b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Content-Encoding: gzip
Last-Modified: Mon, 17 May 2021 15:43:03 GMT
ETag: "1621266183"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974131.dop228.lo4.t,1624974131.cds270.lo4.c
Content-Type: text/css
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 31742

GET
H/1.1 200
OK application-header-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js Show response
assets.whicdn.com/assets/ 0
396 B 195ms
55ms Script
application/javascript 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.whicdn.com/assets/application-header-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 26 Feb 2021 18:46:59 GMT
ETag: "1614365219"
X-HW: 1624974131.dop059.lo4.t,1624974131.cds036.lo4.shn,1624974131.cds036.lo4.c
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 20

GET
H2 200 sfp.js Show response
native.sharethrough.com/assets/ 330 KB
94 KB 496ms
385ms Script
application/javascript 65.9.77.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://native.sharethrough.com/assets/sfp.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0f6bdbd8bb778e5bf228759f6031de05dbc2dff354e13f68e25317dd29ea62c2

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 21:36:23 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-C1
etag: W/"9c369e4719939ffd6aa47e5e9461de8b"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 8da78542dac6b4328eb443200c30bbff.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-id: 9gxniSU17y-5aVlEFjJQsviEVihCEuiWG2Cok8ftCbw9vf52XyC8kg==
expires: Fri, 18 Jun 2021 22:36:21 GMT

GET
H/1.1 200
OK 190492-96139365094532.js Show response
js-sec.indexww.com/ht/p/ 160 KB
42 KB 939ms
863ms Script
text/javascript 104.108.145.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/190492-96139365094532.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7cc6503b1719b1882fd844528cd62a61a619b5ed32baed6c7837f80398a3816e

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Content-Encoding: gzip
Last-Modified: Tue, 29 Jun 2021 13:41:13 GMT
Server: Apache
ETag: "764f13-27fe6-5c5e7c26dc213"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=3552
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
Content-Type: text/javascript
Expires: Tue, 29 Jun 2021 14:41:24 GMT

GET
H/1.1 200
OK weheartit-42e2538b2440ef84f47b25402883bb255ef589c10193a8b323892a0f718749ab.png
assets.whicdn.com/assets/ 11 KB
11 KB 49ms
44ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/weheartit-42e2538b2440ef84f47b25402883bb255ef589c10193a8b323892a0f718749ab.png
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 42e2538b2440ef84f47b25402883bb255ef589c10193a8b323892a0f718749ab

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Wed, 28 Aug 2019 17:40:20 GMT
ETag: "1567014020"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974131.dop228.lo4.t,1624974131.cds001.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 11218

GET
H/1.1 200
OK weheartit_logo_square-3f849727a15abb21f66c5740d7f5106dad42f07e512a1d98be5699ad5361da10.png
assets.whicdn.com/assets/ 9 KB
10 KB 49ms
46ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/weheartit_logo_square-3f849727a15abb21f66c5740d7f5106dad42f07e512a1d98be5699ad5361da10.png
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 3f849727a15abb21f66c5740d7f5106dad42f07e512a1d98be5699ad5361da10

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 11 Jul 2019 15:23:58 GMT
ETag: "1562858638"
X-HW: 1624974131.dop059.lo4.t,1624974131.cds036.lo4.shn,1624974131.dop059.lo4.t,1624974131.cds037.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 9677

GET
H/1.1 200
OK profile.jpg
data.whicdn.com/avatars/67800751/ 3 KB
4 KB 266ms
46ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/avatars/67800751/profile.jpg?t=1624970112
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 888015a2beb7daa478c85fa17f538f65bd380b73fb087ddee6fccb32d2a26788

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Tue, 29 Jun 2021 12:35:15 GMT
ETag: "1624970115"
X-HW: 1624974131.dop007.lo4.t,1624974131.cds041.lo4.shn,1624974131.dop007.lo4.t,1624974131.cds273.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3318

GET
H/1.1 200
OK original.jpg
data.whicdn.com/images/356622090/ 43 KB
43 KB 355ms
132ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/356622090/original.jpg
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: c25c2adc848c9e244170ce705c1f01ee14fac92935e3acb17c972db1f18df8d0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Tue, 29 Jun 2021 13:00:33 GMT
ETag: "1624971633"
X-HW: 1624974131.dop059.lo4.shc,1624974131.dop059.lo4.t,1624974131.cds019.lo4.s,1624974131.dop218.am5.r,1624974131.cds264.am5.c,1624974131.cds019.lo4.p
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 44017

GET
H/1.1 200
OK ajax-loader-big-f8c1bb3db38dcd17540aea9cbd79422192958ecc1b5c18873941b63f99678924.gif
assets.whicdn.com/assets/ 2 KB
2 KB 74ms
44ms Image
image/gif 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/ajax-loader-big-f8c1bb3db38dcd17540aea9cbd79422192958ecc1b5c18873941b63f99678924.gif
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: f8c1bb3db38dcd17540aea9cbd79422192958ecc1b5c18873941b63f99678924

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 11 Jul 2019 15:23:58 GMT
ETag: "1562858638"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974131.dop228.lo4.t,1624974131.cds224.lo4.c
Content-Type: image/gif
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1785

GET
H/1.1 200
OK pink_heart-c5ef333f3ec0e55b8499d882c73c7ae2b99b0e24514310908c316faa50f0c842.png
assets.whicdn.com/assets/ 15 KB
15 KB 97ms
44ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/pink_heart-c5ef333f3ec0e55b8499d882c73c7ae2b99b0e24514310908c316faa50f0c842.png
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: c5ef333f3ec0e55b8499d882c73c7ae2b99b0e24514310908c316faa50f0c842

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Mon, 13 Aug 2018 23:45:34 GMT
ETag: "1534203934"
X-HW: 1624974131.dop059.lo4.t,1624974131.cds036.lo4.shn,1624974131.dop059.lo4.t,1624974131.cds037.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 15221

GET
H/1.1 200
OK ajax-heart-gray-65c2a9c251ef70bad698c2330bd8d28c70284684ab1f034f336478fdee0e1f7d.gif
assets.whicdn.com/assets/ 551 B
900 B 119ms
44ms Image
image/gif 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/ajax-heart-gray-65c2a9c251ef70bad698c2330bd8d28c70284684ab1f034f336478fdee0e1f7d.gif
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 65c2a9c251ef70bad698c2330bd8d28c70284684ab1f034f336478fdee0e1f7d

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Mon, 13 Aug 2018 23:45:34 GMT
ETag: "1534203934"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974131.dop228.lo4.t,1624974131.cds071.lo4.c
Content-Type: image/gif
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 551

GET
H/1.1 200
OK ajax-heart-white-fda8a547384de31097feeb795bb1ee9bc135ad7bb4725f3d858fefc6c83e3586.gif
assets.whicdn.com/assets/ 542 B
867 B 130ms
44ms Image
image/gif 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/ajax-heart-white-fda8a547384de31097feeb795bb1ee9bc135ad7bb4725f3d858fefc6c83e3586.gif
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: fda8a547384de31097feeb795bb1ee9bc135ad7bb4725f3d858fefc6c83e3586

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 11 Jul 2019 15:23:58 GMT
ETag: "1562858638"
X-HW: 1624974131.dop007.lo4.shc,1624974131.dop007.lo4.t,1624974131.cds259.lo4.c
Content-Type: image/gif
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 542

GET
H2 200 a-028f.min.js Show response
b-code.liadm.com/ 25 KB
10 KB 47ms
11ms Script
application/javascript 2a02:26f0:10c::5f64:c122
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-028f.min.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c::5f64:c122 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8d76c613e3a1553f236b9de88e5007d27c4049c385846a071513718371baaf64

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:11 GMT
content-encoding: gzip
last-modified: Fri, 12 Feb 2021 14:37:23 GMT
etag: "7646ae1c106f8706d9e1d4fd78c5f0c2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=1061
accept-ranges: bytes
content-length: 9833

GET
H/1.1 200
OK application-50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc.js Show response
assets.whicdn.com/assets/ 502 KB
148 KB 46ms
46ms Script
application/javascript 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.whicdn.com/assets/application-50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 May 2021 17:42:51 GMT
ETag: "1620927771"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974131.dop228.lo4.t,1624974131.cds250.lo4.c
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 150703

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ 175 KB
58 KB 134ms
38ms Script
application/x-javascript 104.108.145.107
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.107 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-107.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: bd04b954f60aa82c29b90219a9700d424c007dfc6ca94acd18d3178a3fc205ff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:11 GMT
content-encoding: gzip
last-modified: Sun, 20 Jun 2021 13:23:49 GMT
etag: W/"2ba75-3zb+lM9pwb1vTgpDr3KZwyioMC4"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
x-traceid: d3cfc2f049de427facb2d88621f31416
timing-allow-origin: *, *
content-length: 59205
expires: Tue, 29 Jun 2021 17:42:11 GMT

GET
H/1.1 200
OK en-6d11721d1f5d0a915e78dead84011204adb566343a1af3eaa9ae2b5bf7b9f08e.js Show response
assets.whicdn.com/assets/i18n/ 1 KB
1 KB 45ms
44ms Script
application/javascript 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.whicdn.com/assets/i18n/en-6d11721d1f5d0a915e78dead84011204adb566343a1af3eaa9ae2b5bf7b9f08e.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 6d11721d1f5d0a915e78dead84011204adb566343a1af3eaa9ae2b5bf7b9f08e

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Content-Encoding: gzip
Last-Modified: Mon, 01 Jun 2020 16:03:49 GMT
ETag: "1591027429"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974131.dop228.lo4.t,1624974131.cds211.lo4.c
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 661

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 147ms
52ms Script
text/javascript 65.9.77.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00ea178cbba5d3f907ab88426a2380ee06fc6267ea1e7e9815e4063fcdd8d8ac

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: qarmcwXsLN.jA_Lr9PtDBnGJTnfPptaQ
content-encoding: gzip
last-modified: Mon, 24 May 2021 20:22:06 GMT
server: AmazonS3
age: 112
etag: "611960e84a5f2287a232699af98b27d9"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 bf5caee39117de5337c47c748b716e80.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Tue, 29 Jun 2021 13:40:19 GMT
x-amz-cf-pop: AMS1-C1
content-length: 23842
x-amz-cf-id: NhaMSma-fA68-dpAnu0quHTj64Bk3Ay3JWzoQc3jg0NofPyFxFR8Yg==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 123
date: Tue, 29 Jun 2021 13:40:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Tue, 29 Jun 2021 15:40:08 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 123 KB
33 KB 154ms
56ms Script
application/javascript 65.9.86.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.86.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 10:14:08 GMT
content-encoding: gzip
server: Server
age: 12482
etag: c457e964d47ff007ca9e04843536c474
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3108b3c3c306768051fa0658c0445308.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: SOzAdyP7.FQsxAjkeGom0RVGr_hQgEwt
x-amz-cf-id: YfZRTdrB3lwDLL7u5UNG8uXXJjgNB0KhBL8bNDObRS_IEsYZmcQY4A==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 68 KB
24 KB 44ms
21ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb0a9240bb10062ef0b117855c79b7ec2439022aaed25fe944f22e60a42b5e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "915 / 3 of 1000 / last-modified: 1624965047"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24247
x-xss-protection: 0
expires: Tue, 29 Jun 2021 13:42:11 GMT

GET
H/1.1 200
OK home_graydark-123679f5cace54226212387b9f27b90a02a8d8a3ccb48306fa19ff5dd4159067.png
assets.whicdn.com/assets/whi-light/icons/ 3 KB
3 KB 57ms
46ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/icons/home_graydark-123679f5cace54226212387b9f27b90a02a8d8a3ccb48306fa19ff5dd4159067.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 123679f5cace54226212387b9f27b90a02a8d8a3ccb48306fa19ff5dd4159067

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 11 Jul 2019 15:23:58 GMT
ETag: "1562858638"
X-HW: 1624974131.dop059.lo4.t,1624974131.cds036.lo4.shn,1624974131.dop059.lo4.t,1624974131.cds255.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2774

GET
H/1.1 200
OK discover_graydark-adcb6c3e76ae8544bcc79926259ceb8a6b85e6e7377eb51f07ef217d3ee836a8.png
assets.whicdn.com/assets/whi-light/icons/ 861 B
1 KB 51ms
46ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/icons/discover_graydark-adcb6c3e76ae8544bcc79926259ceb8a6b85e6e7377eb51f07ef217d3ee836a8.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: adcb6c3e76ae8544bcc79926259ceb8a6b85e6e7377eb51f07ef217d3ee836a8

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Mon, 13 Aug 2018 23:45:34 GMT
ETag: "1534203934"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974131.dop228.lo4.t,1624974131.cds037.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 861

GET
H/1.1 200
OK article_graydark-0cc8fd999b0626074498b32693e330d389259151895be68c62a0f58fb6ab7c93.png
assets.whicdn.com/assets/whi-light/icons/ 2 KB
2 KB 47ms
44ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/icons/article_graydark-0cc8fd999b0626074498b32693e330d389259151895be68c62a0f58fb6ab7c93.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 0cc8fd999b0626074498b32693e330d389259151895be68c62a0f58fb6ab7c93

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 11 Jul 2019 15:23:58 GMT
ETag: "1562858638"
X-HW: 1624974131.dop228.lo4.shc,1624974131.dop228.lo4.t,1624974131.cds009.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2079

GET
H/1.1 200
OK channels_graydark-1953b20bccb80d8f24114d7952ec27b5b1bb88d49ebd56cac0decec272667a1d.png
assets.whicdn.com/assets/whi-light/icons/ 830 B
1 KB 46ms
44ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/icons/channels_graydark-1953b20bccb80d8f24114d7952ec27b5b1bb88d49ebd56cac0decec272667a1d.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 1953b20bccb80d8f24114d7952ec27b5b1bb88d49ebd56cac0decec272667a1d

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 11 Jul 2019 15:23:58 GMT
ETag: "1562858638"
X-HW: 1624974131.dop213.lo4.shc,1624974131.dop213.lo4.t,1624974131.cds250.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 830

GET
H/1.1 200
OK podcasts_graydark-94e6cae951765f4c1d852e6e43fb6300e671ae0b53f6e47d515e0b879322a653.png
assets.whicdn.com/assets/whi-light/icons/ 2 KB
3 KB 90ms
51ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/icons/podcasts_graydark-94e6cae951765f4c1d852e6e43fb6300e671ae0b53f6e47d515e0b879322a653.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 94e6cae951765f4c1d852e6e43fb6300e671ae0b53f6e47d515e0b879322a653

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 22 Oct 2020 16:44:06 GMT
ETag: "1603385046"
X-HW: 1624974131.dop059.lo4.t,1624974131.cds036.lo4.shn,1624974131.dop059.lo4.t,1624974131.cds254.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2265

GET
H/1.1 200
OK search_graydark-ec9fd3c71de1694d2d7c6c49ecdc107509ed19c9bfde330a8b85cc1b1a1d2257.png
assets.whicdn.com/assets/whi-light/icons/ 2 KB
3 KB 47ms
44ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/icons/search_graydark-ec9fd3c71de1694d2d7c6c49ecdc107509ed19c9bfde330a8b85cc1b1a1d2257.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: ec9fd3c71de1694d2d7c6c49ecdc107509ed19c9bfde330a8b85cc1b1a1d2257

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 11 Jul 2019 15:23:58 GMT
ETag: "1562858638"
X-HW: 1624974131.dop059.lo4.shc,1624974131.dop059.lo4.t,1624974131.cds234.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2268

GET
H/1.1 200
OK heart_pink-b69831d4334613b300f1d0a75e692ff23126f3ac599b913d37c836aa1a098dc2.png
assets.whicdn.com/assets/whi-light/icons/ 3 KB
4 KB 49ms
44ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/icons/heart_pink-b69831d4334613b300f1d0a75e692ff23126f3ac599b913d37c836aa1a098dc2.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: b69831d4334613b300f1d0a75e692ff23126f3ac599b913d37c836aa1a098dc2

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 11 Jul 2019 15:23:58 GMT
ETag: "1562858638"
X-HW: 1624974131.dop007.lo4.shc,1624974131.dop007.lo4.t,1624974131.cds223.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3279

GET
H/1.1 200
OK share_graydark-e3144818b63c23e91711a5c7771eb063840287a80275685e2fe1792faf0a4a55.png
assets.whicdn.com/assets/whi-light/icons/ 1 KB
2 KB 92ms
44ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/icons/share_graydark-e3144818b63c23e91711a5c7771eb063840287a80275685e2fe1792faf0a4a55.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: e3144818b63c23e91711a5c7771eb063840287a80275685e2fe1792faf0a4a55

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Thu, 11 Jul 2019 15:23:58 GMT
ETag: "1562858638"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974131.dop228.lo4.t,1624974131.cds277.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1531

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/356622320/ 8 KB
8 KB 71ms
53ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/356622320/superthumb.jpg?t=1624972598
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 8b2da400805d73af03805eac1a06ad22c1bfc3508bacfb804c38a0d00b16cafc

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Tue, 29 Jun 2021 13:16:40 GMT
ETag: "1624972600"
X-HW: 1624974131.dop007.lo4.t,1624974131.cds041.lo4.shn,1624974131.dop007.lo4.t,1624974131.cds012.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7936

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/356622161/ 3 KB
4 KB 71ms
53ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/356622161/superthumb.jpg?t=1624971901
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 737ae22a8fde00e6d0afcd0413380d29f6eddc236f71699ec0dc69021cdd82a1

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Tue, 29 Jun 2021 13:05:03 GMT
ETag: "1624971903"
X-HW: 1624974131.dop041.lo4.t,1624974131.cds043.lo4.shn,1624974131.dop041.lo4.t,1624974131.cds077.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3504

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/356622090/ 7 KB
7 KB 137ms
45ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/356622090/superthumb.jpg?t=1624971631
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 8e2a713ef4c34a7b7716eb47b01fba70f54048fd586c0b5008246874fe42372b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Tue, 29 Jun 2021 13:00:33 GMT
ETag: "1624971633"
X-HW: 1624974131.dop041.lo4.t,1624974131.cds043.lo4.shn,1624974131.dop041.lo4.t,1624974131.cds031.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7162

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 51ms
6ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:11 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Tue, 06 Jul 2021 13:42:11 GMT

GET
H2 200 28678X866187.skimlinks.js Show response
s.skimresources.com/js/ 62 KB
23 KB 168ms
46ms Script
application/octet-stream 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/28678X866187.skimlinks.js?_=1624974131778
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90f16fbd6edac219e07c508f90c166af3ea6da5303629300d971c3498419024a

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:11 GMT
content-encoding: gzip
last-modified: Wed, 17 Mar 2021 11:58:11 GMT
server: AmazonS3
x-amz-request-id: 726XE0EXWBKN5XBQ
etag: "672e62e483f643ad1248420f2833789e"
x-hw: 1624974131.cds085.lo4.hn,1624974131.cds211.lo4.c
content-type: application/octet-stream
cache-control: max-age=3600
accept-ranges: bytes
content-length: 23440
x-amz-id-2: OhfF3qYFFlYZ2LznCs3c3wOO2TfuK/Ka46cKcF3di27RbXoqkLLkLfX0njQgugBczCXjuOIfzW0=

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
2 KB 159ms
44ms Script
application/javascript 65.9.77.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:32:07 GMT
via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
etag: "1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 605
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 1469
x-amz-cf-id: OJRyKYVfd1WyVCiY7N15DDGW1TvDQUTXU17r3TLpaNK7LwB-Xllw9w==

GET
H/1.1 200
OK similar Show response
weheartit.com/entry/356622090/ 40 KB
5 KB 461ms
459ms XHR
text/html 198.101.167.73
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://weheartit.com/entry/356622090/similar

Requested by

Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.101.167.73 , United States, ASN19994 (RACKSPACE, US),

