Submitted URL: https://u1584542.ct.sendgrid.net/ss/c/wehEm_vu1NBVXOKYSqOxTOi34aJoCJC1EivM7Ih953zzwh4_HV4hNFs9HDDBm-cdHd2kctRrk9OwPxqH5Eyg2yZHBOW...
Effective URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9...
Submission: On December 01 via api from US — Scanned from DE

Summary

This website contacted 20 IPs in 4 countries across 15 domains to perform 68 HTTP transactions. The main IP is 151.101.192.174, located in United States and belongs to FASTLY, US. The main domain is secure.actblue.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 5th 2021. Valid for: a year.
This is the only time secure.actblue.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
13 play.google.com www.gstatic.com
11 secure.actblue.com secure.actblue.com
10 www.paypal.com secure.actblue.com
www.paypal.com
www.paypalobjects.com
www.datadoghq-browser-agent.com
5 c.paypal.com www.paypal.com
c.paypal.com
5 www.gstatic.com pay.google.com
www.gstatic.com
4 pay.google.com secure.actblue.com
pay.google.com
www.gstatic.com
4 sessions.bugsnag.com secure.actblue.com
www.datadoghq-browser-agent.com
3 www.paypalobjects.com www.paypal.com
www.paypalobjects.com
2 t.paypal.com secure.actblue.com
1 api-js.mixpanel.com www.datadoghq-browser-agent.com
1 hexagon-analytics.com
1 c6.paypal.com
1 cdn.sift.com secure.actblue.com
1 dub.stats.paypal.com www.paypal.com
1 b.stats.paypal.com 1 redirects
1 www.google-analytics.com www.gstatic.com
1 stats.g.doubleclick.net secure.actblue.com
1 ssl.google-analytics.com 1 redirects
1 www.datadoghq-browser-agent.com secure.actblue.com
1 actblue-indigo-uploads.s3.amazonaws.com secure.actblue.com
1 cdn.mxpnl.com secure.actblue.com
1 u1584542.ct.sendgrid.net 1 redirects
68 22

This site contains no links.

Subject Issuer Validity Valid
secure.actblue.com
Sectigo RSA Domain Validation Secure Server CA
2021-10-05 -
2022-10-05
a year crt.sh
*.mxpnl.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2021-07-15 -
2022-07-28
a year crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2
2021-01-11 -
2022-02-11
a year crt.sh
*.bugsnag.com
Sectigo RSA Domain Validation Secure Server CA
2021-05-05 -
2022-05-05
a year crt.sh
*.datadoghq-browser-agent.com
Sectigo RSA Domain Validation Secure Server CA
2021-03-17 -
2022-03-17
a year crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA
2021-11-02 -
2022-03-15
4 months crt.sh
*.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA
2021-09-21 -
2022-10-22
a year crt.sh
*.gstatic.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
c.paypal.com
DigiCert SHA2 Extended Validation Server CA
2021-11-03 -
2022-12-04
a year crt.sh
*.sift.com
DigiCert TLS RSA SHA256 2020 CA1
2021-01-13 -
2022-01-19
a year crt.sh
*.hexagon-analytics.com
DigiCert TLS RSA SHA256 2020 CA1
2021-10-19 -
2022-11-04
a year crt.sh
*.mixpanel.com
GeoTrust RSA CA 2018
2020-04-20 -
2022-04-21
2 years crt.sh

This page contains 7 frames:

Primary Page: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Frame ID: C13C4FD2A773EE450D0954154FC8FCB4
Requests: 27 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
Frame ID: BA4F4E54E3ECCE3C4EA9778723B1D565
Requests: 16 HTTP requests in this frame

Frame: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9keHR6cnRqYmRudnBuZGtpc3VyZmR2eG5lZ2h0bGwifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=aa864c339433b&storageID=uid_5b68de0f43_mja6ntm6mdu&sessionID=uid_1306be8a13_mja6ntm6mdu&buttonSessionID=uid_032faed715_mja6ntm6mdu&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiNmU3ZDJkY2M0NWI0YTM3NmZhMmRlZTFkNzU3NzIwZmQxZjFjYTljNSIsInByb2R1Y3RzIjp7InBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOmZhbHNlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Frame ID: 8E6D01A9334F03AD438F368C1D3371F9
Requests: 7 HTTP requests in this frame

Frame: data://truncated
Frame ID: 6AB874E227544199B23CB3CF8AC142B9
Requests: 2 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 387F2D49BD8FAB0EAFFA840B4B3F4C38
Requests: 3 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 0505E4598552700A1DE6615B19115366
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_1306be8a13_mja6ntm6mdu&s=SMART_PAYMENT_BUTTONS
Frame ID: E5A6F56BD67461DD1173834F3CE5C88C
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Blue Future — Donate via ActBlue

Page URL History Show full URLs

  1. https://u1584542.ct.sendgrid.net/ss/c/wehEm_vu1NBVXOKYSqOxTOi34aJoCJC1EivM7Ih953zzwh4_HV4hNFs9HDDBm-cdHd2kctR... HTTP 302
    https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subje... Page URL

Page Statistics

68
Requests

96 %
HTTPS

43 %
IPv6

15
Domains

22
Subdomains

20
IPs

4
Countries

3971 kB
Transfer

7249 kB
Size

27
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u1584542.ct.sendgrid.net/ss/c/wehEm_vu1NBVXOKYSqOxTOi34aJoCJC1EivM7Ih953zzwh4_HV4hNFs9HDDBm-cdHd2kctRrk9OwPxqH5Eyg2yZHBOWZxLucMOo14OkDajST3d_gr1KDMKbLnr-tdc0e76xK9jQ_iElsITQWddo7ChTfJzpd07iqO-qOV4TufPc8rseIlaGiVF977hNFjlbuYzBImLmIRhn67lnDAtmMz4s_U4sg8QG54wKpO7t8_j-_Eaoh7n4g1ACF2C1fxBjkNb3fs0YCmBk_kYdWTLSRz8mUce7Pe3jFPYh5f7uczGgPDkHe-wjIhOpZkLl1MRWd_2x3YK2GFXdCbn-aEPTk5V2_wRFedv_PT24f7-sjAObPRbI5Z3KE5WYnOGHNUnds/3hh/igltcIkrSnu0VjznJSpFRg/h3/5qukNy8LuKgRK-iIwDWWTzhJdJWhpyPgiPEKg1MZZEA HTTP 302
    https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.6.1&utms=1&utmn=1544567696&utmhn=secure.actblue.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ActBlue&utmhid=432886642&utmr=-&utmp=%2Fdonate%2Fblue-future-2020%3Flink_id%3D4%26refcodeEmailReferrer%3Demail_1372628___subject_1805852%26can_id%3Dc9f7c537c32da5d5d3b888cfe8a48893%26source%3Demail-freedom-to-vote-action-party%26email_referrer%3Demail_1372628___subject_1805852%26email_subject%3Dhow-to-move-joe-manchin&utmht=1638391984662&utmac=UA-159696-1&utmcc=__utma%3D88171332.656667783.1638391985.1638391985.1638391985.1%3B%2B__utmz%3D88171332.1638391985.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=223078782&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-159696-1&cid=656667783.1638391985&jid=223078782&_v=5.6.1&z=1544567696
Request Chain 58
  • https://b.stats.paypal.com/v2/counter.cgi?p=uid_1306be8a13_mja6ntm6mdu&s=SMART_PAYMENT_BUTTONS HTTP 302
  • https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_1306be8a13_mja6ntm6mdu&s=SMART_PAYMENT_BUTTONS

68 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request blue-future-2020
secure.actblue.com/donate/
Redirect Chain
  • https://u1584542.ct.sendgrid.net/ss/c/wehEm_vu1NBVXOKYSqOxTOi34aJoCJC1EivM7Ih953zzwh4_HV4hNFs9HDDBm-cdHd2kctRrk9OwPxqH5Eyg2yZHBOWZxLucMOo14OkDajST3d_gr1KDMKbLnr-tdc0e76xK9jQ_iElsITQWddo7ChTfJzpd07i...
  • https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&e...
61 KB
17 KB
Document
General
Full URL
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b3e3e6a28c1d32ab2ea7321b2dc3201cda4634cc33b4410099f0b042037614e4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; report-uri /system/csp_reports
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-security-policy
frame-ancestors 'none'; report-uri /system/csp_reports
content-type
text/html; charset=utf-8
etag
W/"f53f-w+lLiHNuQR8QV3m6FrQFGTWsRy0"
x-form-app
kittens! [Server: node: us]
x-frame-options
sameorigin
via
1.1 vegur, 1.1 varnish, 1.1 varnish
content-encoding
gzip
accept-ranges
bytes
date
Wed, 01 Dec 2021 20:53:04 GMT
age
1510
vary
Accept-Encoding
x-robots-tag
noindex, nofollow
x-start
2021-12-01 20:53:04.258
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
content-length
17088