Reverse DNS

Software

nginx / Our wonderful users

Resource Hash

092fbd69cb1d62ff96de9b9708c7d5e63c178fb6dd264eee933415dd88123243

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
X-CSRF-Token: kTu8bej43nA9vuekepG8WoMXZ1ek5Yha0TNTXrtZkhGT+pJ92TUVXA3Z5fU8FULd7kBkOwHjWZ+Sm0Rh3Cjyyw==
Host: weheartit.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: showed_entry_ftue=1
Connection: keep-alive
Referer: https://weheartit.com/entry/356622090
Accept: */*
Referer: https://weheartit.com/entry/356622090
X-CSRF-Token: kTu8bej43nA9vuekepG8WoMXZ1ek5Yha0TNTXrtZkhGT+pJ92TUVXA3Z5fU8FULd7kBkOwHjWZ+Sm0Rh3Cjyyw==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

x-page-path: home_fragments/similar_entries
Date: Tue, 29 Jun 2021 13:42:12 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
x-powered-by: Our wonderful users
Transfer-Encoding: chunked
set-cookie: locale=en; domain=.weheartit.com; path=/; expires=Sat, 29 Jun 2041 13:42:11 -0000 __whiAnonymousID=3e50e6aa37dc4e398e5cb59cc9c4c398; path=/; expires=Sat, 29 Jun 2041 13:42:11 -0000 auth=no; domain=.weheartit.com; path=/; expires=Wed, 29 Jun 2022 13:42:12 -0000
x-set-locale: en
Connection: keep-alive
vary: Accept-Language,User-Agent,X-WeHeartIt-Client
x-xss-protection: 1; mode=block
x-origin-server: weheartit-web-4.cas115
x-runtime: 0.304833
Referrer-Policy: origin-when-cross-origin
Server: nginx
x-frame-options: SAMEORIGIN
etag: W/"9b3cee8933087280158a760fe2f59b22"
Strict-Transport-Security: max-age=0; preload
Content-Type: text/html; charset=utf-8
access-control-allow-origin: http://weheartit.com
cache-control: max-age=0, private, must-revalidate
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
x-user-auth: no
x-request-id: 98e19f48-0d21-4c9b-863a-85d7cd7ed4d0

GET
H/1.1 200
OK pink_snake_loader-9e7a4ef0068a73f7d2ff7dfc834c46201d5f17f122f0e99fefbed642ce68e170.gif
assets.whicdn.com/assets/ 2 KB
2 KB 48ms
44ms Image
image/gif 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/pink_snake_loader-9e7a4ef0068a73f7d2ff7dfc834c46201d5f17f122f0e99fefbed642ce68e170.gif
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 9e7a4ef0068a73f7d2ff7dfc834c46201d5f17f122f0e99fefbed642ce68e170

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Last-Modified: Mon, 13 Aug 2018 23:45:34 GMT
ETag: "1534203934"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974131.dop228.lo4.t,1624974131.cds053.lo4.c
Content-Type: image/gif
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1638

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 39ms
9ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D5) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:11 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/67D5)
Age: 595
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H2 200 sync-container.js Show response
b-code.liadm.com/ 6 KB
3 KB 10ms
10ms Script
application/javascript 2a02:26f0:10c::5f64:c122
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/sync-container.js
Requested by: Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-028f.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c::5f64:c122 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:11 GMT
content-encoding: gzip
last-modified: Tue, 17 Mar 2020 09:48:23 GMT
etag: "ae5e94de938b0387eda6df8f20da811a"
vary: Accept-Encoding
x-amz-meta-version: 0.2.0
content-type: application/javascript
cache-control: max-age=2326
accept-ranges: bytes
content-length: 2374

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 14ms
13ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1534034849&t=pageview&_s=1&dl=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&dp=%2Fentry%2F356622090&ul=en-us&de=UTF-8&dt=entry&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAAEABAAAAAC~&jid=1578401414&gjid=1008518514&cid=1295881990.1624974132&tid=UA-20250234-16&sf=50&_gid=1183058521.1624974132&_r=1&_slc=1&z=780795847

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://weheartit.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2021062408.js Show response
securepubads.g.doubleclick.net/gpt/ 332 KB
116 KB 113ms
40ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

f852dfebba4af97add777a1d789b4739164d6cc93aa34db2c463141a5c3f4d09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 17:13:33 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118414
x-xss-protection: 0
expires: Tue, 29 Jun 2021 13:42:12 GMT

GET
H2 200 rules-p-fBh533QDgpSsR.js Show response
rules.quantcount.com/ 2 B
344 B 48ms
14ms Script
application/javascript 2600:9000:2104:f000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-fBh533QDgpSsR.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:f000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:37:30 GMT
via: 1.1 4d43f2ff38c53dabf47263f1495ad9c0.cloudfront.net (CloudFront)
server: AmazonS3
age: 281
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: AMS1-C1
content-length: 2
x-amz-cf-id: 3I2GppiYO-DzH7IxnAJI-ZCWbDhRpEfZp9rMTuvpCC_-iSESGQdawA==

GET
H2 200 _r Show response
app.link/ 90 B
564 B 187ms
161ms Script
text/javascript 2600:9000:2156:c800:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.58.2&branch_key=key_live_kjdTbXKTeqo2bSs985fLRcfgAwgm81ze&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:c800:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

cee6b8094496f83dda74161a0c028a28b67ada39e09048a761b43145d8746fe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 90
etag: W/"5a-g4uiRI+/JfqBlMEjfleHxehE1y4"
x-amz-cf-id: dbLmvvI9a4PZ2pHYhGLxLnirPPVEw19UhaugSXEW0qc2Ky8W4yLCzQ==

GET
H2 200 put.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame 64D6 416 B
798 B 41ms
41ms Document
text/html 104.108.145.107
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.107 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-107.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /nanoWidget/externals/cookie/put.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

accept-ranges: bytes
content-type: text/html
etag: "c0311cf15c21ddda054005e92fad3f9e:1624202906.691501"
last-modified: Sun, 20 Jun 2021 13:23:02 GMT
server: AkamaiNetStorage
content-length: 416
cache-control: max-age=345600
date: Tue, 29 Jun 2021 13:42:12 GMT
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1624974132~rv=39~id=87d7d412318a633a96ab8c661aa623d8; path=/; Expires=Tue, 29 Jun 2021 13:42:12 GMT; Secure; SameSite=None

GET
H/1.1 200
OK d2VoZWFydGl0LmNvbQ== Show response
tcheck.outbrainimg.com/tcheck/check/ 15 B
461 B 151ms
40ms XHR
application/json 104.108.145.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/d2VoZWFydGl0LmNvbQ==
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.145.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
ETag: W/"f-ayLlCL3PuzXSThdu78iReSEjl6Y"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=9551
Access-Control-Allow-Credentials: false
Connection: keep-alive
X-TraceId: ea99c0d80c01bcb8af0467b49d0670d6
Content-Length: 15
Expires: Tue, 29 Jun 2021 16:21:23 GMT

GET
H2 200 px.gif
widget-pixels.outbrain.com/widget/detect/ 43 B
451 B 48ms
46ms Image
image/gif 104.108.145.107
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1&rn=10.678490003953371
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.107 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-107.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 43
expires: Thu, 29 Jul 2021 13:42:12 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
301 B 142ms
141ms XHR
text/plain 65.9.86.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3431&u=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.86.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 3108b3c3c306768051fa0658c0445308.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
access-control-allow-origin: https://weheartit.com
cache-control: max-age=86087, s-maxage=86400
access-control-allow-credentials: true
x-amz-cf-id: GkD_GpzvIaq9kBhlcm1H9HTSWHqdjw9XT26KbMNxq8mgVtR9aZSCXA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 143ms
46ms XHR
application/javascript 65.9.86.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.86.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 52423
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
date: Mon, 28 Jun 2021 23:09:02 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 5e828cc6ff056cb59ec35c3467ec45f5.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: 1FePctEO70gNIpXmmfS1aP-dklln13Lpex1--IijH7gBlniPHGXLxw==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
83 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c0a::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-20250234-16&cid=1295881990.1624974132&jid=1578401414&gjid=1008518514&_gid=1183058521.1624974132&_u=YGBAAEAAAAAAAC~&z=1882978852

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 29 Jun 2021 13:42:12 GMT
content-type: text/plain
access-control-allow-origin: https://weheartit.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 89D5 319 KB
103 KB 13ms
9ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fweheartit.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://weheartit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 404918
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 29 Jun 2021 13:42:12 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/674C)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?tna=v2.0.1&aid=a-028f&wpn=lc-bundle&pu=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&se=e30&dtstmp=1624974132081
https://rp4.liadm.com/j?tna=v2.0.1&aid=a-028f&wpn=lc-bundle&pu=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&se=e30&dtstmp=1624974132081&i6=MmEwMTo0Z...

13 B
569 B

424ms
124ms

XHR
application/json

3.213.73.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?tna=v2.0.1&aid=a-028f&wpn=lc-bundle&pu=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&se=e30&dtstmp=1624974132081&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.213.73.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
x-pixel-event-id: 271a5198-dead-4154-85f5-bac71711e208
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
request-time: 1
vary: Origin
content-length: 13
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-origin: null
access-control-allow-credentials: true
trace-id: 3f72f1b4e18df60a

Redirect headers

date: Tue, 29 Jun 2021 13:42:12 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
vary: Origin
location: https://rp4.liadm.com/j?tna=v2.0.1&aid=a-028f&wpn=lc-bundle&pu=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&se=e30&dtstmp=1624974132081&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true
x-frame-options: DENY
access-control-allow-origin: https://weheartit.com
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 9429e4ce9cf3bf65
request-time: 0
content-length: 0
x-content-type-options: nosniff

GET
H2

200

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=30386324&ns__t=1624974132133&ns_c=UTF-8&cv=3.5&c8=Fast%20and%20Furious%209%20Movie%20Full%20Watch%20Online%20Free%20F9%20(2021)&c7=https%3A%2F%2Fweheartit...
https://sb.scorecardresearch.com/b2?c1=2&c2=30386324&ns__t=1624974132133&ns_c=UTF-8&cv=3.5&c8=Fast%20and%20Furious%209%20Movie%20Full%20Watch%20Online%20Free%20F9%20(2021)&c7=https%3A%2F%2Fwehearti...

64 B
329 B

52ms
51ms

Image
image/gif

65.9.77.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=30386324&ns__t=1624974132133&ns_c=UTF-8&cv=3.5&c8=Fast%20and%20Furious%209%20Movie%20Full%20Watch%20Online%20Free%20F9%20(2021)&c7=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&c9=
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: FSq5o-FIDxnL3ucpKJJAlzUlWsyOOAkWcP0j8nZG003WAOLMxM44cQ==

Redirect headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=30386324&ns__t=1624974132133&ns_c=UTF-8&cv=3.5&c8=Fast%20and%20Furious%209%20Movie%20Full%20Watch%20Online%20Free%20F9%20(2021)&c7=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&c9=
content-length: 248
x-amz-cf-id: BnRj3tKzWbA8BYdhQUbIFwLBTZnwmPNrlYeWAqCCgXw2mbPR1dAFLQ==

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame 8C63 0
102 B 132ms
48ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.89342006671455
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 google
server: Python/3.7 aiohttp/3.5.4
alt-svc: clear
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
244 B 125ms
41ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=4.576838108614501
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 131ms
48ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=4.576838108614501
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

GET
H2 200 pixel;r=1561474102;rf=0;a=p-fBh533QDgpSsR;url=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090;uht=2;fpan=1;fpa=P0-1747128972-1624974132172;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=...
pixel.quantserve.com/ 35 B
371 B 15ms
11ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1561474102;rf=0;a=p-fBh533QDgpSsR;url=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090;uht=2;fpan=1;fpa=P0-1747128972-1624974132172;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=weheartit.com;je=0;sr=1600x1200x24;dst=1;et=1624974132172;tzo=-120;ogl=site_name.We%20Heart%20It%2Ctype.weheartitapp%3Aphoto%2Curl.https%3A%2F%2Fweheartit%252Ecom%2Fentry%2F356622090%2Ctitle.Fast%20and%20Furious%209%20Movie%20Full%20Watch%20Online%20Free%20F9%20(2021)%20%20%2Cdescription.Image%20shared%20by%20tomkasep33%252E%20Find%20images%20and%20videos%20about%20movies%20on%20We%20Heart%20It%20-%2Cimage.https%3A%2F%2Fdata%252Ewhicdn%252Ecom%2Fimages%2F356622090%2Foriginal%252Ejpg

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:12 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

POST
H2

200

/ Show response
r.skimresources.com/api/
Redirect Chain

https://r.skimresources.com/api/
https://r.skimresources.com/api/?xguid=01F9C0311V2KB8H2YETH5RTXC1&persistence=1&checksum=75fc9a15b98af6410a3f3d5a6078113d136db7c6b0e24a519e7e13706966c3b6

173 B
487 B

54ms
54ms

XHR
application/json

35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?xguid=01F9C0311V2KB8H2YETH5RTXC1&persistence=1&checksum=75fc9a15b98af6410a3f3d5a6078113d136db7c6b0e24a519e7e13706966c3b6

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

openresty/1.11.2.5 /

Resource Hash

4c3c9989b648f873d37903a17200d7d9ec3d94371787b9eee033ce1285f7cf5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://weheartit.com
vary: Accept-Encoding
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
via: 1.1 google

Redirect headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 google
server: openresty/1.11.2.5
access-control-allow-origin: https://weheartit.com
strict-transport-security: max-age=31536000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://r.skimresources.com/api/?xguid=01F9C0311V2KB8H2YETH5RTXC1&persistence=1&checksum=75fc9a15b98af6410a3f3d5a6078113d136db7c6b0e24a519e7e13706966c3b6
access-control-allow-credentials: true
content-type: text/html
alt-svc: clear
content-length: 193

GET
H2 200 placement_invocation Show response
ob.cheqzone.com/ 50 KB
19 KB 148ms
54ms Script
text/javascript 65.9.77.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.cheqzone.com/placement_invocation?id=65349&idx=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 5e0aeb27ad5ec940a7b1049848d9ac96fcc00a34653745b7796d695f9f25f508

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 08:30:15 GMT
content-encoding: gzip
cheq_headers_order: Content-Type Cache-Control Expires Etag Content-Length Content-Encoding Date Connection
age: 18717
etag: "c62f-zfp6hy/A0Hu4xWYKZo/YBOKVxgM"
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront)
cache-control: max-age=43200
x-amz-cf-pop: AMS1-C1
content-length: 19216
x-amz-cf-id: nvwUwfEgdZag3OZhp8fKdG2sdqtEHXIr28YH8-DnAs6PCm8a8sseLQ==
expires: Tue, 29 Jun 2021 20:30:15 GMT

GET
H2 200 test.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame 64D6 610 B
992 B 60ms
57ms Document
text/html 104.108.145.107
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.107 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-107.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /nanoWidget/externals/cookie/test.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: thirdparty=yes
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html

Response headers

accept-ranges: bytes
content-type: text/html
etag: "48053d50141031b1511dbd30f9a31288:1624202907.391908"
last-modified: Sun, 20 Jun 2021 13:23:02 GMT
server: AkamaiNetStorage
content-length: 610
cache-control: max-age=345600
date: Tue, 29 Jun 2021 13:42:12 GMT
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1624974132~rv=44~id=256468ed44c338fc981e91783cf70e7b; path=/; Expires=Tue, 29 Jun 2021 13:42:12 GMT; Secure; SameSite=None

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
369 B 74ms
73ms XHR
text/javascript 65.9.86.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3431&u=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&pid=1wNpiBMkXGmQI&cb=0&ws=1600x1200&v=7.66.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22300x100%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F97720036%2FWeHeartIt_Entry_Left_300x250_1%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x100%22%2C%22300x250%22%2C%22300x600%22%2C%22120x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F97720036%2FWeHeartIt_Entry_Left_300x250_2%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x100%22%2C%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F97720036%2FWeHeartIt_Entry_Right_300x250_1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x100%22%2C%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F97720036%2FWeHeartIt_Entry_Right_300x250_2%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F97720036%2FWeHeartIt_Entry_970x250%22%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.86.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 3108b3c3c306768051fa0658c0445308.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: AMS1-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://weheartit.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: pBrIRkN2URPSXVB3bXs1vUKChu4QLerQN2O5-7SvuzV00jYFnKNXDw==

POST
H2 200 open Show response
api2.branch.io/v1/ 314 B
627 B 213ms
178ms XHR
application/json 2600:9000:2104:a000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:a000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 5f0a5fac98beed6c5c51ebb1c90e7e54933a73c0d882386c1b56643fc74e6671

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 f5046bb9ebd1a8f25b2025d7d9a283f3.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 253ca7ac44cf47f199d071e718c39d6c-2021062913
content-length: 314
x-amz-cf-id: J7uHABrSp2S5fDaf7vTuwDE6-_dgoHpOFGs48v59IFEZPabTmMNT8w==

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/356376244/ 13 KB
14 KB 55ms
51ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/356376244/superthumb.jpg?t=1624079800
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 25da8dc8c43377821c67e628d0dd8c87dd04342f31a1c6995d3c65860400adcb

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Sat, 19 Jun 2021 05:16:42 GMT
ETag: "1624079802"
X-HW: 1624974131.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds254.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 13566

GET
H/1.1 200
OK profile.jpg
data.whicdn.com/avatars/23581436/ 4 KB
4 KB 55ms
50ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/avatars/23581436/profile.jpg?t=1559202549
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 7ab69918f82ed09cd61c67f2a922719eacd400aa7c754ae10e9a42dec1cb59bd

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Thu, 30 May 2019 07:49:12 GMT
ETag: "1559202552"
X-HW: 1624974131.dop007.lo4.t,1624974131.cds041.lo4.shn,1624974132.dop007.lo4.t,1624974132.cds019.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3750

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/356281329/ 19 KB
20 KB 67ms
62ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/356281329/superthumb.jpg?t=1623744528
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: af6ee87e91a68309051455471632e17414c55dabe8e72e3bab8decc731dba35d

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Tue, 15 Jun 2021 08:08:49 GMT
ETag: "1623744529"
X-HW: 1624974131.dop041.lo4.t,1624974131.cds043.lo4.shn,1624974132.dop041.lo4.t,1624974132.cds217.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 19676

GET
H/1.1 200
OK profile.png
data.whicdn.com/avatars/66825705/ 3 KB
3 KB 68ms
63ms Image
image/png 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/avatars/66825705/profile.png?t=1610968219
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 8da0ebde5dbb79e4c1de015da12b3e831f6b33c668b01b4d223a1defc1340a93

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 18 Jan 2021 11:10:22 GMT
ETag: "1610968222"
X-HW: 1624974131.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds230.lo4.c
Content-Type: image/png
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2685

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/356537952/ 14 KB
14 KB 68ms
61ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/356537952/superthumb.jpg?t=1624661234
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: d5dc46e7959a5831d674d034f27a120302f1a655f5b018fb1f75d00c45b90ca0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Fri, 25 Jun 2021 22:47:15 GMT
ETag: "1624661235"
X-HW: 1624974131.dop007.lo4.shc,1624974132.dop007.lo4.t,1624974132.cds270.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 14126

GET
H/1.1 200
OK profile.jpg
data.whicdn.com/avatars/66362720/ 4 KB
4 KB 139ms
50ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/avatars/66362720/profile.jpg?t=1620655156
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 6a9fd83d363075e725d266521ffd9f86ffd2ccdbd01ddf07661f6c59ece9d9bd

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 10 May 2021 13:59:18 GMT
ETag: "1620655158"
X-HW: 1624974131.dop007.lo4.shc,1624974132.dop007.lo4.t,1624974132.cds043.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 4140

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/745206/ 11 KB
11 KB 103ms
51ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/745206/superthumb.jpg?t=1253479317
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 2d8b6d7d2653ad1fb0b919edd2d62b22c15acbb1c56c1dda636c0723a30ab3a8

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Thu, 11 Jun 2015 06:37:34 GMT
ETag: "1434004654"
X-HW: 1624974131.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds101.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 10787

GET
H/1.1 200
OK default_avatar_1_140-4d62daccd65a8be62072d277e1549ce9111e73b89cbdf90e4afadf1eee8a9fbb.png
assets.whicdn.com/assets/avatar/ 20 KB
20 KB 68ms
60ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/avatar/default_avatar_1_140-4d62daccd65a8be62072d277e1549ce9111e73b89cbdf90e4afadf1eee8a9fbb.png
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 4d62daccd65a8be62072d277e1549ce9111e73b89cbdf90e4afadf1eee8a9fbb

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 13 Aug 2018 23:45:34 GMT
ETag: "1534203934"
X-HW: 1624974131.dop228.lo4.t,1624974131.cds233.lo4.shn,1624974132.dop228.lo4.t,1624974132.cds082.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 20365