Redirect headers

Server
nginx
Date
Wed, 01 Dec 2021 20:53:04 GMT
Content-Type
text/html; charset=utf-8
Content-Length
323
Connection
keep-alive
Location
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
X-Robots-Tag
noindex, nofollow
94832867bcea4e9f24ee.css
secure.actblue.com/cf/assets/app-css/
21 KB
5 KB
Stylesheet
General
Full URL
https://secure.actblue.com/cf/assets/app-css/94832867bcea4e9f24ee.css?form_app=us
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c0a876e22dd207a67ea508bf2a41c88b3f98dbc7ebc1fd335ccf427bf39aa4ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:04 GMT
via
1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified
Wed, 01 Dec 2021 20:24:35 GMT
age
1599
etag
W/"5539-17d77ab9bb8"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
x-start
2021-12-01 20:53:04.421
cache-control
max-age=31557600, must-revalidate
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
5073
x-xss-protection
1; mode=block
actblue.js
secure.actblue.com/cf/assets/
29 KB
9 KB
Script
General
Full URL
https://secure.actblue.com/cf/assets/actblue.js
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
91b7831e6e365f38a4b3370dec41ad3ab7c96d9a3cee1f2cf5138fb78c150772
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:04 GMT
via
1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified
Tue, 30 Nov 2021 21:51:40 GMT
age
2810
etag
W/"748c-17d72d4f9e0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-start
2021-12-01 20:53:04.421
cache-control
max-age=600, must-revalidate
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
9395
x-xss-protection
1; mode=block
61ba44c6-2b46-45be-99db-1ec7fc177bc6-BlueFuture_Carousel_3-b42c7fa5.JPG
secure.actblue.com/x/object/actblue-cyanotypes/replaced_images/list/373821/
977 KB
977 KB
Image
General
Full URL
https://secure.actblue.com/x/object/actblue-cyanotypes/replaced_images/list/373821/61ba44c6-2b46-45be-99db-1ec7fc177bc6-BlueFuture_Carousel_3-b42c7fa5.JPG
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e74178a6bf366283a6b8b9857ce6ffc27a9635c259fc4b109ee58709352c5009
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
JJYDpAcu3PObfQMSFyyIL2mmcHQ02.nh
via
1.1 varnish
etag
"fd953f09a2f44832f9f6dce502f57efd"
age
1
x-start
2021-12-01 20:53:04.437
x-amz-replication-status
COMPLETED
content-disposition
attachment; filename="61ba44c6-2b46-45be-99db-1ec7fc177bc6-BlueFuture_Carousel_3.JPG"
content-length
1000050
x-amz-id-2
LCc33fMNhOeCaaBHjOFUwDG617EAPhjQGT9QMWO62RAJ0s35wDW7Oyp0Lg34ywR+1dUeCNGvK/A=
last-modified
Tue, 13 Oct 2020 14:17:01 GMT
date
Wed, 01 Dec 2021 20:53:05 GMT
strict-transport-security
max-age=31536000
x-amz-request-id
401WV1JAX84YZGZ6
x-xss-protection
1; mode=block
cache-control
max-age=2678405
accept-ranges
bytes
content-type
image/jpeg
a8d18133-7512-48d5-823f-20fe7a38bc02-BlueFuture_Carousel_4-39a1bc1a.JPG
secure.actblue.com/x/object/actblue-cyanotypes/replaced_images/list/373821/
532 KB
533 KB
Image
General
Full URL
https://secure.actblue.com/x/object/actblue-cyanotypes/replaced_images/list/373821/a8d18133-7512-48d5-823f-20fe7a38bc02-BlueFuture_Carousel_4-39a1bc1a.JPG
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b5efd45abcbbb1a90b0dfae047ffad5450b48fa2daafb9a8f28b678026372dab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
9CcSTLAFyAIssduIOUsMLp4cbIPXIJkD
via
1.1 varnish
etag
"55c766753f589fc08577f6b34ee22f8e"
age
0
x-start
2021-12-01 20:53:04.440
x-amz-replication-status
COMPLETED
content-disposition
attachment; filename="a8d18133-7512-48d5-823f-20fe7a38bc02-BlueFuture_Carousel_4.JPG"
content-length
545046
x-amz-id-2
Q30dbTELrZNoarjc0y2XhbOwjqH5TjFxEPaDY86oZolWWf+BgHi74cS8/P5MGOx4Y/qAC4QMBd8=
last-modified
Tue, 13 Oct 2020 14:17:01 GMT
date
Wed, 01 Dec 2021 20:53:05 GMT
strict-transport-security
max-age=31536000
x-amz-request-id
401JJDNPXFWFM6ZM
x-xss-protection
1; mode=block
cache-control
max-age=2678405
accept-ranges
bytes
content-type
image/jpeg
44457765-8eb8-4b7b-a7fc-1d8e1db4d6e2-BlueFuture_Carousel_72-b8648ba2.JPG
secure.actblue.com/x/object/actblue-cyanotypes/replaced_images/list/373821/
851 KB
852 KB
Image
General
Full URL
https://secure.actblue.com/x/object/actblue-cyanotypes/replaced_images/list/373821/44457765-8eb8-4b7b-a7fc-1d8e1db4d6e2-BlueFuture_Carousel_72-b8648ba2.JPG
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0c0ad0d7ce4c0952e95e55a0236af1c0d8ccad07f861eb1bb39278e9939580b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
7tODk8gGOUQEf2Ae8HQaPYzds0RjDt_o
via
1.1 varnish
etag
"8e930ef40c840fd85e6aec65f59aa8e1"
age
0
x-start
2021-12-01 20:53:04.440
x-amz-replication-status
COMPLETED
content-disposition
attachment; filename="44457765-8eb8-4b7b-a7fc-1d8e1db4d6e2-BlueFuture_Carousel_72.JPG"
content-length
871848
x-amz-id-2
4Ygov+jU1eVZSbywt7Qz/qoCfgW0mieptE0o7M2uuFJ/tL1BeFBHa4Tj/ZgSgMK8ctsRIiHmK+s=
last-modified
Tue, 13 Oct 2020 14:17:02 GMT
date
Wed, 01 Dec 2021 20:53:05 GMT
strict-transport-security
max-age=31536000
x-amz-request-id
401PB813DBJ6DPFP
x-xss-protection
1; mode=block
cache-control
max-age=2678405
accept-ranges
bytes
content-type
image/jpeg
94832867bcea4e9f24ee.js
secure.actblue.com/cf/assets/app/
2 MB
463 KB
Script
General
Full URL
https://secure.actblue.com/cf/assets/app/94832867bcea4e9f24ee.js?form_app=us
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
059da9d9d9fefff7c5314a7212e8bc2e6cb7c156f6aaabe456d49e0f752cae53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:04 GMT
via
1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified
Wed, 01 Dec 2021 20:24:35 GMT
age
1600
etag
W/"1a2e13-17d77ab9bb8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-start
2021-12-01 20:53:04.431
cache-control
max-age=31557600, must-revalidate
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
474006
x-xss-protection
1; mode=block
mixpanel-2-latest.min.js
cdn.mxpnl.com/libs/
75 KB
25 KB
Script
General
Full URL
https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:bc29:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
d041681ad7b48ebd3e8eaf22937c7235b8c1ea0cf9069ec2fb88dcd42d3f9588