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/345659223/ 22 KB
22 KB 52ms
49ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/345659223/superthumb.jpg?t=1592843453
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 995fd645ed7b062790766fa209539ddb3bdb07c14b4e392901207142f5d6d594

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 22 Jun 2020 16:30:54 GMT
ETag: "1592843454"
X-HW: 1624974131.dop041.lo4.t,1624974131.cds043.lo4.shn,1624974132.dop041.lo4.t,1624974132.cds020.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 22583

GET
H/1.1 200
OK profile.png
data.whicdn.com/avatars/2629498/ 29 KB
30 KB 52ms
50ms Image
image/png 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/avatars/2629498/profile.png?t=1592809160
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: a27d52be1ff7ac6d51164e3257a2335d1162f0ceec2312e36cd9bd6c3b796999

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 22 Jun 2020 06:59:22 GMT
ETag: "1592809162"
X-HW: 1624974131.dop007.lo4.t,1624974131.cds041.lo4.shn,1624974132.dop007.lo4.t,1624974132.cds230.lo4.c
Content-Type: image/png
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 30034

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/317271427/ 8 KB
8 KB 51ms
49ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/317271427/superthumb.jpg?t=1533540742
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: ff386f284d1aa855d09a3090f212384388e98f3061c30be57a3ef3a9e9281e56

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 06 Aug 2018 07:32:30 GMT
ETag: "1533540750"
X-HW: 1624974131.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds043.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 8161

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/355609008/ 8 KB
8 KB 52ms
50ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/355609008/superthumb.jpg?t=1621345132
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 87135cdd38b6f131d182611095b0728f19bc99b94e81b36a6bdcf9766291615b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Tue, 18 May 2021 13:38:54 GMT
ETag: "1621345134"
X-HW: 1624974132.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds056.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 8010

GET
H/1.1 200
OK profile.png
data.whicdn.com/avatars/23161386/ 31 KB
31 KB 46ms
44ms Image
image/png 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/avatars/23161386/profile.png?t=1530392477
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 3f9f10aa7be0e2c05e83d6d1f426c196503fe3ae9fedfd63bf40ad24925dc9e3

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Sat, 30 Jun 2018 21:01:21 GMT
ETag: "1530392481"
X-HW: 1624974131.dop007.lo4.shc,1624974132.dop007.lo4.t,1624974132.cds038.lo4.c
Content-Type: image/png
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 31444

GET
H/1.1 200
OK entry_stub_unavailable-18b636579b18f3b5fbc3c57aa279c130891bf663235119d7ed9a62f3793c2c07.png
assets.whicdn.com/assets/whi-light/entry_stub/ 16 KB
17 KB 66ms
60ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/entry_stub/entry_stub_unavailable-18b636579b18f3b5fbc3c57aa279c130891bf663235119d7ed9a62f3793c2c07.png
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 18b636579b18f3b5fbc3c57aa279c130891bf663235119d7ed9a62f3793c2c07

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 13 Aug 2018 23:45:34 GMT
ETag: "1534203934"
X-HW: 1624974131.dop059.lo4.t,1624974131.cds036.lo4.shn,1624974132.dop059.lo4.t,1624974132.cds032.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 16870

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/1060025/ 15 KB
16 KB 49ms
47ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/1060025/superthumb.jpg?t=1259466954
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 4ba9ad01b3950c0d6cf810ec0bf36924bcbd410f2b0682a7d5ead7d47760b94a

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Fri, 12 Jun 2015 08:46:27 GMT
ETag: "1434098787"
X-HW: 1624974131.dop007.lo4.t,1624974131.cds041.lo4.shn,1624974132.dop007.lo4.t,1624974132.cds074.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 15729

GET
H/1.1 200
OK profile.jpg
data.whicdn.com/avatars/78459/ 45 KB
45 KB 48ms
46ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/avatars/78459/profile.jpg?t=1378923664
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: d4cedcdedd9f7616c0feda19bce21b1a672fda60fdbf4afd55236a6d7ba0c96e

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 01 Jun 2015 21:56:37 GMT
ETag: "1433195797"
X-HW: 1624974132.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds082.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 45600

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/348273375/ 12 KB
12 KB 52ms
47ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/348273375/superthumb.jpg?t=1599918388
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: d5d7d34f4f9f014450d6f5f68f2d4903c97413c76f3ea135611e44cc8cc63693

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Sat, 12 Sep 2020 13:46:29 GMT
ETag: "1599918389"
X-HW: 1624974131.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds090.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 12288

GET
H/1.1 200
OK profile.jpg
data.whicdn.com/avatars/29478257/ 5 KB
5 KB 51ms
46ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/avatars/29478257/profile.jpg?t=1579535366
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: a74531fe5dba66e7678bd580a77d2520b32338d1bed2017aa82f31cf642e70e1

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 20 Jan 2020 15:49:27 GMT
ETag: "1579535367"
X-HW: 1624974131.dop041.lo4.t,1624974131.cds043.lo4.shn,1624974132.dop041.lo4.t,1624974132.cds091.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 5224

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/355832517/ 6 KB
6 KB 49ms
45ms Image
image/png 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/355832517/superthumb.jpg?t=1622114570
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: cc12b69ab155a33de221a166fc986e280595e896e1fe0e644071ddbe4bf6f601

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Thu, 27 May 2021 11:22:52 GMT
ETag: "1622114572"
X-HW: 1624974131.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds007.lo4.c
Content-Type: image/png
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 5798

GET
H/1.1 200
OK profile.jpg
data.whicdn.com/avatars/67607655/ 6 KB
6 KB 54ms
52ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/avatars/67607655/profile.jpg?t=1622017997
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: c52dd79ef68816a11f5072b8bd5fe5ae2fb1227fa97562c206b883218b2fa296

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Wed, 26 May 2021 08:33:18 GMT
ETag: "1622017998"
X-HW: 1624974131.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds022.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 5900

GET
H/1.1 200
OK superthumb.jpg
data.whicdn.com/images/355595629/ 7 KB
7 KB 48ms
46ms Image
image/jpeg 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.whicdn.com/images/355595629/superthumb.jpg?t=1621302473
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: ffc9cc2aa1553359a7524be8bc7ec3e20c54d7e4d4b7327db63f1daaefca0303

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Tue, 18 May 2021 01:47:54 GMT
ETag: "1621302474"
X-HW: 1624974131.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds081.lo4.c
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 6825

GET
H/1.1 200
OK share_white-f5edcbdcd57db5c38df843ebc89980271008f5626250a1f98d409528d5e79f2d.png
assets.whicdn.com/assets/whi-light/icons/ 1 KB
1 KB 51ms
51ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/icons/share_white-f5edcbdcd57db5c38df843ebc89980271008f5626250a1f98d409528d5e79f2d.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: f5edcbdcd57db5c38df843ebc89980271008f5626250a1f98d409528d5e79f2d

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 13 Aug 2018 23:45:34 GMT
ETag: "1534203934"
X-HW: 1624974131.dop007.lo4.shc,1624974132.dop007.lo4.t,1624974132.cds075.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1163

GET
H/1.1 200
OK heartist-8d84fd6228f425cda243191d28c6fa93642fd7f6bcd2892159386e9fd04a7775.png
assets.whicdn.com/assets/whi-light/badges/ 19 KB
19 KB 44ms
44ms Image
image/png 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.whicdn.com/assets/whi-light/badges/heartist-8d84fd6228f425cda243191d28c6fa93642fd7f6bcd2892159386e9fd04a7775.png
Requested by: Host: assets.whicdn.com
URL: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 8d84fd6228f425cda243191d28c6fa93642fd7f6bcd2892159386e9fd04a7775

Request headers

Referer: https://assets.whicdn.com/assets/application-814c269acd86567baca302a20eb967b5e7a258c72e49e1586d1bc190671c7136.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:12 GMT
Last-Modified: Mon, 13 Aug 2018 23:45:34 GMT
ETag: "1534203934"
X-HW: 1624974131.dop059.lo4.shc,1624974132.dop059.lo4.t,1624974132.cds107.lo4.c
Content-Type: image/png
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 19530

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 51ms
19ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=weheartit.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Jun 2021 13:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
317 B 21ms
19ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=weheartit.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Jun 2021 13:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 83 KB
26 KB 873ms
828ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2668725786636151&correlator=840933231870625&output=ldjh&impl=fif&eid=31061731%2C22316437%2C21065724%2C44743204&vrg=2021062408&ptt=17&sc=1&sfv=1-0-38&ecs=20210629&iu_parts=97720036%2CWeHeartIt_Entry_Left_300x250_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x100%7C300x250&prev_scp=registered%3Dno%26language%3Den%26screenSize%3Dxl%26pagename%3Dentry%26checked%3Dyes%26adx%3Dno%26hearts_count%3D0-4-hearts%26image_score%3D2-percent%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1624974132&dt=1624974132507&dlt=1624974131004&idt=1225&frm=20&biw=1600&bih=1200&oid=3&adxs=96&adys=170&adks=640846461&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&vis=1&dmc=8&scr_x=0&scr_y=0&psz=419x0&msz=419x0&ga_vid=1295881990.1624974132&ga_sid=1624974133&ga_hid=1534034849&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

99a2d8bd0f6f2a1abefd03480b024dc73b116a58781bcb7a629e0285bb87b682

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CISz3q_8vPECFVCL_QcdMAkEvg&gqi=&layout=/sadbundle/%24csp%253Der3%24/1354486338142470303/300-250/300-250.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CISz3q_8vPECFVCL_QcdMAkEvg&gqi=&layout=/sadbundle/%24csp%253Der3%24/1354486338142470303/300-250/300-250.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26601
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Tue, 29 Jun 2021 13:42:13 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://weheartit.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 941E 6 KB
3 KB 62ms
13ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 29 Jun 2021 13:42:12 GMT
expires: Wed, 29 Jun 2022 13:42:12 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 63 KB
25 KB 503ms
469ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2668725786636151&correlator=840933231870625&output=ldjh&impl=fif&eid=31061731%2C22316437%2C21065724%2C44743204&vrg=2021062408&ptt=17&sc=1&sfv=1-0-38&ecs=20210629&iu_parts=97720036%2CWeHeartIt_Entry_Left_300x250_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x100%7C300x250%7C300x600%7C120x600%7C160x600&prev_scp=registered%3Dno%26language%3Den%26screenSize%3Dxl%26pagename%3Dentry%26checked%3Dyes%26adx%3Dno%26hearts_count%3D0-4-hearts%26image_score%3D2-percent%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1624974132&dt=1624974132516&dlt=1624974131004&idt=1225&frm=20&biw=1600&bih=1200&oid=3&adxs=96&adys=170&adks=1823771341&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&vis=1&dmc=8&scr_x=0&scr_y=0&psz=419x0&msz=419x0&ga_vid=1295881990.1624974132&ga_sid=1624974133&ga_hid=1534034849&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

69b72c1a2bb8e490c0e2af0a27fb620526ee52b9335e6ea73137518f156d9437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26044
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://weheartit.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 82 KB
26 KB 1305ms
1260ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2668725786636151&correlator=840933231870625&output=ldjh&impl=fif&eid=31061731%2C22316437%2C21065724%2C44743204&vrg=2021062408&ptt=17&sc=1&sfv=1-0-38&ecs=20210629&iu_parts=97720036%2CWeHeartIt_Entry_Right_300x250_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x100%7C300x250%7C336x280&prev_scp=registered%3Dno%26language%3Den%26screenSize%3Dxl%26pagename%3Dentry%26checked%3Dyes%26adx%3Dno%26hearts_count%3D0-4-hearts%26image_score%3D2-percent%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1624974132&dt=1624974132519&dlt=1624974131004&idt=1225&frm=20&biw=1600&bih=1200&oid=3&adxs=1204&adys=255&adks=3950113444&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=1295881990.1624974132&ga_sid=1624974133&ga_hid=1534034849&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

6d9bdd15d3f597a8c3fe0091c0cb5aa711d20f3e4367f2aa698390313b538e1f

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMKE9a_8vPECFXjGuwgdD-8N0A&gqi=&layout=/sadbundle/%24csp%253Der3%24/15205125897606304055/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMKE9a_8vPECFXjGuwgdD-8N0A&gqi=&layout=/sadbundle/%24csp%253Der3%24/15205125897606304055/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26710
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Tue, 29 Jun 2021 13:42:13 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://weheartit.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 1775ms
1729ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2668725786636151&correlator=840933231870625&output=ldjh&impl=fif&eid=31061731%2C22316437%2C21065724%2C44743204&vrg=2021062408&ptt=17&sc=1&sfv=1-0-38&ecs=20210629&iu_parts=97720036%2CWeHeartIt_Entry_Right_300x250_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x100%7C300x250%7C336x280&prev_scp=registered%3Dno%26language%3Den%26screenSize%3Dxl%26pagename%3Dentry%26checked%3Dyes%26adx%3Dno%26hearts_count%3D0-4-hearts%26image_score%3D2-percent%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1624974132&dt=1624974132528&dlt=1624974131004&idt=1225&frm=20&biw=1600&bih=1200&oid=3&adxs=1204&adys=255&adks=752522813&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=1295881990.1624974132&ga_sid=1624974133&ga_hid=1534034849&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

8d8223d8e137daec35fffb894caddcc763013f6ed86948cd53542169b7bbce81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10908
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://weheartit.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 82 KB
26 KB 2139ms
2094ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2668725786636151&correlator=840933231870625&output=ldjh&impl=fif&eid=31061731%2C22316437%2C21065724%2C44743204&vrg=2021062408&ptt=17&sc=1&sfv=1-0-38&ecs=20210629&iu_parts=97720036%2CWeHeartIt_Entry_970x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C970x90%7C728x90&prev_scp=registered%3Dno%26language%3Den%26screenSize%3Dxl%26pagename%3Dentry%26checked%3Dyes%26adx%3Dno%26hearts_count%3D0-4-hearts%26image_score%3D2-percent%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1624974132&dt=1624974132531&dlt=1624974131004&idt=1225&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=707&adks=672255445&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1408x0&msz=1408x0&ga_vid=1295881990.1624974132&ga_sid=1624974133&ga_hid=1534034849&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

29938d1be89a5e98fa710c79de62aff3efe3152c0364688f86e864972c721c69

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKSOrLD8vPECFTvLuwgdpkgO9w&gqi=&layout=/sadbundle/%24csp%253Der3%24/11955961782549308205/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKSOrLD8vPECFTvLuwgdpkgO9w&gqi=&layout=/sadbundle/%24csp%253Der3%24/11955961782549308205/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26675
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Tue, 29 Jun 2021 13:42:14 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://weheartit.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
387 B 188ms
173ms XHR
application/json 2600:9000:2104:a000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:a000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
via: 1.1 f5046bb9ebd1a8f25b2025d7d9a283f3.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: c405b9e70ae0446cbdbb907b6c4ddeee-2021062913
content-length: 28
x-amz-cf-id: 75xJkEN7HSyXQuII3mlnM_-Dj8OpBbs7cbgM8F0MPunPlyTcJuv6sg==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ 117 KB
38 KB 83ms
40ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/190492-96139365094532.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 758135feb6954c2501153f4a7846378a69e4189243d09272685850b10632358f

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 14:10:01 GMT
server: nginx
etag: W/"60b79139-1d469"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 30 Jun 2021 13:42:12 GMT

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
542 B 175ms
56ms XHR
application/json 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=190492
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/190492-96139365094532.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 470503982faa17aa198e19e155914b9b75167e58e14e3faac598a93246464b0b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://weheartit.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Thu, 29 Jul 2021 13:42:12 GMT

GET
H/1.1 200
OK any Show response
idx.liadm.com/idex/ie/ 206 B
685 B 530ms
140ms XHR
application/json 34.234.106.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idx.liadm.com/idex/ie/any

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/190492-96139365094532.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.234.106.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

b127d73ab5bea10daaa0dab40a03f19d3565796b0202db1258712c5dabebed74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 29 Jun 2021 13:42:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Access-Control-Allow-Origin: https://weheartit.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
trace-id: 4994f39ddaf05d44
Content-Length: 206

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 89D5 256 B
442 B 210ms
139ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=41531e3875bb98564473b53a147c8fa4b267d849

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fweheartit.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:12 GMT
content-encoding: gzip
last-modified: Tue, 29 Jun 2021 13:42:12 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: a1b6a936957f46bf255842d40da9858759bc1e5e417db3b33d184a85977cd6a8
content-length: 176

GET
H2 200 show_pla Show response
obs.cheqzone.com/ 2 KB
2 KB 328ms
102ms Script
text/javascript 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.cheqzone.com/show_pla?id=65349&url=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&sf=0&k=&idx=0&ch=&ext=&np=linux%20x86_64&nv=google%20inc.&rand=83912776113872620190809745599112730276011612252182900399685781820590&nc=0&tsf=0&tsfmi=&pv=0&cb=1624974133091&ref=&pit=1&hl=2&op=0&fs=1600x1200&ss=1600x1200&pre=0&jsonp=OBR.extern.onCheqResponse&mr=&ag=2826626440&at=&bid=e30%3D&di=W1siZWYiLDU2NjFdLFsxMiwie1wiZVwiOjAsXCJ3Z2xcIjoxfSJdLFstMSwiLSJdLFstMiwiMzgs%0D%0AWEh4ZzFqMHpFbEFRd0oxUUVja3Z6b3ZiY0FJWlNFRWpBaEpJUVFCd2dsOUY0Q0JBZ1FXZ2lkMExI%0D%0AQkJlT0dqYnZYM3FZeU02Lyt2enZTN0dvWEd3aC8rYk1samJUeWFvN09QZiJdLFstMywiW10iXSxb%0D%0ALTQsIi0iXSxbLTUsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJjaGFubmVsXCIsXCJjYW1wYWln%0D%0AblwiLFwic3RhZ2VcIixcInJlZmVycmVyX2hvc3RcIixcIndoaV9leHRyYWN0X2hvc3RuYW1lXCIs%0D%0AXCJicmFuY2hcIixcIndoaV9icmFuY2hfZmVhdHVyZVwiLFwid2hpX2JyYW5jaF9hcHBfaWRcIixc%0D%0AIndoaV9icmFuY2hfYW5kcm9pZF91cmxcIixcIndoaV9icmFuY2hfaW9zX3VybFwiLFwid2hpX2Jy%0D%0AYW5jaF9kZWVwdmlld1wiLFwid2hpQ29uZmlnXCIsXCJHb29nbGVBbmFseXRpY3NPYmplY3RcIixc%0D%0AImdhXCIsXCJ3ZWJwYWNrQ2h1bmtncm91bmRjb250cm9sXCIsXCJfX2NvcmUtanNfc2hhcmVkX19c%0D%0AIixcInJlZ2VuZXJhdG9yUnVudGltZVwiLFwiYm9vdEFkXCIsXCJBdWRpdFwiLFwiZ29vZ2xldGFn%0D%0AXCIsXCJhcHN0YWdcIixcIl9xZXZlbnRzXCIsXCJsb2FkV2l0bGVlU2NyaXB0XCIsXCJkZWJvdW5j%0D%0AZVwiLFwibG9nV2l0aFR5cGVcIixcIktpY2tzZW5kXCIsXCJjaGVja1JlcXVpcmVkRmllbGRzXCIs%0D%0AXCJJMThuXCIsXCIkXCIsXCJqUXVlcnlcIixcImpRdWVyeTE3MTA4MjczODQ1NTg4ODEzMTExXCIs%0D%0AXCJTcGlubmVyXCIsXCJyZXF1aXJlXCIsXCJFWElGXCIsXCJXZUhlYXJ0SXRcIixcImxvZ2dlclwi%0D%0ALFwiX2NvbXNjb3JlXCIsXCJhZGRZb3VUdWJlQVBJXCIsXCJyZW1vdmVBZFNsb3RzXCIsXCJyZW5k%0D%0AZXJBZFBsYWNlaG9sZGVyXCIsXCJhZGRVcGxvYWRGaWxlXCIsXCJTVFJcIixcInBvZGNhc3RQcm9t%0D%0Ab3Rpb25DYXJvdXNlbFwiLFwiTElcIixcIl9fbGlfX2V2dF9idXNcIixcImxpUVwiLFwiZ29vZ2xl%0D%0AX3RhZ19kYXRhXCIsXCJnYXBsdWdpbnNcIixcImdhR2xvYmFsXCJdLFwiblwiOltdLFwiZFwiOltd%0D%0AfSJdLFstNywiLSJdLFstOCwiLSJdLFstOSwiLSJdLFstMTAsIi0iXSxbLTExLCJ7XCJ0XCI6XCJc%0D%0AIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwia2V5d29yZHNcIixcInR3aXR0ZXI6dGl0bGVcIixc%0D%0AInR3aXR0ZXI6ZGVzY3JpcHRpb25cIixcIm9nOnRpdGxlXCIsXCJvZzpkZXNjcmlwdGlvblwiXX0i%0D%0AXSxbLTEyLCJudWxsIl0sWy0xMywiLSJdLFstMTQsIntcIm9cIjowLjAwMzYyMzE4ODQwNTc5NzEw%0D%0AMTV9Il0sWy0xNSwiLSJdLFstMTYsIjAiXSxbLTE3LCIxNiJdLFstMTgsIlswLDAsMCwxXSJdLFst%0D%0AMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwx%0D%0AMjAwLDE2MDAsMTIwMCwwLDAsMCwwLFwiLVwiLFwiLVwiXSJdLFstMjAsIjEyOTU4ODE5OTAuMTYy%0D%0ANDk3NDEzMiJdLFstMjEsInpOM1RCUWtGIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMjMsIisi%0D%0AXSxbLTI0LCJbXSJdLFstMjUsIi0iXSxbLTI2LCJ7XCJ0amhzXCI6MTYxMDAwMDAsXCJ1amhzXCI6%0D%0AMTQzMDAwMDAsXCJqaHNsXCI6Mzc2MDAwMDAwMH0iXSxbLTI3LCJbMCwxMCwwLFwiNGdcIixudWxs%0D%0AXSJdLFstMjgsImVuLVVTIl0sWy0yOSwie1widlwiOlsyLDIsMiwyLDAsMCwwLDIsMCwyLDAsMiww%0D%0ALDAsMiwyLDIsMiwwXX0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJ0cnVlIl0sWy0zMiwiMiJd%0D%0ALFstMzMsIi0iXSxbLTM0LCItIl0sWy0zNSwiWzE2MjQ5NzQxMzI3OTYsLTJdIl0sWy0zNiwiW1wi%0D%0ANC8zXCIsXCI0LzNcIl0iXSxbLTM3LCItIl0sWy0zOCwiaSwtMSwtMSw2MzgsMCwxLDAsMSwyODEs%0D%0ANDI1LDg3MCwwLDIxODUuMiwyMTg1LjIsMzE0NywzMTQ3Il0sWy0zOSwiW1wiMjAwMzAxMDdcIiww%0D%0ALFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxz%0D%0AZSxudWxsLDBdIl0sWy00MCwiMzMiXSxbLTQxLCItIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDMs%0D%0AIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAxMTAwIl0sWy00NCwiMCwwLDAsNSJdLFstNDUsIjYyMCww%0D%0ALDAsMCwwLDAsNzYyLDAsNjQ4LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAs%0D%0AMCwwLDAsMCJdLFstNDYsIjAiXSxbLTQ3LCJFdXJvcGUvQmVybGluLGVuLVVTLGxhdG4sZ3JlZ29y%0D%0AeSJdLFstNDgsIjAsMCJdLFstNDksIi0iXSxbImJuY2giLDQwNl1d&tsfu=&fst=1600x1200&dep=0&cpos=%5B%7B%22x%22%3A96%2C%22y%22%3A707%2C%22w%22%3A1408%2C%22h%22%3A0%7D%2C%7B%22w%22%3A1600%2C%22h%22%3A1200%7D%5D&ver=41&cri=KMIVVmn78K&sdd=%7B%7D&pto=3440
Requested by: Host: ob.cheqzone.com
URL: https://ob.cheqzone.com/placement_invocation?id=65349&idx=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 77a5b8060ca3077b59266e703f553ec0b470e050723611384c4110ee3c9a66c4

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:13 GMT
content-encoding: gzip
content-type: text/javascript
cache-control: no-cache, no-store, must-revalidate
cheq_headers_order: Set-Cookie Content-Type Cache-Control Pragma Expires Content-Length Content-Encoding Date Connection
content-length: 1453
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
i.skimresources.com/api/ 223 B
505 B 128ms
46ms Script
application/javascript 34.96.81.209
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://i.skimresources.com/api/?version=10&js=1&callback=instantDataCallback&data=%7B%22instant%22%3A%221%22%2C%22page%22%3A%22https%3A%2F%2Fweheartit.com%2Fentry%2F356622090%22%2C%22pref%22%3A%22%22%2C%22pubcode%22%3A%2228678X866187%22%7D

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/28678X866187.skimlinks.js?_=1624974131778

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.81.209 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache / PHP/5.3.3

Resource Hash

f2047d2ca924ad131d52121567157e3b1b556d0b6fa17a46ed7ecddb53c1b6e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Apache
x-powered-by: PHP/5.3.3
content-type: application/javascript
access-control-allow-origin: https://weheartit.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 223

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
364 B 46ms
40ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/28678X866187.skimlinks.js?_=1624974131778

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:13 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://weheartit.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
warning: 299 - "Deprecated API"
alt-svc: clear
content-length: 22

GET
H/1.1 200
OK Cookie set a-028f Show response
i.liadm.com/s/c/ Frame 0893 1 KB
1 KB 516ms
127ms Document
text/html 54.172.13.178
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://i.liadm.com/s/c/a-028f?s=&cim=&ps=true&ls=false&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Requested by

Host: b-code.liadm.com
URL: https://b-code.liadm.com/sync-container.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.13.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

013100afd4e485872dea07556132415d6c48541e7ac9ff35e360980fec8a3820

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: i.liadm.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://weheartit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: lidid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

Cache-Control: private, no-cache, max-age=0
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 29 Jun 2021 13:42:13 GMT
ETag: 1.61803398874
Set-Cookie: _li_ss=MgUIBhDlDzIFCAoQ5Q8yBQh6EOQPMgYIiwEQ5Q8yBQgLEOUPMgUICxDlDzIFCHkQ5A8; Max-Age=2592000; Expires=Thu, 29 Jul 2021 13:42:13 GMT; SameSite=None; Path=/s; Secure
Strict-Transport-Security: max-age=31536000; includeSubDomains
trace-id: 53bf8692f36b3842
Vary: Accept-Encoding
Content-Length: 641
Connection: keep-alive

GET
H2 200 container.html Show response
e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9D2B 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 29 Jun 2021 13:42:12 GMT
expires: Wed, 29 Jun 2022 13:42:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 25ms
13ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29d592e34e3d2c8ca0c55ceafd75940de79cdb6381d8ceb372d226e7820e7220

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624879999447392"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27719
x-xss-protection: 0
expires: Tue, 29 Jun 2021 13:42:13 GMT

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 459ms
111ms XHR
application/json 64.202.112.191
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1624974133159&sessionId=105a880f-556f-c949-39c6-5c0bf64946e1&url=weheartit.com&cheqSource=1&cheqEvent=0&exitReason=3
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Jun 2021 13:42:13 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: a45a0e78e920c940d0620ca0e0b93f0e
Content-Length: 4
Expires: 0

GET
H2 200 get Show response
odb.outbrain.com/utils/ 31 KB
11 KB 319ms
236ms Script
text/javascript 151.101.114.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fweheartit.com%2Fentry%2F356622090&idx=0&rand=92015&key=NANOWDGT01&widgetJSId=AR_1&va=true&et=true&format=html&pdobuid=-1&adblck=false&abwl=false&clid=105a880f-556f-c949-39c6-5c0bf64946e1&fdu=weheartit.com&px=96&py=800&vpd=0&cw=1408&ts=1624974133163&settings=true&recs=true&version=2000372&sig=zN3TBQkF&apv=false&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=0&ccpaStat=0&wdr-natlaz=true
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f75095cd6a32c0c64a401ff79d0801fe1d5ed5aea1bbeb4d94d5b15632e769eb

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, LGA, HHN, Europe1
x-cache: MISS, MISS
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
backend-ip: 157.52.117.33
x-cache-hits: 0, 0
x-traceid: 2494c18778c9d4164b91235b5a2f1b6e
content-encoding: gzip
content-length: 11086
x-served-by: cache-lga21933-LGA, cache-hhn4054-HHN
x-timer: S1624974133.264392,VS0,VE204
vary: Accept-Encoding, User-Agent
content-type: text/javascript; charset=UTF-8
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2FDF 624 B
591 B 22ms
19ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMOpfBD9447YAhimm4muATAB&v=APEucNVIdmjBstPejepFGEYIXx3gUglMqde6YhIby3E7V93yFGgmk0JuwY-S6Ci-czhj8U3i3psNgY-K7G3hWtfkmFmfsaN_LLJoS6QIIH-Z45ryPJGNTRRL2tGRmmZOAWJcX77h_i9-7Gf_fiKSaIaRenQO9-fulH5zNe_wlRQE6tgknECf2Xk

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMOpfBD9447YAhimm4muATAB&v=APEucNVIdmjBstPejepFGEYIXx3gUglMqde6YhIby3E7V93yFGgmk0JuwY-S6Ci-czhj8U3i3psNgY-K7G3hWtfkmFmfsaN_LLJoS6QIIH-Z45ryPJGNTRRL2tGRmmZOAWJcX77h_i9-7Gf_fiKSaIaRenQO9-fulH5zNe_wlRQE6tgknECf2Xk
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 29 Jun 2021 13:42:13 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUmM0YP7Ak_tdh6mURw-skTeIkp9GmOHrA0Tef8BaeyEb_2p5Z_3Zw7UNRIc; expires=Sun, 24-Jul-2022 13:42:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 29 Jun 2021 13:42:13 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 9D2B 111 KB
39 KB 58ms
13ms Script
text/javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 06:43:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25094
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 06:43:59 GMT

GET
H2 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210624/r20110914/elements/html/ Frame 9D2B 6 KB
3 KB 55ms
11ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210624/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0dc4093b6b9286ebfc6c728ddd3a70812a726d79d6f41d60a506fd5b93c4929c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:22:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1203
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2661
x-xss-protection: 0
server: cafe
etag: 7752240862628680351
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:22:10 GMT

GET
H2 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210624/r20110914/ Frame 9D2B 17 KB
7 KB 46ms
10ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210624/r20110914/abg_lite_fy2019.js

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:39:32 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D2B 42 B
173 B 63ms
27ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bq3XxsA0y6Hyk7WkVPMRnmBjm3j6-JpbJaMDBwY0UGZaVBo62FdTD_i_5UuCmHeelPv0NohwOOWj0r-kNZFfxssz1NYJ3GWEwxo8XDbG7cOtMxRMI

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 9D2B 3 KB
1 KB 44ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/window_focus_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:39:20 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9D2B 125 KB
38 KB 44ms
43ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

e2f5a99d439c1d7bc8cd4e02f39d77d0dab1eba4e1fae40d3fc5d06ac3aaf1ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624879993577808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38803
x-xss-protection: 0
expires: Tue, 29 Jun 2021 13:42:13 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 9D2B 14 KB
7 KB 35ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a029ad1de22249db15e4a05e5e168cf70b256ce05cdef7f7e7927c2df030f57b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 17140096307539089235
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:41:59 GMT

POST
H2 200 / Show response
i.skimresources.com/api/ 457 B
622 B 46ms
45ms XHR
application/json 34.96.81.209
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://i.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/28678X866187.skimlinks.js?_=1624974131778

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.81.209 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache / PHP/5.3.3

Resource Hash

2fac6a1d2265289024d093d09ec3c1cb04041eb4a73d6adc2425cdb4d72aed02

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Apache
x-powered-by: PHP/5.3.3
content-type: application/json
access-control-allow-origin: https://weheartit.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 457

GET
H3-29 200 index.html Show response
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 81 KB
19 KB 23ms
7ms Document
text/html 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

845e12e62ef7da9cac94a76375172e4c67836fd39a168902ec87742b44232b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /sadbundle/6221166297966372568/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Sat, 26 Jun 2021 00:37:41 GMT
expires: Sun, 26 Jun 2022 00:37:41 GMT
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 19509
age: 306272
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9D2B 0
592 B 158ms
82ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstnjFYNOdsxUtNLY6W7IaRQQ6e9rLcu6gBbo1J_HBvhtoFNf1HyN785dJ-nRiXFT_mJqdrn2IFeXY3_dTaHt5rHi-O2WZP6fRVkWpTZRGyOPb2Rx8TZZbBjMxWrjZa_YaZ19ncMm5KVOOaU-oPa8wCoISqCKmcYwe99ejrOc8k7oCQTQXtM3Y5m8GrTYy0kDrWOd4upLNo9ho50BqBz9TkmpR7oVZZUpKC6RlxgsMWk55hu_ADpxRPaeCZ-d3ljvQFuxsm6grXPkb3YsUagTGC4m9qToRBk_svMpmFo-yKxWdT8vwswycH99x5XedfqjuILwXgZfnINfuSCGQjIuO6LhObd9lVn3oH7GKUWApwyRY7QEbbNVcK1DNgG8y9DllDhtRKSgz7Wh4RZJHM9Ti5BOEf7oVO_wgtjAPcHlh7Ee6jETk18X-GJWQINOnDbBO4odxUboPfZczcZY57O8XgamzspniesBbS10LhX2qy8MUIVU0kbWYTphXdqIs9D70pt88ISm9HCXqHJ6u24ZRQqWrlRkIWDPmXdk67bFOm7rH-UXKlc9wvgDq-Em-FnySCRZ0ZsDfMc-mjvIC1xkf7_N_JlIG0iprzpbQRWYnhxHaBiaugCpKVD3yYhrn57C8kGghFn7_JCvkbQ37Z-1p67HYNV3ICke0mVO7Uun5AmjIoTdqXneaz_z-8ph20VTK-CeQ-nw5B5sFl7l122N1xiWpea8FxOdiwot968twdsm3diBHAzq2YNJD7RpdJtKHukf0D3uPlyyHhU9tHM3VxzofFN1yUfalMJLCaY-XWfc8iqIEN8mjH7bhCkhDs7RN5jPNfHjCOeVgkQrHONJLS8aNtJ0opZWuQe63ALP95DwiIwYzL3nX48xL1XtEAOeCI5AiPQF_liFHmBTt0OfsHTj5QXWq0yf3p5JKP0Dhsu54foEGWau_mI7PiupVle6pI55sIUN3Eo38aE0M0Xxw-5jfjnqNPr-DNOHhf9zLsNjhavpr-IzDSFT9VNm2W9DRzcvupH1kTbMAPPitwr-vLw0wAFNS1Qzh7YOpImMbh4zOjVijTj90BNO7IVUqBnlTSGEke885kN-czA_p4spfpk_QagF_TJfe5WmL2GJ8kC&sai=AMfl-YQznOtxLYbXu8QSdMwR0T8nQQM7UFM67Gm6VawncmzFVSbN_6p5m16Toh1Nn26ZAHj2ODqHqOK51SXocrGJrwLEGaZ5o7_lvE6dwEz-F9Qh2uMSVM_635k1WUBasgKrq0VFyAcF4ZWemO3r2ZtqD0-hy8d-7qj4uSgSFpVTjvGq6ydrmryHTR_Ua0NPBCqjZb7JGNC0nz-h9WTYL0ij8AG34e8DX2UVK3zE7JX2lKuUtUO7arjTwNob7toVWCa3itmHSnSakXlHwCcTqvlLDWTM8QsyH3PyQwcaFXQMK8tbWXDlTjckrhzJfcBlF_XNlnRB5d_w7S2mUgZu-2z9WnOJHhws2ulmhtRSnlTOOpht2p2B-7gMonx_P5LMrKWF1w&sig=Cg0ArKJSzJ9ABeuC3uIrEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=182&cbvp=1&cstd=177&cisv=r20210624.37119&adurl=

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Tue, 29 Jun 2021 13:42:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2FDF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1&C=1

43 B
1014 B

62ms
56ms

Image
image/gif

104.108.145.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMOpfBD9447YAhimm4muATAB&v=APEucNVIdmjBstPejepFGEYIXx3gUglMqde6YhIby3E7V93yFGgmk0JuwY-S6Ci-czhj8U3i3psNgY-K7G3hWtfkmFmfsaN_LLJoS6QIIH-Z45ryPJGNTRRL2tGRmmZOAWJcX77h_i9-7Gf_fiKSaIaRenQO9-fulH5zNe_wlRQE6tgknECf2Xk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Jun 2021 13:42:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 29 Jun 2021 13:42:13 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 29 Jun 2021 13:42:13 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Tue, 29 Jun 2021 13:42:13 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2FDF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YNsjNUHqCr9E3sW9-y3F3AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1&C=1

43 B
1014 B

55ms
54ms

Image
image/gif

104.108.145.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMOpfBD9447YAhimm4muATAB&v=APEucNVIdmjBstPejepFGEYIXx3gUglMqde6YhIby3E7V93yFGgmk0JuwY-S6Ci-czhj8U3i3psNgY-K7G3hWtfkmFmfsaN_LLJoS6QIIH-Z45ryPJGNTRRL2tGRmmZOAWJcX77h_i9-7Gf_fiKSaIaRenQO9-fulH5zNe_wlRQE6tgknECf2Xk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Jun 2021 13:42:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 29 Jun 2021 13:42:14 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 29 Jun 2021 13:42:14 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-tCmTfqB9DkJydRUlO90c&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Tue, 29 Jun 2021 13:42:14 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2FDF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOwqhkiP7UWgQ9d3Q-bozNQ&google_cver=1

43 B
1006 B

165ms
113ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOwqhkiP7UWgQ9d3Q-bozNQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMOpfBD9447YAhimm4muATAB&v=APEucNVIdmjBstPejepFGEYIXx3gUglMqde6YhIby3E7V93yFGgmk0JuwY-S6Ci-czhj8U3i3psNgY-K7G3hWtfkmFmfsaN_LLJoS6QIIH-Z45ryPJGNTRRL2tGRmmZOAWJcX77h_i9-7Gf_fiKSaIaRenQO9-fulH5zNe_wlRQE6tgknECf2Xk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Jun 2021 13:42:13 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 62b4e304-b694-469d-bf08-d2ec42992b55
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOwqhkiP7UWgQ9d3Q-bozNQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2FDF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyMzYxMTg5MTYzMzUwOTYwNw%3D%3D

170 B
188 B

83ms
41ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyMzYxMTg5MTYzMzUwOTYwNw%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 29 Jun 2021 13:42:13 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 24cc53f6-7e44-4421-8506-823040b4ec6e
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyMzYxMTg5MTYzMzUwOTYwNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9D2B 41 KB
15 KB 26ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 12:39:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3743
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 12:39:50 GMT

GET
DATA 200
OK truncated
/ Frame 9D2B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ecfb3b12ba988fc28670af214aa925119cbc2f711d0ec2fc89e3a2cc7a1dbf4b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
88 B 52ms
50ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/28678X866187.skimlinks.js?_=1624974131778

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:13 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://weheartit.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

GET
H3-29 200 container.html Show response
e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1C58 6 KB
3 KB 31ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 29 Jun 2021 13:42:12 GMT
expires: Wed, 29 Jun 2022 13:42:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 112ms
112ms XHR
application/json 64.202.112.191
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1624974133625&sessionId=105a880f-556f-c949-39c6-5c0bf64946e1&url=weheartit.com&cheqSource=1&cheqEvent=2&responseTime=1411
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Jun 2021 13:42:13 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 697698a5240394c7feea93abf384894d
Content-Length: 4
Expires: 0