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 15:39:57 GMT
content-encoding
gzip
age
18787
x-guploader-uploadid
ADPycdvFhw1tWVRyI23iBA5Qp2t4DF0VxSv8LYa0YwyocPxCx2SkeQBGCSmiL0ZS_8tl9JmgtYEa8d4n4AsDeB5yelA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
25483
last-modified
Tue, 16 Nov 2021 18:27:30 GMT
server
UploadServer
etag
"77c5050453dd79be695c9d3979443265"
vary
Accept-Encoding
x-goog-hash
crc32c=Jbujhw==, md5=d8UFBFPdeb5pXJ05eUQyZQ==
x-goog-generation
1637087250642836
access-control-allow-origin
*
cache-control
public,max-age=86400
x-goog-stored-content-length
25483
accept-ranges
bytes
content-type
text/javascript
expires
Thu, 02 Dec 2021 15:39:57 GMT
uscapitol.JPG
actblue-indigo-uploads.s3.amazonaws.com/uploads/list-editor/brandings/23487/document_body/background_image_url/
141 KB
141 KB
Image
General
Full URL
https://actblue-indigo-uploads.s3.amazonaws.com/uploads/list-editor/brandings/23487/document_body/background_image_url/uscapitol.JPG
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.195.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
738b57410ce8960d28e803acd95c2dbe6b2ee383724cfc4fcb1dde5441d944a0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Wed, 01 Dec 2021 20:53:05 GMT
Last-Modified
Mon, 20 May 2019 05:48:17 GMT
Server
AmazonS3
x-amz-request-id
401NWXCTWFM85W9V
ETag
"2672909ca715d944dc7f6b9254e20faa"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
144247
x-amz-id-2
am2deGSpFOI0+pRZmmDpVumFD1gVdjhWkcl6JbIu5BTHrcdX4PGgroX9DL5yiP4FZrguVD9BneM=
/
sessions.bugsnag.com/ Frame
0
0
Preflight
General
Full URL
https://sessions.bugsnag.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Origin
https://secure.actblue.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-headers
Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods
POST
access-control-allow-origin
*
date
Wed, 01 Dec 2021 20:53:04 GMT
content-length
0
via
1.1 google
alt-svc
clear
/
sessions.bugsnag.com/
21 B
140 B
XHR
General
Full URL
https://sessions.bugsnag.com/
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/94832867bcea4e9f24ee.js?form_app=us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version
1
Referer
https://secure.actblue.com/
Bugsnag-Sent-At
2021-12-01T20:53:04.543Z
Accept-Language
de-DE,de;q=0.9
Bugsnag-Api-Key
04c1a9de88bb73e22614162ba813a0b9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Wed, 01 Dec 2021 20:53:04 GMT
via
1.1 google
bugsnag-session-uuid
8f67d965-e7f7-4cd1-8022-ab01463be46f
alt-svc
clear
content-length
21
content-type
application/json
datadog-logs.js
www.datadoghq-browser-agent.com/
33 KB
12 KB
Script
General
Full URL
https://www.datadoghq-browser-agent.com/datadog-logs.js
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/94832867bcea4e9f24ee.js?form_app=us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.21.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-21-206.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
912bc848d461e328a48863196601323b69ed445926c856f23a426efe674e67eb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:52:28 GMT
content-encoding
br
last-modified
Tue, 27 Jul 2021 15:01:20 GMT
server
AmazonS3
age
74
etag
W/"9eb57181f3149e3310d96317ef9188ac"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
cache-control
max-age=14400, s-maxage=60
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
W01YtxAGvBrEO0-kLXwDpVDytSlx9o9hblgqCFPvKyZELVlsBpJB1A==
auth_token
secure.actblue.com/api/cf/
104 B
573 B
Fetch
General
Full URL
https://secure.actblue.com/api/cf/auth_token
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/94832867bcea4e9f24ee.js?form_app=us
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b9c3775055aea46cb3b10223549a1a4106934451f4b4f18a8bd18957f59f5ab0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
status
200 OK
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
x-start
2021-12-01 20:53:04.613
x-frame-options
SAMEORIGIN
etag
W/"b9c3775055aea46cb3b10223549a1a41"
x-download-options
noopen
vary
Accept-Encoding
content-type
application/json; charset=utf-8
via
1.1 varnish
cache-control
private, no-store
accept-ranges
bytes
ga.js
secure.actblue.com/cf/static/
40 KB
16 KB
Script
General
Full URL
https://secure.actblue.com/cf/static/ga.js
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
653e7cf0591c3856565188ac0fe9b6baa746f318b2cd4f205ac4e08a76edf338
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:04 GMT
via
1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified
Tue, 30 Nov 2021 21:49:20 GMT
age
2801
etag
W/"9fe9-17d72d2d700"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-start
2021-12-01 20:53:04.617
cache-control
max-age=31557600, must-revalidate
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
16100
x-xss-protection
1; mode=block
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.6.1&utms=1&utmn=1544567696&utmhn=secure.actblue.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=A...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-159696-1&cid=656667783.1638391985&jid=223078782&_v=5.6.1&z=1544567696
35 B
430 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-159696-1&cid=656667783.1638391985&jid=223078782&_v=5.6.1&z=1544567696
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Server
2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 01 Dec 2021 20:53:04 GMT
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 01 Dec 2021 20:53:04 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-159696-1&cid=656667783.1638391985&jid=223078782&_v=5.6.1&z=1544567696
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
367
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
sessions.bugsnag.com/ Frame
0
0
Preflight
General
Full URL
https://sessions.bugsnag.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Origin
https://secure.actblue.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-headers
Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods
POST
access-control-allow-origin
*
date
Wed, 01 Dec 2021 20:53:05 GMT
content-length
0
via
1.1 google
alt-svc
clear
/
sessions.bugsnag.com/
21 B
110 B
XHR
General
Full URL
https://sessions.bugsnag.com/
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-logs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version
1
Referer
https://secure.actblue.com/
Bugsnag-Sent-At
2021-12-01T20:53:04.953Z
Accept-Language
de-DE,de;q=0.9
Bugsnag-Api-Key
04c1a9de88bb73e22614162ba813a0b9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Wed, 01 Dec 2021 20:53:05 GMT
via
1.1 google
bugsnag-session-uuid
945aaa9c-8ec1-4acb-b7a2-b904cfa0830e
alt-svc
clear
content-length
21
content-type
application/json
payment_methods.svg
secure.actblue.com/cf/static/
12 KB
4 KB
Image
General
Full URL
https://secure.actblue.com/cf/static/payment_methods.svg
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
99096f106b88e7ccc51d85cdb0004b3a46a0bbe089ed367ae69ef7c2f0be6d9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:04 GMT
via
1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified
Tue, 30 Nov 2021 21:49:20 GMT
age
2808
etag
W/"2f05-17d72d2d700"
vary
Accept-Encoding
content-type
image/svg+xml
x-start
2021-12-01 20:53:04.989
cache-control
max-age=31557600, must-revalidate
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
4421
x-xss-protection
1; mode=block
js
www.paypal.com/sdk/
299 KB
91 KB
Script
General
Full URL
https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/94832867bcea4e9f24ee.js?form_app=us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
328bf2ff2d277978392e1115026937bc2b419477a08ad00fc6c93f1b557f1543
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-rLj7yQWZ8s4wB11mVbzBeyeVePh7znl/lrfz4sijCOai2mV4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rLj7yQWZ8s4wB11mVbzBeyeVePh7znl/lrfz4sijCOai2mV4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-rLj7yQWZ8s4wB11mVbzBeyeVePh7znl/lrfz4sijCOai2mV4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rLj7yQWZ8s4wB11mVbzBeyeVePh7znl/lrfz4sijCOai2mV4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
age
1827
via
1.1 varnish, 1.1 varnish
x-cache
MISS, HIT
p3p
true
paypal-debug-id
f9447045dec4e
server-timing
content-encoding;desc=gzip
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
91767
x-xss-protection
1; mode=block
x-served-by
cache-lhr7359-LHR, cache-cdg20767-CDG
x-timer
S1638391985.114444,VS0,VE3
x-frame-options
SAMEORIGIN
date
Wed, 01 Dec 2021 20:53:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=10800
etag
W/"16677-Z1RCj0clrkYRQWIfilSg1UMzXjk"
accept-ranges
bytes
x-cache-hits
0, 1
pay.js
pay.google.com/gp/p/js/
95 KB
31 KB
Script
General
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/94832867bcea4e9f24ee.js?form_app=us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
111f1700ccb35898fa18b3bbf8eb1d0b0f6e7f744cf9fa6e59e5a2723dd9f20f
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-ma0fG4+pvkOMP781KaE23Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-ma0fG4+pvkOMP781KaE23Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private, max-age=600
cross-origin-resource-policy
cross-origin
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-ma0fG4+pvkOMP781KaE23Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-ma0fG4+pvkOMP781KaE23Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Wed, 01 Dec 2021 20:53:05 GMT
payframe
pay.google.com/gp/p/ui/ Frame BA4F
17 KB
7 KB
Document
General
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cfb7471169bdefbc47bc94817ff0229176c201d309a0a69e5f9ab00076f7fc0d
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-QAQ7eVkQ5xQWVctgs6lxSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-QAQ7eVkQ5xQWVctgs6lxSQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/