GET
H2 200 imp.gif
obs.cheqzone.com/tracker/ 43 B
135 B 96ms
95ms Image
image/gif 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.cheqzone.com/tracker/imp.gif?e=37dfbd8ee84e001368eace32ee46899e9225c24f567d51c5c30f41b0254384cfa532ff1a285aa40e98d022e0b44dc87ea4a36fde4c1b8c682309094d0ba0bfea9475489e91da563e351aff717718956a8b70cd0130003f8101424d3f065cc3bf775d36fa26e877cb55e2cc7ce2586fb01f6f3903d053f054abd1c5d52fe87547ed62d2f1157f84163312714593d60632fd78afe7dfe1474ab9488bbd39e821da61c45085052aae2d05f91e46042cc95b32b49affa125be2ab8589801f95c0c2cf38e6b256a655c9b6599857ea95a61a7d4f232331e32d786302080903b477442750c1bef8828796d76e4ba152cebfea755c9a444771e2bb5a5a384800cc6b9a326f746c0016537dd9fcfe6ad6b89cc9133d56c5384e6c1250616e9656ca0990a63ecc89825d957bd1fad811bc551c8c96dd82a77c3d835d277c1d5edfb8ee9b61c7cf426e7e9fc205165b4d361c3b442b44d1354d0545e84d7c38681eb923bce6a88dee78e2dbe7a7c65d6297ec5c6c748238aee75f902b0934ec327f87c114a0f9936ff439cd0be71f8df78d21bed88dfcb71854f086cf0515954725f6edce132e311809cd776fecc25b3d02addc2b1ad33cfa0e05c777384a9061595f7195442acd5b37aa73a9ff65fefe932b17ea62d8855d412cbab3dc4063ae2ae927a2239600236165a17aefd916fd402ab5848432b95a85d8c8a121e8acdcda6ae3ed0e7e5e094bdfee3414b20e904d3f41f3bc1303a5e8927042f3be471eb345c97f7d320ca72dd25c6&cb=1624974133625&cri=KMIVVmn78K
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:13 GMT
cache-control: no-cache, no-store, must-revalidate
cheq_headers_order: Cache-Control Pragma Expires Content-Type Date Connection Content-Length
content-type: image/gif
content-length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ob_logo_67x12.png
widgets.outbrain.com/images/widgetIcons/ 2 KB
3 KB 44ms
44ms Image
image/png 104.108.145.107
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_logo_67x12.png
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.107 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-107.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
last-modified: Thu, 10 Jun 2021 10:07:44 GMT
server: AkamaiNetStorage
etag: "c52b07e749f7a09fa7b97b7e195e06ce:1623321658.961125"
access-control-allow-methods: GET,POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2326
expires: Thu, 29 Jul 2021 13:42:13 GMT

GET
H2 200 achoice.svg
widgets.outbrain.com/images/widgetIcons/ 3 KB
3 KB 45ms
44ms Image
image/svg+xml 104.108.145.107
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.107 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-107.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
last-modified: Thu, 10 Jun 2021 10:07:44 GMT
server: AkamaiNetStorage
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1623321643.048214"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2735
expires: Thu, 29 Jul 2021 13:42:13 GMT

GET
H/1.1 200
OK l Show response
mcdp-nydc1.outbrain.com/ 2 B
292 B 533ms
157ms Fetch
text/plain 64.202.112.191
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-nydc1.outbrain.com/l?token=22d2e347e4dca54e9db8dceddf6c1192_39003_1624974133419&tm=1607&eT=0&widgetWidth=1408&widgetHeight=388&widgetX=96&widgetY=1050&tpcs=0&wRV=2000372&pVis=1&lsd=-1&eIdx=&cnsnt=no_consent&cheq=2&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Tue, 29 Jun 2021 13:42:14 GMT
content-encoding: gzip
X-TraceId: 7905283f5535cdb54795e3d2a126496f
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H2 200 obUserSync.html Show response
widgets.outbrain.com/widgetOBUserSync/ Frame 0EDA 16 KB
6 KB 42ms
41ms Document
text/html 104.108.145.107
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.107 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-107.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8f968e74a7825219f3fb0e3717e8aa0854ded3e3603fe44658a7037a587935a9

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /widgetOBUserSync/obUserSync.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

accept-ranges: bytes
content-type: text/html
etag: "bba7ea61dbaa460c8b9c3272f76e75ff:1624436858.729748"
last-modified: Wed, 23 Jun 2021 08:27:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=86400
expires: Wed, 30 Jun 2021 13:42:13 GMT
date: Tue, 29 Jun 2021 13:42:13 GMT
content-length: 5505
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1624974133~rv=81~id=fc68227901b226ddda19437096937e8f; path=/; Expires=Tue, 29 Jun 2021 13:42:13 GMT; Secure; SameSite=None

GET
H2 200 eyJpdSI6ImJhNjFmNjFjNWIxZmY4MTk5YTdkNWExOTRlMzEyMzRkOWQ0NzFiYjI0OWU0ZWVlZDg3MTA1NWJjOGJmZTI2NzIiLCJ3IjozOTAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 8 KB
8 KB 168ms
78ms Image
image/webp 104.108.145.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImJhNjFmNjFjNWIxZmY4MTk5YTdkNWExOTRlMzEyMzRkOWQ0NzFiYjI0OWU0ZWVlZDg3MTA1NWJjOGJmZTI2NzIiLCJ3IjozOTAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.145.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8365e9119d307bc461403fb1f4eea8dee6c4ca3360687b30f497c7fdbbe2635c

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
cache-control: max-age=2352188
last-modified: Sun, 20 Jun 2021 06:55:03 GMT
x-traceid: 219351bad85bfeea08e7c32caf4438a6
timing-allow-origin: *
content-length: 8474
content-type: image/webp

GET
H2 200 eyJpdSI6IjZkZjdiODU0OGMxYjk5NmU3NzA1NjU3MDQ0ZmI3NmI3NmU5ZGU0YzQ3NDc3NjZiZWJlMzc5NDg1MjBjMDlhMGQiLCJ3IjozOTAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 15 KB
15 KB 133ms
44ms Image
image/webp 104.108.145.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjZkZjdiODU0OGMxYjk5NmU3NzA1NjU3MDQ0ZmI3NmI3NmU5ZGU0YzQ3NDc3NjZiZWJlMzc5NDg1MjBjMDlhMGQiLCJ3IjozOTAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.145.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ca317cbe39caf635daaa199052aed30296b2e32172575a5a3b51ac7ada182c1f

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
cache-control: max-age=1041093
last-modified: Wed, 14 Apr 2021 22:40:43 GMT
x-traceid: cd3cbd9ec2fe06052ad3fd9a14de6df3
timing-allow-origin: *
content-length: 15600
content-type: image/webp

GET
H2 200 eyJpdSI6IjY1NzkxMjRhMDExODQ3MTRjMmM3ZjNjNGFmMzUyMTdlNDI0MjQ0ZTE2OTc4YzI4MDEzYjJjN2ZjZjY4MDI2OGQiLCJ3IjozOTAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 29 KB
29 KB 167ms
79ms Image
image/webp 104.108.145.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjY1NzkxMjRhMDExODQ3MTRjMmM3ZjNjNGFmMzUyMTdlNDI0MjQ0ZTE2OTc4YzI4MDEzYjJjN2ZjZjY4MDI2OGQiLCJ3IjozOTAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.145.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 29294b00f5c2981bcc033f60423f572ccec700f42055d957c204d7ef70b60a55

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
cache-control: max-age=1499997
last-modified: Mon, 26 Apr 2021 14:01:39 GMT
x-traceid: fa5738247d2c1fcba1fcbb836e49a390
timing-allow-origin: *
content-length: 29228
content-type: image/webp

GET
H2 200 eyJpdSI6ImNmYjYyOTBmZmE3YzBiZTc4Mzg5NmQ4NDVlM2VhOTMwZjNmODQ2OWEzMWQ1NTBkMjU0MjQ1YjFjM2VmNGIwY2UiLCJ3IjozOTAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 35 KB
35 KB 156ms
67ms Image
image/webp 104.108.145.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImNmYjYyOTBmZmE3YzBiZTc4Mzg5NmQ4NDVlM2VhOTMwZjNmODQ2OWEzMWQ1NTBkMjU0MjQ1YjFjM2VmNGIwY2UiLCJ3IjozOTAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.145.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c76eef5c335bf6f3e4db19915cb615d13d145c50c9dda66b78537d9890ed450e

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:13 GMT
cache-control: max-age=1046736
last-modified: Mon, 12 Apr 2021 16:45:11 GMT
x-traceid: ddcd2e8ad53493ec9aa38b1ca60b70bb
timing-allow-origin: *
content-length: 35906
content-type: image/webp

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AFB2 22 KB
8 KB 11ms
7ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 29 Jun 2021 10:28:06 GMT
expires: Wed, 29 Jun 2022 10:28:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11647
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK widgetGlobalEvent Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 115ms
114ms Fetch
application/json 64.202.112.191
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=22d2e347e4dca54e9db8dceddf6c1192&pvId=22d2e347e4dca54e9db8dceddf6c1192&sid=849216&pid=39003&idx=0&wId=100&pad=4&org=0&tm=1784&eT=3&cnsnt=no_consent&wRV=2000372&pVis=1&lsd=-1&eIdx=0&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Jun 2021 13:42:13 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 40886a0b16ca1a968b1457d606872e4a
Content-Length: 4
Expires: 0

GET
H3-29 200 DcmEnabler_01_246.js Show response
s0.2mdn.net/879366/ Frame FE82 28 KB
10 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44e04e4776c58b34580006ef8e8a1e1ae336f3e9c429ae242fe9a8f090889b79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 21:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58201
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10121
x-xss-protection: 0
last-modified: Wed, 09 Jun 2021 17:28:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 21:32:12 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9D2B 0
23 B 108ms
65ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 29 Jun 2021 13:42:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 container.html Show response
e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5CD6 6 KB
3 KB 16ms
15ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 29 Jun 2021 13:42:12 GMT
expires: Wed, 29 Jun 2022 13:42:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 300-250.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/ Frame 60F7 3 KB
3 KB 21ms
16ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76b45eafc7d8b4ea085b4612aca08896a8e5da1580072a069a3c42e09ba2211f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1317
date: Thu, 24 Jun 2021 04:32:16 GMT
expires: Fri, 24 Jun 2022 04:32:16 GMT
last-modified: Fri, 08 May 2020 10:31:58 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 464998
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1C58 0
0 49ms
45ms Fetch
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CPTITNSPbYMRE0Jb27w-wkpDwC_mt-qVj9MDs-cwNrgIQASD0uZcuYMzh7YH8LsgBCakCFADgjR4gaT7gAgCoAwHIAwiqBNoBT9AJFHwDXPYe0OmKEZWdKczLxNUWrzUCK5lWwro_TMIuV4gkybtGq6EDCt9pTXkpebHe3J170pVeGyl8PFewm8Lfgls-n-WKLd_wI2SRglL0GxgENA_voIM-MOnYcORX1lHiai6GB9BDM6wJOeQjM6HjQcSdoWfuk5epS-Du2p504mi8VyFmaSr6ZHqr4JvZZ_yKr-Nb8SAX8yUZ_2LCcS4xCQ7O_kXl6Z8O0U6vZmfW4-bxC__LP72Lde59wce9_T5TiGymuzFLrGgxT5Lnmt_rwYCZ4PWSFhvABLf3yfLWA-AEAaAGLoAHo-yuzwGoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ4YAR0ggJCIjhgBAQARgdgAoDyAsB2BMD0BUBgBcBshcaChgIABIUcHViLTc5MTU3NjkxMDU3ODE2ODI&sigh=s2Je_4w29oU&template_id=419
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/ Frame 1C58 17 KB
7 KB 21ms
18ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/abg_lite_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:39:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:39:10 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 1C58 3 KB
1 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/window_focus_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 174
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:39:20 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1C58 125 KB
38 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f5a99d439c1d7bc8cd4e02f39d77d0dab1eba4e1fae40d3fc5d06ac3aaf1ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:14 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624879993577808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38803
x-xss-protection: 0
expires: Tue, 29 Jun 2021 13:42:14 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 1C58 14 KB
6 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a029ad1de22249db15e4a05e5e168cf70b256ce05cdef7f7e7927c2df030f57b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 17140096307539089235
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:41:59 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 1C58 0
0 21ms
20ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT7Y2uzTpXtHseg7iRJMIN4oBpoABB6UoTIPnBHfWPQnAdxvlFram8UWx8a_G4fbOvjjfeUbmRaA20aXV8ESBbfCsfO8Q
Requested by: Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

4f25b6cd75d2498db24b1900631f48cc
i.liadm.com/s/e/a-028f/0/ Frame 0893
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-028f%2F0%2F4f25b6cd75d2498db24b1900631f48cc%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&c366163e-7a3c-4ce1-9de6-cfe...
https://i.liadm.com/s/e/a-028f/0/4f25b6cd75d2498db24b1900631f48cc?mpid=7156&muid=b98060db-2335-4100-ae13-b94bbbd5e883

43 B
285 B

123ms
122ms

Image
image/gif

54.172.13.178
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-028f/0/4f25b6cd75d2498db24b1900631f48cc?mpid=7156&muid=b98060db-2335-4100-ae13-b94bbbd5e883

Requested by

Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-028f?s=&cim=&ps=true&ls=false&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.13.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:14 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: c7ac321cba1add2d
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Date: Tue, 29 Jun 2021 13:42:17 GMT
Server: MT3 3799 851f7e8 master zrh-pixel-x9
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://i.liadm.com/s/e/a-028f/0/4f25b6cd75d2498db24b1900631f48cc?mpid=7156&muid=b98060db-2335-4100-ae13-b94bbbd5e883
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 29 Jun 2021 13:42:16 GMT

GET
H/1.1

200
OK

35759
i6.liadm.com/s/ Frame 0893
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveintent&ttd_tpi=1
https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=7b3db960-2660-4447-9cf2-b4f62d63f81e
https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=7b3db960-2660-4447-9cf2-b4f62d63f81e&_li_chk=true&previous_uuid=3b162eec2c684e0b83039eff06a92313
https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=7b3db960-2660-4447-9cf2-b4f62d63f81e

43 B
447 B

326ms
112ms

Image
image/gif

2600:1f18:444a:4680:252d:a0d8:b19f:2c13
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=7b3db960-2660-4447-9cf2-b4f62d63f81e

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:444a:4680:252d:a0d8:b19f:2c13 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:15 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: 134190f9ac33161c
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=7b3db960-2660-4447-9cf2-b4f62d63f81e
Date: Tue, 29 Jun 2021 13:42:14 GMT
Connection: keep-alive
trace-id: 95d2c9f03ea0b7ad
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

4f25b6cd75d2498db24b1900631f48cc
i.liadm.com/s/e/a-028f/0/ Frame 0893
Redirect Chain

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-028f%2F0%2F4f25b6cd75d2498db24b1900631f48cc%3Fmpid%3D82775%26muid%3D%2...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-028f%2F0%2F4f25b6cd75d2498db24b1900631f48cc%3Fmp...
https://i.liadm.com/s/e/a-028f/0/4f25b6cd75d2498db24b1900631f48cc?mpid=82775&muid=19702210040059847712222283151091135034

43 B
285 B

170ms
165ms

Image
image/gif

54.172.13.178
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-028f/0/4f25b6cd75d2498db24b1900631f48cc?mpid=82775&muid=19702210040059847712222283151091135034

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.13.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:14 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: 56172652971fbbcc
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

DCS: dcs-prod-irl1-2-v011-0d93789e1.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: zjG/pjHjTsA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://i.liadm.com/s/e/a-028f/0/4f25b6cd75d2498db24b1900631f48cc?mpid=82775&muid=19702210040059847712222283151091135034
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

live_intent_sync
x.dlx.addthis.com/e/ Frame 0893
Redirect Chain

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&rd=Y

43 B
604 B

172ms
171ms

Image
image/gif

23.37.43.59
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&rd=Y

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-59.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:14 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 29 Jun 2021 13:42:14 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

Redirect headers

location: https://x.dlx.addthis.com/e/live_intent_sync?na_exid=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&rd=Y
pragma: no-cache
date: Tue, 29 Jun 2021 13:42:14 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Tue, 29 Jun 2021 13:42:14 GMT

GET
H/1.1

200
OK

52176
i.liadm.com/s/ Frame 0893
Redirect Chain

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=c366163e-7a3c-4ce1-9de6-cfeedc071dd2&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05&_li_chk=true&previous_uuid=3e65c86245b74fddbbfa318b63593965

43 B
447 B

137ms
136ms

Image
image/gif

54.172.13.178
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05&_li_chk=true&previous_uuid=3e65c86245b74fddbbfa318b63593965

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.13.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:14 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: b871f58fb29f90de
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: /s/52176?bidder_id=5298&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05&_li_chk=true&previous_uuid=3e65c86245b74fddbbfa318b63593965
Date: Tue, 29 Jun 2021 13:42:14 GMT
Connection: keep-alive
trace-id: c53dc2fec294bf91
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

52164
i6.liadm.com/s/ Frame 0893
Redirect Chain

https://x.bidswitch.net/sync?ssp=liveintent&user_id=c366163e-7a3c-4ce1-9de6-cfeedc071dd2
https://x.bidswitch.net/ul_cb/sync?ssp=liveintent&user_id=c366163e-7a3c-4ce1-9de6-cfeedc071dd2
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dliveintent%26bsw_par...
https://x.bidswitch.net/sync?dsp_id=354&user_id=5020b8acda8c4480b001207e7b7524d7&ssp=liveintent&bsw_param=1ee36996-5323-4e8d-bab5-cb48de622e05&gdpr=&consent=&gdpr_pd=
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05
https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05

43 B
447 B

290ms
101ms

Image
image/gif

2600:1f18:444a:4680:252d:a0d8:b19f:2c13
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:444a:4680:252d:a0d8:b19f:2c13 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 29 Jun 2021 13:42:15 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: 3af773b9d42d316f
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=1ee36996-5323-4e8d-bab5-cb48de622e05
Date: Tue, 29 Jun 2021 13:42:14 GMT
Connection: keep-alive
trace-id: cd5ed04e51190349
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H2 200 /
trc.taboola.com/sg/liveintent/1/cm/ Frame 0893 43 B
229 B 54ms
17ms Image
image/gif 2a04:4e42:3::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/liveintent/1/cm/
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-028f?s=&cim=&ps=true&ls=false&duid=587967738150--01f9c030q3rap7dfyez4fd5qe6&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:3::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Tue, 29 Jun 2021 13:42:14 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624974134.134823,VS0,VE9
x-served-by: cache-fra19168-FRA
x-cache: MISS
cache-control: no-cache, no-store
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ Frame 0EDA 1 KB
2 KB 45ms
45ms Script
application/javascript 65.9.77.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:32:07 GMT
via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
etag: "1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 608
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 1469
x-amz-cf-id: ESL4A5qjd1t25LYOWu9L_00PDqMjal6iFAk6nBj4kRWJAhK-pezEgQ==

GET
H2 200 copy_final_2.png
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 2 KB
2 KB 53ms
31ms Image
image/png 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/copy_final_2.png

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2fafbc6ed9ff0f151048fb5a56ed19ed3e5df0c67a2718e929bc7e038b7146e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 00:37:41 GMT
x-content-type-options: nosniff
age: 306273
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2380
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 00:37:41 GMT

GET
H2 200 copy_final_1.png
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 2 KB
2 KB 54ms
32ms Image
image/png 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/copy_final_1.png

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f22686839518e345e49034b3339609c371babc6a0571fd1ae3218dd34a4d524

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 00:37:41 GMT
x-content-type-options: nosniff
age: 306273
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1571
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 00:37:41 GMT

GET
H2 200 fundo_cor_2.jpg
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 2 KB
2 KB 53ms
32ms Image
image/jpeg 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/fundo_cor_2.jpg

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf2b2799f39cb443ecbe9c50d6bbc417a56bf9b1f578f64fa1da56a0ba4e6c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 00:37:42 GMT
x-content-type-options: nosniff
age: 306272
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2308
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 00:37:42 GMT

GET
H2 200 logo.png
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 8 KB
8 KB 34ms
13ms Image
image/png 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/logo.png

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80858e3cc31ae7ba2e0f7ca25c4ed26c6376d8ac1c4169e3b9626c93137cb16a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 00:37:42 GMT
x-content-type-options: nosniff
age: 306272
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8348
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 00:37:42 GMT

GET
H2 200 fundo_cor_1.jpg
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 914 B
1 KB 27ms
7ms Image
image/jpeg 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/fundo_cor_1.jpg

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

971d5af0c9430cf6563804ea45305a299be008dcae79572bfb0504ad007eb679

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 22:50:04 GMT
x-content-type-options: nosniff
age: 312730
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 914
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 22:50:04 GMT

GET
H2 200 copy_2.png
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 4 KB
4 KB 54ms
35ms Image
image/png 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/copy_2.png

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8a2b906d6f9daa0cfdb356c61653956dc1e00dbae584e00e84cfbcd81e13984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 00:37:42 GMT
x-content-type-options: nosniff
age: 306272
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3930
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 00:37:42 GMT

GET
H2 200 img_lax_2.png
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 56 KB
56 KB 52ms
41ms Image
image/png 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/img_lax_2.png

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaebccba5366d36fad6ecdbed1e623ccc57f8356f249d48ac98ef552d64afbc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 00:37:42 GMT
x-content-type-options: nosniff
age: 306272
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56904
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 00:37:42 GMT

GET
H2 200 img_lax_1.jpg
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 15 KB
15 KB 26ms
15ms Image
image/jpeg 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/img_lax_1.jpg

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5ec6e6f37615c6e87dd174ae2b130d8c9f9199f8422909fab59daaf4e19e9f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 00:37:42 GMT
x-content-type-options: nosniff
age: 306272
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15151
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 00:37:42 GMT

GET
H2 200 copy_1.png
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 7 KB
7 KB 45ms
34ms Image
image/png 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/copy_1.png

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d65a857298c0bce72389bc0c2417352b140c8050e7b81416e9d6db9b82b16a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 00:37:42 GMT
x-content-type-options: nosniff
age: 306272
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7418
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 00:37:42 GMT

GET
H2 200 img_2.jpg
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 28 KB
28 KB 46ms
35ms Image
image/jpeg 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/img_2.jpg

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee9310cfa69ea94575e7317593cb65123400f99e3ec2d8f53d5759f44d11e3f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 22:50:04 GMT
x-content-type-options: nosniff
age: 312730
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28900
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 22:50:04 GMT

GET
H2 200 img_1.jpg
s0.2mdn.net/sadbundle/6221166297966372568/ Frame FE82 14 KB
14 KB 21ms
10ms Image
image/jpeg 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6221166297966372568/img_1.jpg

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c67f0afd7440e2ef640817b8f94e4676ae0da1b584c8bd3b79566681afb88599

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6221166297966372568/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 00:37:42 GMT
x-content-type-options: nosniff
age: 306272
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14560
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 14:51:55 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 00:37:42 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/ Frame B62F 12 KB
3 KB 32ms
32ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3afb0c277df85f52df6565d520603f593a1601541cd86fe3a24bbb33fc334d93

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/15205125897606304055/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3365
date: Wed, 23 Jun 2021 10:10:17 GMT
expires: Thu, 23 Jun 2022 10:10:17 GMT
last-modified: Fri, 05 Feb 2021 15:23:18 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 531117
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5CD6 0
0 46ms
46ms Fetch
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CGQZuNSPbYIKWF_iM7_UPj963gA2197KCY6ux9PaZDa4CEAEg9LmXLmDM4e2B_C6gAdDGo-EDyAEJqQJgosLNwoF_PuACAKgDAcgDCKoE6AFP0P0wfdjUOA3FtdJG6UL0hIyoVUDCk86AgVjPa2hvv0-kdO_0ccKsNT2Mi5jE97yxzfxOWys9E3fVZLKlFN9SHOohJulwZod-da9aKjKq3ocvTQslUuKglR-C34aXVB-rVYYeGZmFMsWlNL2sujmgjIrHs1iHkeSZSAGWBz_Y0-GxoL3N7A4FGQY0QP-isAyfp6fc6wOxjOQKb6lmHJPcu_lIBRKaE_D45JNrZvatcs2BblnwPQCXOhETAmE3jol6-7TKtmyG5hPi5_t1g34_WLdpiTqGi5YqLOZGpefVUB6_w1k30I7dwASHmODQmQLgBAGSBQQIBBgBkgUECAUYBKAGLoAHmLncHqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDbtwvSCAkIiOGAEBABGB2ACgPICwHYEwzQFQGYFgGAFwGyFxoKGAgAEhRwdWItNzkxNTc2OTEwNTc4MTY4Mg&sigh=rEDWqUHJ8Zo&template_id=419
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/ Frame 5CD6 17 KB
7 KB 46ms
12ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/abg_lite_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:39:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:39:10 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 5CD6 3 KB
1 KB 52ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/window_focus_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 174
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:39:20 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5CD6 125 KB
38 KB 119ms
76ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

e2f5a99d439c1d7bc8cd4e02f39d77d0dab1eba4e1fae40d3fc5d06ac3aaf1ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:14 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624879993577808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38803
x-xss-protection: 0
expires: Tue, 29 Jun 2021 13:42:14 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 5CD6 14 KB
6 KB 49ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a029ad1de22249db15e4a05e5e168cf70b256ce05cdef7f7e7927c2df030f57b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 17140096307539089235
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:41:59 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 5CD6 0
0 57ms
13ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRmWKZP7QfHwIYDhmWJ-UUOMko5E4YZv1gTSHaMV0a90y2VJzd4IqugzkwXoFGm-tWKAac50zPQydo6zjEg5V7f7hrbuA
Requested by: Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 yXHsSCk3YzWUbRvqoZHyxkpI6JVLQi3qNywtkCkXe5s.js Show response
pagead2.googlesyndication.com/bg/ Frame AFB2 14 KB
6 KB 52ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yXHsSCk3YzWUbRvqoZHyxkpI6JVLQi3qNywtkCkXe5s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c971ec4829376335946d1beaa191f2c64a48e8954b422dea372c2d9029177b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 12:39:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3737
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5747
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 12:39:57 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 568B 143 B
226 B 23ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 29 Jun 2021 13:09:03 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1991
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1C58 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17820cc8156603e2a9d32c417b5a590af96df27f61f46c62a1954d7d6be97b2f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 60F7 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 16:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 29 Jun 2021 16:31:23 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 60F7 26 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 20:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62536
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 29 Jun 2021 20:19:58 GMT

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 60F7 236 KB
63 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 13:42:14 GMT

GET
H3-29 200 300-250.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/ Frame 60F7 18 KB
5 KB 8ms
8ms Script
application/x-javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/300-250.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19806ab02990cc8a1e25a2262ef88c8f52d1d88fe8b35001a3491b08422807a1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 464998
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5264
x-xss-protection: 0
last-modified: Fri, 08 May 2020 10:31:58 GMT
server: sffe
date: Thu, 24 Jun 2021 04:32:16 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 04:32:16 GMT

GET
H2

200

b2
sb.scorecardresearch.com/ Frame 0EDA
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=14320224&c3=39003&cs_ucfr=1&ns__t=1624974134259&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2Fo...
https://sb.scorecardresearch.com/b2?c1=7&c2=14320224&c3=39003&cs_ucfr=1&ns__t=1624974134259&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2F...

64 B
329 B

55ms
54ms

Image
image/gif

65.9.77.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=14320224&c3=39003&cs_ucfr=1&ns__t=1624974134259&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2FobUserSync.html%23pid%3D39003%26dmpenabled%3Dfalse%26filterDMP%3D%26csenabled%3Dtrue%26d%3D%26obcnsnt%3Dfalse%26gdpr%3D1%26cmpNeeded%3Dfalse%26gdprVer%3Dnull%26ccpa%3D1---%26country%3DCZ&c9=https%3A%2F%2Fweheartit.com%2F
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:14 GMT
via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: sg6oXSDLxgQZzMUbYSzOa4-eVS7lDwA0rSWOswfiLCn6iIh0osbBUg==

Redirect headers

date: Tue, 29 Jun 2021 13:42:14 GMT
via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=7&c2=14320224&c3=39003&cs_ucfr=1&ns__t=1624974134259&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2FobUserSync.html%23pid%3D39003%26dmpenabled%3Dfalse%26filterDMP%3D%26csenabled%3Dtrue%26d%3D%26obcnsnt%3Dfalse%26gdpr%3D1%26cmpNeeded%3Dfalse%26gdprVer%3Dnull%26ccpa%3D1---%26country%3DCZ&c9=https%3A%2F%2Fweheartit.com%2F
content-length: 439
x-amz-cf-id: pEAaOccVNMEftfbMxM9WhFpVr3DYU7rrRx9d5UPlkccdYd6VMP4cvg==

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012106212012000/ Frame 7810 188 KB
54 KB 43ms
20ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e872cbf02c8b399de0bc02a3120c525d1397d73e6fe9b396ddb9fb8ca645421f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 77520
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55206
x-xss-protection: 0
server: sffe
date: Mon, 28 Jun 2021 16:10:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08e7b47afdadb9c9"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jun 2022 16:10:14 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012106212012000/v0/ Frame 7810 13 KB
6 KB 42ms
20ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42c0019ac2f32d24160ef9f53853c7caeb65ea3b21bcbcd8e3b90a5a230dfba4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 77520
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4815
x-xss-protection: 0
server: sffe
date: Mon, 28 Jun 2021 16:10:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9c6d4b511682de4a"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jun 2022 16:10:14 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012106212012000/v0/ Frame 7810 86 KB
27 KB 53ms
32ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac42f28820c1a06584cf80f69fc888b8d19d7b87197bef5ea6ea355b712df62c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 77520
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27658
x-xss-protection: 0
server: sffe
date: Mon, 28 Jun 2021 16:10:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "89763648e638c628"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jun 2022 16:10:14 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012106212012000/v0/ Frame 7810 4 KB
2 KB 49ms
31ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48f9695743d1ea7156fe612eb25beb3be6ca81d94a30891b848d0177137dfaa6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 77520
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1490
x-xss-protection: 0
server: sffe
date: Mon, 28 Jun 2021 16:10:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e9b373dc53e7b532"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jun 2022 16:10:14 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012106212012000/v0/ Frame 7810 40 KB
13 KB 54ms
36ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e54b897cb477a0ce61dc7c6900e1c57a4f127c24716662b84313be238e0f7abb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 77520
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12852
x-xss-protection: 0
server: sffe
date: Mon, 28 Jun 2021 16:10:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "432397294f345717"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jun 2022 16:10:14 GMT

GET
DATA 200
OK truncated
/ Frame 7810 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b63956a330aef339f9595ac1237b697bf4c94f9434dcd5693265dba148ca05b

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 13648056661621373008
tpc.googlesyndication.com/simgad/ Frame 7810 48 KB
48 KB 11ms
9ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13648056661621373008?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkUWyFzFKR-n2Cme3WP_apldmNVQg

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d48def3e44dea188e1f924946237b6be7467d4a24e951f01a0af810f20cff37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 00:13:53 GMT
x-content-type-options: nosniff
last-modified: Fri, 18 Dec 2020 10:23:15 GMT
server: sffe
age: 566901
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48970
x-xss-protection: 0
expires: Thu, 23 Jun 2022 00:13:53 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7810 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Jun 2021 07:15:41 GMT
x-content-type-options: nosniff
server: cafe
age: 23193
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 30 Jun 2021 07:15:41 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7810 295 B
323 B 13ms
12ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Jun 2021 10:45:56 GMT
x-content-type-options: nosniff
server: cafe
age: 10578
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 30 Jun 2021 10:45:56 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 7810 0
0 16ms
15ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSwXQWqLztG__f_W2W9yCvKitrbzasGKmA0A3IixnFZGy4iqwIHuMztIzDSkLYjAIn7TloF9qLYL5q2LBqrXqx2akHTxQ
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 bg.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/ Frame 60F7 3 KB
3 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/bg.jpg?1588157762884

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8826db2d14938686bf49796e475b6b517c679f3d5e425cdfa6b8f5ec0a323f1c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 464998
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3431
x-xss-protection: 0
last-modified: Fri, 08 May 2020 10:31:58 GMT
server: sffe
date: Thu, 24 Jun 2021 04:32:16 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 04:32:16 GMT

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame B62F 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 16:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 29 Jun 2021 16:31:23 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame B62F 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 20:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62536
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 29 Jun 2021 20:19:58 GMT

GET
H3-29 200 efd5af212b790b949ef103480dddb5e7.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/ Frame B62F 69 KB
18 KB 17ms
17ms Script
application/x-javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/efd5af212b790b949ef103480dddb5e7.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8994af594d5b44a2244155d9e567be672557846242b3c65ce86eaaeb652c3744

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 576840
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18481
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:18 GMT
server: sffe
date: Tue, 22 Jun 2021 21:28:14 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 21:28:14 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5E21 143 B
163 B 31ms
13ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlA2Iy8m-7-cueaEVYuHzAstuY0RU6OYtrCcUPpAvrZV2C-IooCiV3Ug7khcAc; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 29 Jun 2021 13:09:03 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1991
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5CD6 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf01b1f0ab7cb3e7e14e7c58c43f08aeb618669ea24ae923ffd7be69412c12d5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9D2B 42 B
64 B 31ms
16ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEF2h9y2-nuE1bgXJP2Qcp4AudP3RGK4k-VHDBW_HVNEkTx2OMZn4YqXS9xE02JCVIRm0k3ZBTJEk5z4lK2qpPh_RJRKks0Eqpo6nFehnjjMWANn0qUE4bJmRzlA&sai=AMfl-YQms8njhSFxtbKEcyg2-RE5-T9sr39g4rya6iOcDCPXdFm5q9p-okVBWv31dht19i2ukJoULSOt5miazvzge0jxLjXM07qgChXTeXqNIe2RCXICO11t9zdYMmpuxm8&sig=Cg0ArKJSzHK2hYNzE75cEAE&cid=CAASFeRoVifh2pqfAHGeRaMWRyf7sOYK_A&id=lidar2&mcvt=1090&p=170,96,770,396&mtos=1090,1090,1090,1090,1090&tos=1090,0,0,0,0&v=20210628&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1823771341&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624974133154&dlt=23&rpt=383&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 jahody.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/ Frame 60F7 35 KB
35 KB 14ms
7ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/jahody.png?1588157762884

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c693c86e7852e167687744b8ef1d7f4719319ed6b226f069cbb8bbe51352c101

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 464998
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36238
x-xss-protection: 0
last-modified: Fri, 08 May 2020 10:31:58 GMT
server: sffe
date: Thu, 24 Jun 2021 04:32:16 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 04:32:16 GMT

GET
H3-29 200 314fce17cfca877a3f9df0e9d7379765.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/ Frame B62F 25 KB
25 KB 19ms
12ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/314fce17cfca877a3f9df0e9d7379765.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4790b592ccc4d5c8cfe82b1e70e3b2b95e6760cb6f462fb37f7ebb07f6df9e4c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 541372
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25126
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:18 GMT
server: sffe
date: Wed, 23 Jun 2021 07:19:22 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 07:19:22 GMT

GET
H3-29 200 0efdbbba6e053878591296d7d0a6592a.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/ Frame B62F 3 KB
3 KB 13ms
11ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/0efdbbba6e053878591296d7d0a6592a.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc21281eb68765df1b2e005222eb157b38f7d45ef22c198ca239c20ede207cee

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 537308
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3421
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:18 GMT
server: sffe
date: Wed, 23 Jun 2021 08:27:06 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 08:27:06 GMT

GET
H3-29 200 a1535c82c443f21684a7fd6efc795a36.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/ Frame B62F 9 KB
2 KB 14ms
12ms Image
image/svg+xml 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/a1535c82c443f21684a7fd6efc795a36.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5cdcb00f2c777d1e6f74e8843a7705baf2e84aa4c18e9472a76e30569187667c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 593960
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2071
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:18 GMT
server: sffe
date: Tue, 22 Jun 2021 16:42:54 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 16:42:54 GMT

GET
H3-29 200 aaf65ee035e9c4f5df93d316ad184faa.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/ Frame B62F 35 KB
35 KB 15ms
14ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/aaf65ee035e9c4f5df93d316ad184faa.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcb15e73cc53ed1fdc0de208f27eebef10ebfd46ccf91a8650e9b02a738242ad

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 530315
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35523
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:18 GMT
server: sffe
date: Wed, 23 Jun 2021 10:23:39 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 10:23:39 GMT

GET
H3-29 200 12ad8e852d6d1a5853e58484445550fa.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/ Frame B62F 8 KB
8 KB 25ms
24ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/12ad8e852d6d1a5853e58484445550fa.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d115ff44e59dd9bf8854641112e4c6e29f339c4beabfe3b71b4f8e38d6ccbf14

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 5637
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8056
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:18 GMT
server: sffe
date: Tue, 29 Jun 2021 12:08:17 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 12:08:17 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 7810
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

48ms
48ms

Image
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Tue, 29 Jun 2021 13:42:14 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 568B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

40ms
39ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlA2Iy8m-7-cueaEVYuHzAstuY0RU6OYtrCcUPpAvrZV2C-IooCiV3Ug7khcAc; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Jun 2021 13:42:14 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Tue, 29-Jun-2021 14:42:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 29 Jun 2021 13:42:14 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Jun 2021 13:42:14 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/ Frame 60F7 7 KB
7 KB 16ms
11ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/logo.png?1588157762884

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33bc5b6a9944e817a3cd8d4a0f1d43af1c4f8959281e6b3b00dd9f79a40f53bc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 464998
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7275
x-xss-protection: 0
last-modified: Fri, 08 May 2020 10:31:58 GMT
server: sffe
date: Thu, 24 Jun 2021 04:32:16 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 04:32:16 GMT

GET
H3-29 200 13648056661621373008
tpc.googlesyndication.com/simgad/ Frame 7810 48 KB
48 KB 12ms
7ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13648056661621373008?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkUWyFzFKR-n2Cme3WP_apldmNVQg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012106212012000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d48def3e44dea188e1f924946237b6be7467d4a24e951f01a0af810f20cff37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 00:13:53 GMT
x-content-type-options: nosniff
last-modified: Fri, 18 Dec 2020 10:23:15 GMT
server: sffe
age: 566901
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48970
x-xss-protection: 0
expires: Thu, 23 Jun 2022 00:13:53 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7810 2 KB
2 KB 11ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012106212012000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Jun 2021 07:15:41 GMT
x-content-type-options: nosniff
server: cafe
age: 23193
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 30 Jun 2021 07:15:41 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7810 295 B
323 B 13ms
11ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012106212012000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Jun 2021 10:45:56 GMT
x-content-type-options: nosniff
server: cafe
age: 10578
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 30 Jun 2021 10:45:56 GMT

GET
H2 200 container.html Show response
e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5F05 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 29 Jun 2021 13:42:12 GMT
expires: Wed, 29 Jun 2022 13:42:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 63668bca9e276a3088061d6ee3c234be.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/ Frame B62F 2 KB
943 B 9ms
9ms Image
image/svg+xml 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/media/63668bca9e276a3088061d6ee3c234be.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15205125897606304055/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e9ff7528ce15bd8d11352b24615dae372cf16167ff2820b16809cfdc9fde0fd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 541372
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 907
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:18 GMT
server: sffe
date: Wed, 23 Jun 2021 07:19:22 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 07:19:22 GMT

GET
H3-29 200 mroz.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/ Frame 60F7 17 KB
17 KB 9ms
7ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/mroz.png?1588157762884

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ebb1c151192f11b0e3503d435b96fb66868bd44d0f0c0244e2b1775f893892a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 464997
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17644
x-xss-protection: 0
last-modified: Fri, 08 May 2020 10:31:58 GMT
server: sffe
date: Thu, 24 Jun 2021 04:32:17 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 04:32:17 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5E21
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

50ms
43ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlA2Iy8m-7-cueaEVYuHzAstuY0RU6OYtrCcUPpAvrZV2C-IooCiV3Ug7khcAc; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Jun 2021 13:42:15 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Tue, 29-Jun-2021 14:42:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 29 Jun 2021 13:42:15 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Jun 2021 13:42:14 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7810 0
0 43ms
37ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C4St4NSPbYJPDMYXd7_UPp9Sn6Aiq1PHjYpaSjY-lDfv1rImSDhABIPS5ly5gzOHtgfwuoAGcr_uoAsgBAuACAKgDAcgDCKoE4QFP0IGjjnxHXCzqw5fdyL8o98v515ewIBmME9KJxpTGz_1SBhwnezm9rvXfurg0qdcXEmAdkpMqD9xzL9Tq-Sz03XyC4HETxWCkqjjUiBD0T-eRvqFLA9vol5I36l3cFEZ_x6jzp9qLY_TD0qiyqYTwPqWtyIib4hq1M8D-ZITluwbkcd64x_P6a3m2F5gyE6A2i0LQwsPvk0qYyGYAf1hKipvl8cMnfCEZzvO0k40Lh07IXoz4pW5Z0Vad8F0pLj0hQSBW53G_SlWMD4amV15DFY52uedpvkwd9RsmyXYZLOPABJH5k-W6A-AEAZIFBAgEGAGSBQQIBRgEoAYCgAfM0ITXAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCz3gnSCAkIiOGAEBABGB2ACgPICwHYEw3QFQGYFgGAFwGyFxoKGAgAEhRwdWItNzkxNTc2OTEwNTc4MTY4Mg&sigh=qLWtvXqE8hc&cbvp=2
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 wings1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/ Frame 60F7 20 KB
20 KB 13ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1354486338142470303/300-250/images/wings1.png?1588157762884