Response headers

content-type
text/html; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible
IE=edge
expires
Wed, 01 Dec 2021 20:53:05 GMT
date
Wed, 01 Dec 2021 20:53:05 GMT
cache-control
private, max-age=3600
strict-transport-security
max-age=31536000
cross-origin-resource-policy
same-site
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-QAQ7eVkQ5xQWVctgs6lxSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-QAQ7eVkQ5xQWVctgs6lxSQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
cross-origin-opener-policy
same-origin
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pptm.js
www.paypal.com/tagmanager/
13 KB
5 KB
Script
General
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=secure.actblue.com&t=xo&v=5.0.271&source=payments_sdk&client_id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&vault=false
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
575e2d3eb530ec50f9d8e36467fbaa9d12b2f437ea591529ecbdf9b436bf7950
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-4aucVKufl+teJbAuoiIUG2AWelNATkrs9yfLRBqWI36pueFe' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-4aucVKufl+teJbAuoiIUG2AWelNATkrs9yfLRBqWI36pueFe' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
age
81127
x-cache
HIT, HIT
paypal-debug-id
f3573131c35c4
server-timing
content-encoding;desc=gzip
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
4730
x-xss-protection
1; mode=block
x-served-by
cache-lhr7368-LHR, cache-cdg20767-CDG
x-timer
S1638391985.182503,VS0,VE2
x-frame-options
SAMEORIGIN
date
Wed, 01 Dec 2021 20:53:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/x-javascript; charset=utf-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=3600
etag
W/"34d0-oL//fIxKPpjHOmkv1XYbo2Sn0gw"
accept-ranges
bytes
x-cache-hits
1, 1
buttons
www.paypal.com/smart/ Frame 8E6D
300 KB
125 KB
Document
General
Full URL
https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9keHR6cnRqYmRudnBuZGtpc3VyZmR2eG5lZ2h0bGwifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=aa864c339433b&storageID=uid_5b68de0f43_mja6ntm6mdu&sessionID=uid_1306be8a13_mja6ntm6mdu&buttonSessionID=uid_032faed715_mja6ntm6mdu&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiNmU3ZDJkY2M0NWI0YTM3NmZhMmRlZTFkNzU3NzIwZmQxZjFjYTljNSIsInByb2R1Y3RzIjp7InBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOmZhbHNlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8fdcc852dcd07e3a1b1ae4472fd5d7f6c8afd10f822d23ea795ebf766de097c7
Security Headers
Name Value
Content-Security-Policy form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
content-disposition
inline
content-security-policy
form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html; charset=utf-8
etag
W/"4b096-fP01upbIPhMuVTDPishf8RC7u4k"
p3p
true
paypal-debug-id
f54017872d7a9
x-content-type-options
nosniff
x-csrf-jwt
__blank__
x-xss-protection
1; mode=block
dc
ccg11-origin-www-1.paypal.com
accept-ranges
none
via
1.1 varnish, 1.1 varnish
content-encoding
br
date
Wed, 01 Dec 2021 20:53:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-served-by
cache-lhr7376-LHR, cache-cdg20767-CDG
x-cache
MISS, MISS
x-cache-hits
0, 0
x-timer
S1638391985.238983,VS0,VE274
vary
Accept-Encoding
server-timing
content-encoding;desc=br
truncated
/ Frame 6AB8
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 6AB8
9 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
muse.js
www.paypalobjects.com/muse/
55 KB
16 KB
Script
General
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/tagmanager/pptm.js?id=secure.actblue.com&t=xo&v=5.0.271&source=payments_sdk&client_id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&vault=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
129737dfffcc16554dffd7d6dd3a57b6831c96a75d8acec4ea31709555115a53
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
7e76a0d099cd6
dc
phx-origin-www-2.paypal.com
vary
Accept-Encoding
content-length
16424
x-served-by
cache-sjc10040-SJC, cache-cdg20748-CDG
last-modified
Thu, 19 Aug 2021 15:53:03 GMT
x-timer
S1638391985.350029,VS0,VE0
etag
W/"611e7e5f-da2c"
strict-transport-security
max-age=31557600
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
public,max-age=3600
accept-ranges
bytes
x-cache-hits
6249, 91
ts
t.paypal.com/
42 B
764 B
Image
General
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&fltp=analytics&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Blue%20Future%20%E2%80%94%20Donate%20via%20ActBlue&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1638391985288&g=0&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fblue-future-2020%3Flink_id%3D4%26refcodeEmailReferrer%3Demail_1372628___subject_1805852%26can_id%3Dc9f7c537c32da5d5d3b888cfe8a48893%26source%3Demail-freedom-to-vote-action-party%26email_referrer%3Demail_1372628___subject_1805852%26email_subject%3Dhow-to-move-joe-manchin
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Dec 2021 20:53:05 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1638391985.346778,VS0,VE173
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
90184c2aad790
expires
Wed, 01 Dec 2021 20:53:05 GMT
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-cache-hits
0, 0
accept-ranges
bytes
content-type
image/gif
content-length
42
x-served-by
cache-lhr7368-LHR, cache-cdg20771-CDG
index.html
www.paypalobjects.com/muse/analytics/ Frame 387F
54 KB
17 KB
Document
General
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
12500d956b47de01bfe02a21db437ebbd7b462f54137f0a37b80992df7f5ce59
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/