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3273741995a4ec9ad375879173aa061c67bdfc099a40119af82834f3f5117e8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 464998
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20208
x-xss-protection: 0
last-modified: Fri, 08 May 2020 10:31:58 GMT
server: sffe
date: Thu, 24 Jun 2021 04:32:17 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 04:32:17 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/ Frame B049 12 KB
3 KB 12ms
10ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d056a2e624b08dd0fd35ee07d4bb55fa0d5cef9da87b58c887a62745906d162f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/11955961782549308205/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3347
date: Wed, 23 Jun 2021 06:56:15 GMT
expires: Thu, 23 Jun 2022 06:56:15 GMT
last-modified: Fri, 05 Feb 2021 15:23:47 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 542760
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5F05 0
0 50ms
48ms Fetch
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CWcWmNiPbYKSbEbuW7_UPppG5uA-197KCY4O79PaZDa4CEAEg9LmXLmDM4e2B_C6gAdDGo-EDyAEJqQJ2zbEICoN_PuACAKgDAcgDCKoE4wFP0I4qfYUsnjLbogsYY-JpaE2Z7lVa8rlxGaQlWwA9tpmudchj_hltoE4yVE66A1YmDGRL5W3f2RkVE8Zdha7Gw2Kt7Zzn_rD6pX311QWk_IEB3EoT92aoMd5P9lJQ87e4kghrtNQ2-_GzmTsfRci-BZDtebZLgdmLrMSoMFi_o3x0Qt_YfEtWQfYeysRf6yJngOsP1iCGRDMx8Heq4ONMlUXqgNNkkyr3B7dILX8DmV0cvEudhIIoE_U1SGs4BxF0ZCs-NbKJvLb4gBdZMduQslodC32JyfMuBPwRZXjwzpOYRsAEh5jg0JkC4AQBkgUECAQYAZIFBAgFGASgBi6AB5i53B6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ9oYh0ggJCIjhgBAQARgdgAoDyAsB2BMM0BUBmBYBgBcBshcaChgIABIUcHViLTc5MTU3NjkxMDU3ODE2ODI&sigh=mTsvXaKFcM8&template_id=419
Requested by: Host: weheartit.com
URL: https://weheartit.com/entry/356622090
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/ Frame 5F05 17 KB
7 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/abg_lite_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:39:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:39:10 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 5F05 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/window_focus_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 175
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:39:20 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5F05 125 KB
38 KB 38ms
36ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

e2f5a99d439c1d7bc8cd4e02f39d77d0dab1eba4e1fae40d3fc5d06ac3aaf1ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:15 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624879993577808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38803
x-xss-protection: 0
expires: Tue, 29 Jun 2021 13:42:15 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 5F05 14 KB
6 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a029ad1de22249db15e4a05e5e168cf70b256ce05cdef7f7e7927c2df030f57b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 17140096307539089235
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jul 2021 13:41:59 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 5F05 0
0 20ms
17ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQMa6Rw_KPd6goYcLh-BS6qfhuW4-YzC-4WL6CWQ29f2ZuFqwnmxX-PeVfT6E65vkO1lOBWXL4eAD-RG9Uy4xdd1K9Liw
Requested by: Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame B049 9 KB
3 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 16:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 29 Jun 2021 16:31:23 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame B049 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 20:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 29 Jun 2021 20:19:58 GMT

GET
H3-29 200 ea9025c3f08a3d2de7d2469215b87a17.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/ Frame B049 69 KB
18 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/ea9025c3f08a3d2de7d2469215b87a17.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d27e29793b5e772173ba2e6172af7e78274e25c9bee87f4495d22b2f78f044b8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 537686
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18491
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:47 GMT
server: sffe
date: Wed, 23 Jun 2021 08:20:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 08:20:49 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8BF1 143 B
163 B 14ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlA2Iy8m-7-cueaEVYuHzAstuY0RU6OYtrCcUPpAvrZV2C-IooCiV3Ug7khcAc; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 29 Jun 2021 13:09:03 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1992
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5F05 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23e6653220944d2dcd85d8e11d0f5c5747cd744b8eb8e687245a0e38f3d7bac4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 d966ee039672e089c2b5c6222cd38afc.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/ Frame B049 37 KB
37 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/d966ee039672e089c2b5c6222cd38afc.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e9f4be3a9af4c4036d334ac531e166edb65cf2b36cba8b15108faaf6e97a95d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 471820
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38241
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:47 GMT
server: sffe
date: Thu, 24 Jun 2021 02:38:35 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 02:38:35 GMT

GET
H3-29 200 49a837eac7e931c28e6043d18b1eccec.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/ Frame B049 46 KB
46 KB 16ms
14ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/49a837eac7e931c28e6043d18b1eccec.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c5a51dde6296bcf0be389744fc12dd11a66949cdc144d62a5c1bae30c84f5e3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 576111
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47117
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:47 GMT
server: sffe
date: Tue, 22 Jun 2021 21:40:24 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 21:40:24 GMT

GET
H3-29 200 577323b59ae5590c598946035a473530.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/ Frame B049 9 KB
9 KB 12ms
11ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/577323b59ae5590c598946035a473530.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4d457b6b992b2dcfdcc6a6a2107d32f120933198ec364788003608089f6b66c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 567578
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9370
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:47 GMT
server: sffe
date: Wed, 23 Jun 2021 00:02:37 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 00:02:37 GMT

GET
H3-29 200 4e43d1ae4477cfeb1f54b37e878d796e.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/ Frame B049 3 KB
3 KB 16ms
14ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/4e43d1ae4477cfeb1f54b37e878d796e.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10c18c6ea6e36632c1d0a667acc536c60a7ad3b7b3b5a59d2a3b8d5c7cde880b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 586664
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3398
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:47 GMT
server: sffe
date: Tue, 22 Jun 2021 18:44:31 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 18:44:31 GMT

GET
H3-29 200 87ea75af463b6d320c41753ed3801c38.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/ Frame B049 9 KB
2 KB 16ms
15ms Image
image/svg+xml 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/87ea75af463b6d320c41753ed3801c38.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

278ea5c031b63fe2ed020de506bfc5a0393233f86936e80b7934b835a0bf6d6d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 540935
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2427
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:47 GMT
server: sffe
date: Wed, 23 Jun 2021 07:26:40 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 07:26:40 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1C58 0
0 90ms
41ms Fetch
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CaWryNSPbYMRE0Jb27w-wkpDwC_mt-qVj9MDs-cwNrgIQASD0uZcuYMzh7YH8LsgBCakCFADgjR4gaT7gAgCoAwGqBNoBT9AJFHwDXPYe0OmKEZWdKczLxNUWrzUCK5lWwro_TMIuV4gkybtGq6EDCt9pTXkpebHe3J170pVeGyl8PFewm8Lfgls-n-WKLd_wI2SRglL0GxgENA_voIM-MOnYcORX1lHiai6GB9BDM6wJOeQjM6HjQcSdoWfuk5epS-Du2p504mi8VyFmaSr6ZHqr4JvZZ_yKr-Nb8SAX8yUZ_2LCcS4xCQ7O_kXl6Z8O0U6vZmfW4-bxC__LP72Lde59wce9_T5TiGymuzFLrGgxT5Lnmt_rwYCZ4PWSFhvABLf3yfLWA-AEAaAGLoAHo-yuzwGoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ4YAR0ggJCIjhgBAQARgdgAoDyAsB2BMD0BUBgBcBshcaChgIABIUcHViLTc5MTU3NjkxMDU3ODE2ODI&sigh=tIgmSfNEa6A&vt=1&template_id=419&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1C58 42 B
64 B 26ms
22ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvs02ni9it5fyA8FXMGzHgqxUEbz8qKAOXcDkF07Z2nwyLY3F0VrBAfVVhr7FT_0y33lpNHj8TqsoZ6oWJMq4gkipv2tdjJauSeZwEfP8c5YUxJl58ugwOEr_cMhTLhS04hE_vw5DzG&sai=AMfl-YTEET6aau96htwjRJuWgNtxaqgjTgTjNrryouPfD8MacKhzRdt9fG6KrbSjwhNjM1MqDEQYaJkKtGpVf_kv178iACwlPiJQgwXAlrMM_Mt42qGBGGt0bbDKm70QscM&sig=Cg0ArKJSzL1LTqMrBC5-EAE&id=lidar2&mcvt=1023&p=156,96,406,396&mtos=1023,1023,1023,1023,1023&tos=1023,0,0,0,0&v=20210628&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=640846461&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624974133567&dlt=243&rpt=22&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 367122b66d19c75b3f94940c869acf2f.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/ Frame B049 3 KB
1 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/media/367122b66d19c75b3f94940c869acf2f.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11955961782549308205/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

feb5bbb3465ec6267f57719baa668c2973b98d6a8ac60b70bf7ce00f75cc56f3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 540935
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1163
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:23:47 GMT
server: sffe
date: Wed, 23 Jun 2021 07:26:40 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 07:26:40 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8BF1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

40ms
39ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
URL: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlA2Iy8m-7-cueaEVYuHzAstuY0RU6OYtrCcUPpAvrZV2C-IooCiV3Ug7khcAc; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Jun 2021 13:42:15 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Tue, 29-Jun-2021 14:42:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 29 Jun 2021 13:42:15 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Jun 2021 13:42:15 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AFB2 0
20 B 30ms
16ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BwvqfNCPbYManJceV7_UPrriH8AwAAAAAOAHgBAI&bg=!GRqlGl7NAAYo4NJEKOA7ACkAdvg8Ws0dTjWT4tc4uQ1tD8MrKJ6QTOpWbl06K5KJy5ACjLGQrvYIEQIAAANPUgAAACVoAQcKANhTw3dtaQRPFgmtv4W17ZU4baCA9LOI9n7K_jvp0rqW1Ntcmfgxms8wpWjbcReUgXB4CLvUGzTkbBX4rKeWaBWNfQIAB0jbwZpDDxyboEYHNsiz3qP3tY13Qg7T2k4Ak-CDu3BmGl7kBPopMbu0_OEilt3yfqvb2tf1Y6zJYWa0Jwu8TsbZ6KxCSHExXvV829aD_fg8nvOZQYG4aX4_5VZFuwqYJ4blSANoKrq-inXwhoOF7k7WTIKI71o0ondSXV9Q8r-x-1JnsYykLFzdycToceLI-po5SdCZAr6Hxxb7TPybkpQSrN7OW-A8TCpfJuqsDugx-fJaGhmkjOxZseg6f4zBJgsOeyl0zfbg8dwmMeqCVPVO3KmPaFuHxYgOdVmJ6A17u4t8-TsetsqTYFBFXGpm_bhJFqWhjYaA6PwDpqM9Y1aaUKaHLxkQ3dMhlVgaBMe5mlUlzyGEuUYEDqxQTmmksMxlvYGG6txrviMxmdzWROJjbIZVqeeU1LzCyaGPQgqCJIU3DGivToLO9MJG1X9wJENEIw_a7fKs9vfIKAsxIwT84_PEAN5ZaAcg72W6J-4Mh2qpvHVJJn7C6zv7f4XGJtJrXyUgH3nAm8ZNeXjeuQwELWs-mzt9rXdTdZ5tCH8afMIOfEoAwmMDUEBEBivYicDLdxTzTd0I26cc4oRQgmLFBL7V3ivecWXgvJYbf5nNZvuNfm5IRrtoBzpiarX3wXebhg3_u0qGFnBrf1vkWhU2xslNXmRr9LfFQ-V-dZsaAadDS0m3xIZM0L1JU-fErARa0GPfN_jTdkHXXIo--SlAVvGnJozNCazhGry0wH7orLmpbSAALsX1xcZJOSCEsRZ8qLpy6Oi82yv8E_ZaZpJQ_enyCfbmeLmt9PASf_9CbCFOcihYjwbXE5VIAL89dbpt_RkNLxWEEFmSdE5T-x-Piy065ua6E4jOWp2V0muqcK-kuM5oM4KK3gdUobntf0JQnM-Rv2TgdmDCjDoryPUwMemOiHaFA-HFdBqdWOx_fscY6zRwMDHGjx7v50iBNt-tU2vF43hfDY0WAzx88A619_eAYrioGEHJ-agrGXXGmgTXdL3hyI5-AfjWhHrDSqjI_ntjVOVCdktL0Al69Gm5OIr9zoPpK5nC2aelX8YV6dwaZr-6eF38J5AOnXstgDfLh4yukxGDObvU-bMRL4Vbohz02adkQT-aU9lnleQ2LBOcFjw

Requested by

Host: weheartit.com
URL: https://weheartit.com/entry/356622090

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 19ms
18ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021062408&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9f85e2d8addb547bc09767ca4f26c4e58e665f0f666c4c6c8056703453b1c1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Jun 2021 13:42:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7877
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame F0E7 2 KB
1 KB 54ms
15ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=weheartit.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

7512ae62108af074eaa90622e9df04625f120ecf4a909443fa6dc1a2b071c7a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=weheartit.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2714
set-cookie: uid=66df675e-f986-4d86-812c-49e0162e0784; expires=Wed, 29 Jun 2022 13:42:14 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Tue, 29 Jun 2021 13:42:15 GMT
content-length: 1129

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 13:42:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Tue, 29 Jun 2021 13:42:15 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 6D87 12 KB
5 KB 10ms
6ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Tue, 29 Jun 2021 13:01:14 GMT
expires: Wed, 29 Jun 2022 13:01:14 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2461
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0ADB 783 B
532 B 17ms
15ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

11f98333b34eba8fe483c4a0b1f78f67e8bddffa82b67d04bc8eedd440c2fb09

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pdGB8l0BENrLU48OK2ipUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://weheartit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://weheartit.com/

Response headers

expires: Tue, 29 Jun 2021 13:42:15 GMT
date: Tue, 29 Jun 2021 13:42:15 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-pdGB8l0BENrLU48OK2ipUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 DbygjneaO4DVyaaVGwd-ToFDSMFkJodatxAyqShhIKw.js Show response
pagead2.googlesyndication.com/bg/ Frame 6D87 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DbygjneaO4DVyaaVGwd-ToFDSMFkJodatxAyqShhIKw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dbca08e779a3b80d5c9a6951b077e4e814348c16426875ab71032a9286120ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 10:45:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10584
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5767
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 10:45:51 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5CD6 42 B
64 B 20ms
16ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstTJaJBwSyrSCl5-xiRdfUmjLUFVH_MwgLBqh6xO43x4NbrbW0SpK7eTHcBorGdfgKfE2IXKtspVCj1KWFxUcoi0di-b16FwBZW6ah0nmU6DJNHXK8kqpQTUFnlag&sai=AMfl-YRx3heECYQ71_VC-r_f9M3x0FK79R02DC6jGmKC-5t7idIYQlinH8iEKQ55SHinOf7HLzXH9txBQKxj1-SXGNOxEAKzMM1u3KITQLddJHvPgK04y9Z1fMIC3r08Dqs&sig=Cg0ArKJSzCyusZ0GVV4yEAE&id=lidar2&mcvt=1000&p=255,1204,535,1540&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210628&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3950113444&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624974134002&dlt=84&rpt=1&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 16ms
16ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021062408&jk=2668725786636151&bg=!29il2JzNAAYo4NJEKOA7ACkAdvg8Wqbc2hLTwrIOV31I63Mbk6MMkAiI6KjBA6y3neVCSec6gGcyTwIAAACaUgAAAA9oAQcKAQCNKNn1MOPI_kGU5YFZoA5YSSA2aF1VYVpeJ6VuVXpH2R93rXzMymxDe4shkfg1KScSG01gd6DJUONrlZyOZDqG22OFah-qhrPzDlPelJ_XOnfIabLdVdfp2ngYiBg1SRTKZvQoi-TyaAVtwtd3VncrEIeqdozeV_MaqQFIvSuEQzovMYQRooTUQOMVFnxuZ3eNS-doEfLtIyUodNrz20cT5jhYhV8VfUCXJFL1Bg8P892F7qKeZn45_jlGIYCRYUhcY-G3wuFlllQKwwe-gw4QKdtZmnieo7dwJGjK2hSvQrjOqhR1vgmmn6UwIA2syfij-O9E3UzhkwOL2KOPlvDWmQJivp9g-fEad_bggZKBaMn-7UizxJaBI5b8qOxFeGlJZD3qNDvcC5TcA8jRnDbbBXGKVkaU-18LHRDmSOE0-okbqgPmBhYp8MnX8sHUFEj1scAOsXrTPttlSg9mXO_-f9k9YYGIUFeEv2fVxUFrlYAPP7Qz7mz9ZyJTmPNR0KeyOApRvpL-c1Be2nOVDuznaNu0JuCZwxQAKx1IY_9Pi49P4Kz59da7UlxQ21odmlsQCf9RADtP975ogi2QkSmlhq_8z3-2F_qmH8UJfZT9I1nw8_4Aq8x6-xdpmWAdSN6VP0gBbtT3Ac4XaB0DZRf5hwNKx7cCTL1MUC70WLPnj4WYS0G4ELzrNy485l5AbtRFQSkAXbj3_pTZhTGjhBDYdKg6V-yq-hSOG7-A7a0lL4kz4jcgkKgP59kZBNZmh5Vo27oHsFEk576tXHR_KoCjOdjTpoUxOVRSThUZvIVtoqACRYAE0lpcOquaZQ7lkf_yRzyXKIbd7E8wD5aMgLMyZlKFe29zcawk2s25hqqJMTUvZ1v1LUHl1NVovDHSVjv_3QCiGO-QH_LYfb00L3Bv8bCA8r3wOqgpFujSHTUdXzBsULHLcFxPJlcExlK9qHssI_tsUtd8LOAcLeGE93yFHCLFmTt6kXXTmlTYiZyEGrubY4Nap8rD6jBTY4nxZPWuP73OIxDgUHIl4kWDh-MWhbUkvpoMnF15vOQqvB9i3gHB8QN0WFxb3POaGgcEiwGM93raBB2vD1cu1BodrzAMaQ_IlAQywLMwZFvU8Ft7Z5pqKD_h6riuiPXG8Yxc2lwxPfd5Wg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 7810 42 B
64 B 18ms
16ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu3cyHqFva2jcv6-pxTswHyIycM3acOVj2YUg1620hlX5xr1h4oTIhF608F8_pOYa2ZbIEm9lStTejMuumdp3-H16ABxIm8BWFHaOY2vdvzX2mHWaaPWl_z6HZ5IA&sai=AMfl-YRn0ghqXDiih7I7h6PjsR3B7UQva-Tt9Zvgaspr2fpVGGXJKdbI7wUuDotTu3Rq6rhMYMVm7dDu2abSAqsJl1mT_ZMci9PzrNIaN0lo4HYExpOkNUKdzTZUv6Dhd3Xk&sig=Cg0ArKJSzHotoc4QAoq5EAE&id=ampim&o=1204,549&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=368&tls=1369&g=100&h=100&tt=1369&r=v&avms=ampa&adk=752522813

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://weheartit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5F05 42 B
64 B 16ms
15ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuuPg3dOTNauZRqxtb2uLHz5eoHPLb1DTUO2nAFrANUkVq6nA2XTePB90EsaMBTsPSxk_NxHmEZ4YbpKAqOuldLsIVKhNc2UTvVQpgn1cAc9DJmd0ZlIL2CeVavyg&sai=AMfl-YQEF1c44zA69XBLsgM2NRMvkMpaFZZvwCQcUb3gX4piR5tTaTWQW3fneJ3VJy6z-04UIGg4n-z3ZSJbLaMfZsnl2zTZHNQ6nNyz4hhgRH_qoyIfiw_9uAuhISepcHKm&sig=Cg0ArKJSzKf09AYZcOkxEAE&id=lidar2&mcvt=1000&p=1020,315,1270,1285&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20210628&bin=7&avms=nio&bs=0,0&mc=0.72&if=1&app=0&itpl=2&adk=672255445&rs=4&met=mue&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624974134830&dlt=86&rpt=2&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIxpHGr_y88QIVx8q7CB0u3AHOEAEYACCGkZtJ;met=1;&timestamp=1624974144333;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 9D2B 42 B
515 B 194ms
63ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIxpHGr_y88QIVx8q7CB0u3AHOEAEYACCGkZtJ;met=1;&timestamp=1624974144333;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Jun 2021 13:42:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

136 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 19:22:57	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-19 19:22:55	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-20 04:44:30	Name: IDE Value: AHWqTUlA2Iy8m-7-cueaEVYuHzAstuY0RU6OYtrCcUPpAvrZV2C-IooCiV3Ug7khcAc
i.liadm.com/s	1970-01-19 20:06:06	Name: _li_ss Value: MgkI_____wcQ5Q8
.liadm.com/	1970-01-20 12:54:06	Name: lidid Value: 3b162eec-2c68-4e0b-8303-9eff06a92313
.weheartit.com/	1970-01-20 04:44:30	Name: __gads Value: ID=d3a1846dd7c2b125-227c81716fc800c7:T=1624974132:S=ALNI_Mbj_yDMFxsnDJBeZ4ms8XgLJ3MUEw
weheartit.com/	1970-02-18 19:22:54	Name: _li_ss Value: MgUIBhDlDzIFCAoQ5Q8yBQh6EOQPMgYIiwEQ5Q8yBQgLEOUPMgUICxDlDzIFCHkQ5A8

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://assets.whicdn.com/assets/application-50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc.js(Line 13) Message: cookie warning init
console-api	log	URL: https://assets.whicdn.com/assets/application-50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc.js(Line 13) Message: similar entries loaded
console-api	log	URL: https://weheartit.com/entry/356622090(Line 119) Message: [object Object]
console-api	log	URL: https://weheartit.com/entry/356622090(Line 150) Message: journal data set with campaign = Banner and channel = Web
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js(Line 6) Message: google_DisableInitialLoad is deprecated and will be removed. Please use googletag.pubads().isInitialLoadDisabled() instead to check if initial load has been disabled.
console-api	info	URL: https://cdn.ampproject.org/rtv/012106212012000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2106212012000 https://weheartit.com/entry/356622090
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 12) Message: Deprecated property or method 'Ticker.setFPS'. See docs for info.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
adservice.google.com
adservice.google.de
api2.branch.io
app.link
assets.whicdn.com
b-code.liadm.com
c.amazon-adsystem.com
cdn.ampproject.org
cdn.branch.io
cm.g.doubleclick.net
data.whicdn.com
dpm.demdex.net
dsum-sec.casalemedia.com
e125ca0ac12517568cb2f5b4a2363c93.safeframe.googlesyndication.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
i.liadm.com
i.skimresources.com
i6.liadm.com
ib.adnxs.com
idx.liadm.com
images.outbrainimg.com
inv-nets.admixer.net
js-sec.indexww.com
log.outbrainimg.com
match.adsrvr.org
mcdp-nydc1.outbrain.com
native.sharethrough.com
ob.cheqzone.com
obs.cheqzone.com
odb.outbrain.com
p.skimresources.com
pagead2.googlesyndication.com
pixel.quantserve.com
platform.twitter.com
r.skimresources.com
rp.liadm.com
rp4.liadm.com
rules.quantcount.com
s.skimresources.com
s0.2mdn.net
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
static.criteo.net
stats.g.doubleclick.net
sync.mathtag.com
syndication.twitter.com
t.skimresources.com
tcheck.outbrainimg.com
tinyurl.com
tpc.googlesyndication.com
trc.taboola.com
weheartit.com
widget-pixels.outbrain.com
widgets.outbrain.com
www.google-analytics.com
www.google.com
www.googletagservices.com
x.bidswitch.net
x.dlx.addthis.com
104.108.145.107
104.108.145.205
104.108.145.8
104.244.42.8
13.248.242.197
142.250.185.130
142.250.185.162
142.250.185.66
142.250.185.98
146.0.227.107
151.101.114.132
151.139.128.11
185.29.133.199
198.101.167.73
205.185.216.10
205.185.216.42
23.37.43.59
2600:1f18:444a:4680:252d:a0d8:b19f:2c13
2600:1f18:730:b120:1f6b:b8df:cda6:ffc4
2600:1f18:e8a:cd06:e361:a2ce:b047:17c
2600:9000:2104:a000:11:f728:3040:93a1
2600:9000:2104:f000:6:44e3:f8c0:93a1
2600:9000:2156:c800:19:9934:6a80:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6814:8b41
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:803::2002
2a00:1450:4001:803::2006
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2004
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2001
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:830::200e
2a00:1450:400c:c0a::9d
2a02:2638:1::13
2a02:2638:1::3
2a02:26f0:10c::5f64:c122
2a04:4e42:3::300
3.213.73.156
34.234.106.43
34.96.81.209
35.190.59.101
35.190.91.160
35.201.67.47
37.252.172.36
52.17.54.18
52.58.182.33
54.172.13.178
64.202.112.191
65.9.77.116
65.9.77.30
65.9.77.58
65.9.77.86
65.9.86.127
00ea178cbba5d3f907ab88426a2380ee06fc6267ea1e7e9815e4063fcdd8d8ac
013100afd4e485872dea07556132415d6c48541e7ac9ff35e360980fec8a3820
013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
092fbd69cb1d62ff96de9b9708c7d5e63c178fb6dd264eee933415dd88123243
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c5a51dde6296bcf0be389744fc12dd11a66949cdc144d62a5c1bae30c84f5e3
0cc8fd999b0626074498b32693e330d389259151895be68c62a0f58fb6ab7c93
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0dbca08e779a3b80d5c9a6951b077e4e814348c16426875ab71032a9286120ac
0dc4093b6b9286ebfc6c728ddd3a70812a726d79d6f41d60a506fd5b93c4929c
0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873
0f6bdbd8bb778e5bf228759f6031de05dbc2dff354e13f68e25317dd29ea62c2
10c18c6ea6e36632c1d0a667acc536c60a7ad3b7b3b5a59d2a3b8d5c7cde880b
11f98333b34eba8fe483c4a0b1f78f67e8bddffa82b67d04bc8eedd440c2fb09
123679f5cace54226212387b9f27b90a02a8d8a3ccb48306fa19ff5dd4159067
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
17820cc8156603e2a9d32c417b5a590af96df27f61f46c62a1954d7d6be97b2f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18b636579b18f3b5fbc3c57aa279c130891bf663235119d7ed9a62f3793c2c07
1953b20bccb80d8f24114d7952ec27b5b1bb88d49ebd56cac0decec272667a1d
19806ab02990cc8a1e25a2262ef88c8f52d1d88fe8b35001a3491b08422807a1
23e6653220944d2dcd85d8e11d0f5c5747cd744b8eb8e687245a0e38f3d7bac4
25da8dc8c43377821c67e628d0dd8c87dd04342f31a1c6995d3c65860400adcb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
278ea5c031b63fe2ed020de506bfc5a0393233f86936e80b7934b835a0bf6d6d
29294b00f5c2981bcc033f60423f572ccec700f42055d957c204d7ef70b60a55
29938d1be89a5e98fa710c79de62aff3efe3152c0364688f86e864972c721c69
29d592e34e3d2c8ca0c55ceafd75940de79cdb6381d8ceb372d226e7820e7220
2b63956a330aef339f9595ac1237b697bf4c94f9434dcd5693265dba148ca05b
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
2d65a857298c0bce72389bc0c2417352b140c8050e7b81416e9d6db9b82b16a7
2d8b6d7d2653ad1fb0b919edd2d62b22c15acbb1c56c1dda636c0723a30ab3a8
2ebb1c151192f11b0e3503d435b96fb66868bd44d0f0c0244e2b1775f893892a
2fac6a1d2265289024d093d09ec3c1cb04041eb4a73d6adc2425cdb4d72aed02
33bc5b6a9944e817a3cd8d4a0f1d43af1c4f8959281e6b3b00dd9f79a40f53bc
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f
3afb0c277df85f52df6565d520603f593a1601541cd86fe3a24bbb33fc334d93
3f22686839518e345e49034b3339609c371babc6a0571fd1ae3218dd34a4d524
3f849727a15abb21f66c5740d7f5106dad42f07e512a1d98be5699ad5361da10
3f9f10aa7be0e2c05e83d6d1f426c196503fe3ae9fedfd63bf40ad24925dc9e3
42c0019ac2f32d24160ef9f53853c7caeb65ea3b21bcbcd8e3b90a5a230dfba4
42e2538b2440ef84f47b25402883bb255ef589c10193a8b323892a0f718749ab
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44e04e4776c58b34580006ef8e8a1e1ae336f3e9c429ae242fe9a8f090889b79
470503982faa17aa198e19e155914b9b75167e58e14e3faac598a93246464b0b
4790b592ccc4d5c8cfe82b1e70e3b2b95e6760cb6f462fb37f7ebb07f6df9e4c
487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb
48f9695743d1ea7156fe612eb25beb3be6ca81d94a30891b848d0177137dfaa6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ba9ad01b3950c0d6cf810ec0bf36924bcbd410f2b0682a7d5ead7d47760b94a
4c3c9989b648f873d37903a17200d7d9ec3d94371787b9eee033ce1285f7cf5c
4d48def3e44dea188e1f924946237b6be7467d4a24e951f01a0af810f20cff37
4d62daccd65a8be62072d277e1549ce9111e73b89cbdf90e4afadf1eee8a9fbb
4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50994483b897411cac58654c29f172a57a6e4082eab112f7c83bf980a213b9fc
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
5cdcb00f2c777d1e6f74e8843a7705baf2e84aa4c18e9472a76e30569187667c
5e0aeb27ad5ec940a7b1049848d9ac96fcc00a34653745b7796d695f9f25f508
5f0a5fac98beed6c5c51ebb1c90e7e54933a73c0d882386c1b56643fc74e6671
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474
65c2a9c251ef70bad698c2330bd8d28c70284684ab1f034f336478fdee0e1f7d
69b72c1a2bb8e490c0e2af0a27fb620526ee52b9335e6ea73137518f156d9437
6a9fd83d363075e725d266521ffd9f86ffd2ccdbd01ddf07661f6c59ece9d9bd
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d11721d1f5d0a915e78dead84011204adb566343a1af3eaa9ae2b5bf7b9f08e
6d9bdd15d3f597a8c3fe0091c0cb5aa711d20f3e4367f2aa698390313b538e1f
6e9ff7528ce15bd8d11352b24615dae372cf16167ff2820b16809cfdc9fde0fd
737ae22a8fde00e6d0afcd0413380d29f6eddc236f71699ec0dc69021cdd82a1
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7512ae62108af074eaa90622e9df04625f120ecf4a909443fa6dc1a2b071c7a1
758135feb6954c2501153f4a7846378a69e4189243d09272685850b10632358f
76b45eafc7d8b4ea085b4612aca08896a8e5da1580072a069a3c42e09ba2211f
77a5b8060ca3077b59266e703f553ec0b470e050723611384c4110ee3c9a66c4
7ab69918f82ed09cd61c67f2a922719eacd400aa7c754ae10e9a42dec1cb59bd
7cc6503b1719b1882fd844528cd62a61a619b5ed32baed6c7837f80398a3816e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80858e3cc31ae7ba2e0f7ca25c4ed26c6376d8ac1c4169e3b9626c93137cb16a
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8365e9119d307bc461403fb1f4eea8dee6c4ca3360687b30f497c7fdbbe2635c
845e12e62ef7da9cac94a76375172e4c67836fd39a168902ec87742b44232b26
86d71e83c3a8b591cb664faf3c82483fa88bcc7f3117d9e1a452566571d54a6b
87135cdd38b6f131d182611095b0728f19bc99b94e81b36a6bdcf9766291615b
8826db2d14938686bf49796e475b6b517c679f3d5e425cdfa6b8f5ec0a323f1c
888015a2beb7daa478c85fa17f538f65bd380b73fb087ddee6fccb32d2a26788
8994af594d5b44a2244155d9e567be672557846242b3c65ce86eaaeb652c3744
8b2da400805d73af03805eac1a06ad22c1bfc3508bacfb804c38a0d00b16cafc
8d76c613e3a1553f236b9de88e5007d27c4049c385846a071513718371baaf64
8d8223d8e137daec35fffb894caddcc763013f6ed86948cd53542169b7bbce81
8d84fd6228f425cda243191d28c6fa93642fd7f6bcd2892159386e9fd04a7775
8da0ebde5dbb79e4c1de015da12b3e831f6b33c668b01b4d223a1defc1340a93
8e2a713ef4c34a7b7716eb47b01fba70f54048fd586c0b5008246874fe42372b
8f968e74a7825219f3fb0e3717e8aa0854ded3e3603fe44658a7037a587935a9
90f16fbd6edac219e07c508f90c166af3ea6da5303629300d971c3498419024a
94e6cae951765f4c1d852e6e43fb6300e671ae0b53f6e47d515e0b879322a653
971d5af0c9430cf6563804ea45305a299be008dcae79572bfb0504ad007eb679
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
995fd645ed7b062790766fa209539ddb3bdb07c14b4e392901207142f5d6d594
99a2d8bd0f6f2a1abefd03480b024dc73b116a58781bcb7a629e0285bb87b682
9d4df683a2aacf70c255ac503c0f6907ec9e74c2b310945ced111785f0eb4acb
9e7a4ef0068a73f7d2ff7dfc834c46201d5f17f122f0e99fefbed642ce68e170
9e9f4be3a9af4c4036d334ac531e166edb65cf2b36cba8b15108faaf6e97a95d
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a029ad1de22249db15e4a05e5e168cf70b256ce05cdef7f7e7927c2df030f57b
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a27d52be1ff7ac6d51164e3257a2335d1162f0ceec2312e36cd9bd6c3b796999
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a74531fe5dba66e7678bd580a77d2520b32338d1bed2017aa82f31cf642e70e1
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a9f85e2d8addb547bc09767ca4f26c4e58e665f0f666c4c6c8056703453b1c1c
ac42f28820c1a06584cf80f69fc888b8d19d7b87197bef5ea6ea355b712df62c
adcb6c3e76ae8544bcc79926259ceb8a6b85e6e7377eb51f07ef217d3ee836a8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af6ee87e91a68309051455471632e17414c55dabe8e72e3bab8decc731dba35d
b127d73ab5bea10daaa0dab40a03f19d3565796b0202db1258712c5dabebed74
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b5ec6e6f37615c6e87dd174ae2b130d8c9f9199f8422909fab59daaf4e19e9f8
b69831d4334613b300f1d0a75e692ff23126f3ac599b913d37c836aa1a098dc2
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bd04b954f60aa82c29b90219a9700d424c007dfc6ca94acd18d3178a3fc205ff
bf01b1f0ab7cb3e7e14e7c58c43f08aeb618669ea24ae923ffd7be69412c12d5
bf2b2799f39cb443ecbe9c50d6bbc417a56bf9b1f578f64fa1da56a0ba4e6c0a
c25c2adc848c9e244170ce705c1f01ee14fac92935e3acb17c972db1f18df8d0
c4d457b6b992b2dcfdcc6a6a2107d32f120933198ec364788003608089f6b66c
c52dd79ef68816a11f5072b8bd5fe5ae2fb1227fa97562c206b883218b2fa296
c5ef333f3ec0e55b8499d882c73c7ae2b99b0e24514310908c316faa50f0c842
c67f0afd7440e2ef640817b8f94e4676ae0da1b584c8bd3b79566681afb88599
c693c86e7852e167687744b8ef1d7f4719319ed6b226f069cbb8bbe51352c101
c76eef5c335bf6f3e4db19915cb615d13d145c50c9dda66b78537d9890ed450e
c971ec4829376335946d1beaa191f2c64a48e8954b422dea372c2d9029177b9b
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
ca317cbe39caf635daaa199052aed30296b2e32172575a5a3b51ac7ada182c1f
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc12b69ab155a33de221a166fc986e280595e896e1fe0e644071ddbe4bf6f601
cee6b8094496f83dda74161a0c028a28b67ada39e09048a761b43145d8746fe2
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d056a2e624b08dd0fd35ee07d4bb55fa0d5cef9da87b58c887a62745906d162f
d115ff44e59dd9bf8854641112e4c6e29f339c4beabfe3b71b4f8e38d6ccbf14
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
d27e29793b5e772173ba2e6172af7e78274e25c9bee87f4495d22b2f78f044b8
d3273741995a4ec9ad375879173aa061c67bdfc099a40119af82834f3f5117e8
d4cedcdedd9f7616c0feda19bce21b1a672fda60fdbf4afd55236a6d7ba0c96e
d5d7d34f4f9f014450d6f5f68f2d4903c97413c76f3ea135611e44cc8cc63693
d5dc46e7959a5831d674d034f27a120302f1a655f5b018fb1f75d00c45b90ca0
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d8a2b906d6f9daa0cfdb356c61653956dc1e00dbae584e00e84cfbcd81e13984
dcb15e73cc53ed1fdc0de208f27eebef10ebfd46ccf91a8650e9b02a738242ad
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e2f5a99d439c1d7bc8cd4e02f39d77d0dab1eba4e1fae40d3fc5d06ac3aaf1ea
e3144818b63c23e91711a5c7771eb063840287a80275685e2fe1792faf0a4a55
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e54b897cb477a0ce61dc7c6900e1c57a4f127c24716662b84313be238e0f7abb
e872cbf02c8b399de0bc02a3120c525d1397d73e6fe9b396ddb9fb8ca645421f
eaebccba5366d36fad6ecdbed1e623ccc57f8356f249d48ac98ef552d64afbc8
ec9fd3c71de1694d2d7c6c49ecdc107509ed19c9bfde330a8b85cc1b1a1d2257
ecfb3b12ba988fc28670af214aa925119cbc2f711d0ec2fc89e3a2cc7a1dbf4b
ee9310cfa69ea94575e7317593cb65123400f99e3ec2d8f53d5759f44d11e3f1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
efb0a9240bb10062ef0b117855c79b7ec2439022aaed25fe944f22e60a42b5e9
f2047d2ca924ad131d52121567157e3b1b556d0b6fa17a46ed7ecddb53c1b6e5
f2fafbc6ed9ff0f151048fb5a56ed19ed3e5df0c67a2718e929bc7e038b7146e
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f5edcbdcd57db5c38df843ebc89980271008f5626250a1f98d409528d5e79f2d
f75095cd6a32c0c64a401ff79d0801fe1d5ed5aea1bbeb4d94d5b15632e769eb
f852dfebba4af97add777a1d789b4739164d6cc93aa34db2c463141a5c3f4d09
f8c1bb3db38dcd17540aea9cbd79422192958ecc1b5c18873941b63f99678924
fc21281eb68765df1b2e005222eb157b38f7d45ef22c198ca239c20ede207cee
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fda8a547384de31097feeb795bb1ee9bc135ad7bb4725f3d858fefc6c83e3586
feb5bbb3465ec6267f57719baa668c2973b98d6a8ac60b70bf7ce00f75cc56f3
ff386f284d1aa855d09a3090f212384388e98f3061c30be57a3ef3a9e9281e56
ffc9cc2aa1553359a7524be8bc7ec3e20c54d7e4d4b7327db63f1daaefca0303

weheartit.com Open in urlscan Pro 198.101.167.73 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

245 Requests

99 %HTTPS

43 %IPv6

36 Domains

63 Subdomains

53 IPs

7 Countries

2686 kBTransfer

6160 kBSize

7 Cookies

9 Outgoing links

Page URL History

Redirected requests

245 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

weheartit.com Open in urlscan Pro
198.101.167.73 Public Scan

Screenshot
Live screenshot

Full Image

245
Requests

99 %
HTTPS

43 %
IPv6

36
Domains

63
Subdomains

53
IPs

7
Countries

2686 kB
Transfer

6160 kB
Size

7
Cookies

245 HTTP transactions
3 data transactions