Response headers

content-encoding
gzip
content-type
text/html
etag
W/"616f114f-d9ea"
last-modified
Tue, 19 Oct 2021 18:41:19 GMT
paypal-debug-id
e424b0eeae559
dc
ccg11-origin-www-1.paypal.com
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
date
Wed, 01 Dec 2021 20:53:05 GMT
x-served-by
cache-sjc10043-SJC, cache-cdg20748-CDG
x-cache
HIT, HIT
x-cache-hits
348698, 24
x-timer
S1638391985.389867,VS0,VE0
vary
Accept-Encoding
cache-control
public,max-age=3600
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
content-length
16794
cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame BA4F
2 KB
2 KB
Other
General
Full URL
https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c0c::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
referrer-policy
no-referrer
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1608
content-type
text/html; charset=UTF-8
m=_b,_tp
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AM... Frame BA4F
147 KB
52 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73f397a29f507fe52c577f48d1bc55ef5a3e01a91d3d5883defecea30de26e50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 17:35:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98255
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52697
x-xss-protection
0
last-modified
Tue, 30 Nov 2021 03:43:00 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Wed, 30 Nov 2022 17:35:30 GMT
noop.js
www.paypalobjects.com/muse/ Frame 387F
18 B
203 B
Fetch
General
Full URL
https://www.paypalobjects.com/muse/noop.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypalobjects.com/muse/analytics/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
ef9c765e4af1c
x-cache-hits
445073, 37
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
38
x-served-by
cache-sjc10044-SJC, cache-cdg20748-CDG
last-modified
Sat, 13 Feb 2021 00:26:56 GMT
x-timer
S1638391985.470294,VS0,VE0
etag
"60271cd0-12"
strict-transport-security
max-age=31557600
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
public,max-age=3600
accept-ranges
bytes
x-client-location
DE
ts
t.paypal.com/
42 B
450 B
Image
General
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&es=visitorInfoFlowStarted&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Blue%20Future%20%E2%80%94%20Donate%20via%20ActBlue&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1638391985464&g=0&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fblue-future-2020%3Flink_id%3D4%26refcodeEmailReferrer%3Demail_1372628___subject_1805852%26can_id%3Dc9f7c537c32da5d5d3b888cfe8a48893%26source%3Demail-freedom-to-vote-action-party%26email_referrer%3Demail_1372628___subject_1805852%26email_subject%3Dhow-to-move-joe-manchin
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Dec 2021 20:53:05 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1638391985.471531,VS0,VE150
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
767a51dde159a
expires
Wed, 01 Dec 2021 20:53:05 GMT
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-cache-hits
0, 0
accept-ranges
bytes
content-type
image/gif
content-length
42
x-served-by
cache-lhr6625-LHR, cache-cdg20771-CDG
m=byfTOb,lsjVmc,LEikZe
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.WnW... Frame BA4F
36 KB
13 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.WnWUPV9Q3DI.L.B1.O/am=BgAC/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrhYNxRf0uULsY_GTEHXJvJIj-CKHw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
76d9d29a27dcf9f3fc81e979de9a3a14babfb5b0804e7038042911922e92644a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 17:35:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98255
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13438
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 01:32:06 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Wed, 30 Nov 2022 17:35:30 GMT
m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.WnW... Frame BA4F
73 KB
27 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.WnWUPV9Q3DI.L.B1.O/am=BgAC/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrhYNxRf0uULsY_GTEHXJvJIj-CKHw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
75d44774b306d7d48738b89d0a1d8ecb345af7e598aba9a55c715f40d7e55d01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 17:35:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98255
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27453
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 01:32:06 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Wed, 30 Nov 2022 17:35:30 GMT
graphql
www.paypal.com/targeting/ Frame 387F
434 B
2 KB
Fetch
General
Full URL
https://www.paypal.com/targeting/graphql
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ee3ed54dc3c5ac3559562178e312ff0bfb8f16ac58fed86f8e088a4ffd6ba53b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-FcNB56WZ82ExdSHrsps+8DB6NUCqwjBYzkbGSZvxoZYZtXt4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypalobjects.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-FcNB56WZ82ExdSHrsps+8DB6NUCqwjBYzkbGSZvxoZYZtXt4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
via
1.1 varnish, 1.1 varnish
vary
Accept-Encoding
x-cache
MISS, MISS
paypal-debug-id
f1276201619df
date
Wed, 01 Dec 2021 20:53:05 GMT
server-timing
content-encoding;desc=br
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-lhr7378-LHR, cache-cdg20767-CDG
x-timer
S1638391986.714238,VS0,VE252
x-frame-options
SAMEORIGIN
etag
W/"1b2-4gy7a/IQb+vQKMj+/Hf5hzcgpEc"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypalobjects.com
content-encoding
br
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
none
x-cache-hits
0, 0
graphql
www.paypal.com/targeting/ Frame
0
0
Preflight
General
Full URL
https://www.paypal.com/targeting/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.paypalobjects.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
f12762037f2d1
dc
ccg11-origin-www-1.paypal.com
accept-ranges
bytes
date
Wed, 01 Dec 2021 20:53:05 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-served-by
cache-hhn4076-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1638391986.501916,VS0,VE190
analytics.js
www.google-analytics.com/ Frame BA4F
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.WnWUPV9Q3DI.L.B1.O/am=BgAC/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrhYNxRf0uULsY_GTEHXJvJIj-CKHw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6718
date
Wed, 01 Dec 2021 19:01:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 01 Dec 2021 21:01:07 GMT
pay
pay.google.com/gp/p/ui/ Frame BA4F
1 MB
337 KB
XHR
General
Full URL
https://pay.google.com/gp/p/ui/pay
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c0c::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1f5e2f2af423fb1a2d6dc60d17c36dae19a80457497648bb2cf6310217d317ce
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-X21+pj+glI/kdQJ6M1mXKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-X21+pj+glI/kdQJ6M1mXKg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge
server
ESF
cross-origin-opener-policy
unsafe-none
x-frame-options
DENY
strict-transport-security
max-age=31536000
content-type
text/html; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
private, max-age=3600
content-security-policy
script-src 'report-sample' 'nonce-X21+pj+glI/kdQJ6M1mXKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-X21+pj+glI/kdQJ6M1mXKg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
expires
Wed, 01 Dec 2021 20:53:05 GMT
truncated
/ Frame 8E6D
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
log
play.google.com/ Frame BA4F
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Wed, 01 Dec 2021 20:53:05 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Wed, 01 Dec 2021 20:53:05 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 01 Dec 2021 20:53:05 GMT
cache-control
private
log
play.google.com/ Frame BA4F
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Wed, 01 Dec 2021 20:53:05 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Wed, 01 Dec 2021 20:53:05 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 01 Dec 2021 20:53:05 GMT
cache-control
private
log
play.google.com/ Frame BA4F
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Wed, 01 Dec 2021 20:53:05 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Wed, 01 Dec 2021 20:53:05 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 01 Dec 2021 20:53:05 GMT
cache-control
private
log
play.google.com/ Frame BA4F
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Wed, 01 Dec 2021 20:53:05 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Wed, 01 Dec 2021 20:53:05 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 01 Dec 2021 20:53:05 GMT
cache-control
private
log
play.google.com/ Frame BA4F
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Wed, 01 Dec 2021 20:53:05 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Wed, 01 Dec 2021 20:53:05 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 01 Dec 2021 20:53:05 GMT
cache-control
private
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.WnW... Frame BA4F
17 KB
7 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.WnWUPV9Q3DI.L.B1.O/am=BgAC/d=1/exm=Das5Le,IZT63,LEikZe,PrPYRd,Ru0Pgb,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrhYNxRf0uULsY_GTEHXJvJIj-CKHw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
675b4cc8a4641bc4bb742abb5faae460ea2962ebbff19ede88c98c6f9cedaf36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 17:35:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98255
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7258
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 01:32:06 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Wed, 30 Nov 2022 17:35:30 GMT
m=lwddkf,EFQ78c
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.WnW... Frame BA4F
8 KB
3 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.WnWUPV9Q3DI.L.B1.O/am=BgAC/d=1/exm=Das5Le,FCpbqb,IZT63,LEikZe,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,hhhU8,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrhYNxRf0uULsY_GTEHXJvJIj-CKHw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=lwddkf,EFQ78c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e6d2e3e21c3a530e24c66e000977b610f5fce4691f381b43a10561cfdcc89580
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 17:35:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98255
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3329
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 01:32:06 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Wed, 30 Nov 2022 17:35:30 GMT
log
play.google.com/ Frame BA4F
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Wed, 01 Dec 2021 20:53:05 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Wed, 01 Dec 2021 20:53:05 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 01 Dec 2021 20:53:05 GMT
cache-control
private
log
play.google.com/ Frame BA4F
131 B
671 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.xvRAB_UWLlY.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrhUaHTGQkCOBI6xit7eWC5TudWvWw/m=_b,_tp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Wed, 01 Dec 2021 20:53:05 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Wed, 01 Dec 2021 20:53:05 GMT
js
www.paypal.com/sdk/ Frame 8E6D
299 KB
90 KB
Script
General
Full URL
https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9keHR6cnRqYmRudnBuZGtpc3VyZmR2eG5lZ2h0bGwifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=aa864c339433b&storageID=uid_5b68de0f43_mja6ntm6mdu&sessionID=uid_1306be8a13_mja6ntm6mdu&buttonSessionID=uid_032faed715_mja6ntm6mdu&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiNmU3ZDJkY2M0NWI0YTM3NmZhMmRlZTFkNzU3NzIwZmQxZjFjYTljNSIsInByb2R1Y3RzIjp7InBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOmZhbHNlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
328bf2ff2d277978392e1115026937bc2b419477a08ad00fc6c93f1b557f1543
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-rLj7yQWZ8s4wB11mVbzBeyeVePh7znl/lrfz4sijCOai2mV4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rLj7yQWZ8s4wB11mVbzBeyeVePh7znl/lrfz4sijCOai2mV4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9keHR6cnRqYmRudnBuZGtpc3VyZmR2eG5lZ2h0bGwifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=aa864c339433b&storageID=uid_5b68de0f43_mja6ntm6mdu&sessionID=uid_1306be8a13_mja6ntm6mdu&buttonSessionID=uid_032faed715_mja6ntm6mdu&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiNmU3ZDJkY2M0NWI0YTM3NmZhMmRlZTFkNzU3NzIwZmQxZjFjYTljNSIsInByb2R1Y3RzIjp7InBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOmZhbHNlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-rLj7yQWZ8s4wB11mVbzBeyeVePh7znl/lrfz4sijCOai2mV4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rLj7yQWZ8s4wB11mVbzBeyeVePh7znl/lrfz4sijCOai2mV4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
age
1828
via
1.1 varnish, 1.1 varnish
x-cache
MISS, HIT
p3p
true
paypal-debug-id
f9447045dec4e
server-timing
content-encoding;desc=gzip
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
91767
x-xss-protection
1; mode=block
x-served-by
cache-lhr7359-LHR, cache-cdg20767-CDG
x-timer
S1638391986.669436,VS0,VE2
x-frame-options
SAMEORIGIN
date
Wed, 01 Dec 2021 20:53:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=10800
etag
W/"16677-Z1RCj0clrkYRQWIfilSg1UMzXjk"
accept-ranges
bytes
x-cache-hits
0, 2
truncated
/ Frame 8E6D
9 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
fb.js
c.paypal.com/da/r/ Frame 8E6D
55 KB
19 KB
Script
General
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9keHR6cnRqYmRudnBuZGtpc3VyZmR2eG5lZ2h0bGwifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=aa864c339433b&storageID=uid_5b68de0f43_mja6ntm6mdu&sessionID=uid_1306be8a13_mja6ntm6mdu&buttonSessionID=uid_032faed715_mja6ntm6mdu&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiNmU3ZDJkY2M0NWI0YTM3NmZhMmRlZTFkNzU3NzIwZmQxZjFjYTljNSIsInByb2R1Y3RzIjp7InBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOmZhbHNlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.53.164.154 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a84-53-164-154.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8ba56f6b8db4984684e70e96502fb1a4f4d436e22e147ad693f70e78c3921a41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=63072000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000, max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
surrogate-control
max-age=31536000
paypal-debug-id
e5346b94d4fb3
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
19090
etag
W/"618e152e-db6d"
last-modified
Fri, 12 Nov 2021 07:18:06 GMT
date
Wed, 01 Dec 2021 20:53:06 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
access-control-allow-credentials
false
expires
Thu, 02 Dec 2021 20:53:06 GMT
logger
www.paypal.com/xoplatform/logger/api/ Frame 8E6D
836 B
1 KB
Ping
General
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9keHR6cnRqYmRudnBuZGtpc3VyZmR2eG5lZ2h0bGwifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=aa864c339433b&storageID=uid_5b68de0f43_mja6ntm6mdu&sessionID=uid_1306be8a13_mja6ntm6mdu&buttonSessionID=uid_032faed715_mja6ntm6mdu&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiNmU3ZDJkY2M0NWI0YTM3NmZhMmRlZTFkNzU3NzIwZmQxZjFjYTljNSIsInByb2R1Y3RzIjp7InBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOmZhbHNlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e31c5993a5042148c00242dd1ac5d2ac5751fa228123ae0870397716fd39e78c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9keHR6cnRqYmRudnBuZGtpc3VyZmR2eG5lZ2h0bGwifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=aa864c339433b&storageID=uid_5b68de0f43_mja6ntm6mdu&sessionID=uid_1306be8a13_mja6ntm6mdu&buttonSessionID=uid_032faed715_mja6ntm6mdu&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiNmU3ZDJkY2M0NWI0YTM3NmZhMmRlZTFkNzU3NzIwZmQxZjFjYTljNSIsInByb2R1Y3RzIjp7InBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOmZhbHNlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 01 Dec 2021 20:53:06 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
MISS, MISS
paypal-debug-id
f1276207a7b9d
server-timing
content-encoding;desc=br
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-lhr7369-LHR, cache-cdg20767-CDG
x-timer
S1638391986.150443,VS0,VE202
etag
W/"344-pVSLVvGoZchWXO3vsgSj4U8eGgM"
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
content-encoding
br
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
none
x-cache-hits
0, 0
i
c.paypal.com/v1/r/d/ Frame 0505
160 B
934 B
Document
General
Full URL
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.53.164.154 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a84-53-164-154.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypal.com/

Response headers

correlation-id
4a00a017035cf
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-length
160
content-security-policy-report-only
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html;charset=UTF-8
paypal-debug-id
4a00a017035cf
x-content-type-options
nosniff
x-xss-protection
1; mode=block
date
Wed, 01 Dec 2021 20:53:06 GMT
strict-transport-security
max-age=63072000
counter2.cgi
dub.stats.paypal.com/v2/ Frame E5A6
Redirect Chain
  • https://b.stats.paypal.com/v2/counter.cgi?p=uid_1306be8a13_mja6ntm6mdu&s=SMART_PAYMENT_BUTTONS
  • https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_1306be8a13_mja6ntm6mdu&s=SMART_PAYMENT_BUTTONS
42 B
299 B
Image
General
Full URL
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_1306be8a13_mja6ntm6mdu&s=SMART_PAYMENT_BUTTONS
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9keHR6cnRqYmRudnBuZGtpc3VyZmR2eG5lZ2h0bGwifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=aa864c339433b&storageID=uid_5b68de0f43_mja6ntm6mdu&sessionID=uid_1306be8a13_mja6ntm6mdu&buttonSessionID=uid_032faed715_mja6ntm6mdu&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiNmU3ZDJkY2M0NWI0YTM3NmZhMmRlZTFkNzU3NzIwZmQxZjFjYTljNSIsInByb2R1Y3RzIjp7InBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOmZhbHNlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Protocol
HTTP/1.1
Server
64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software
PayPal-B.Stats/1.0 /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Wed, 01 Dec 2021 20:53:06 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
42
Content-Type
image/jpeg

Redirect headers

Location
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_1306be8a13_mja6ntm6mdu&s=SMART_PAYMENT_BUTTONS
Date
Wed, 01 Dec 2021 20:53:06 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
0
Content-Type
application/octet-stream
fb.js
c.paypal.com/da/r/ Frame 0505
55 KB
19 KB
Script
General
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.53.164.154 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a84-53-164-154.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8ba56f6b8db4984684e70e96502fb1a4f4d436e22e147ad693f70e78c3921a41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=63072000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000, max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
surrogate-control
max-age=31536000
paypal-debug-id
e5346b94d4fb3
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
19090
etag
W/"618e152e-db6d"
last-modified
Fri, 12 Nov 2021 07:18:06 GMT
date
Wed, 01 Dec 2021 20:53:06 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
access-control-allow-credentials
false
expires
Thu, 02 Dec 2021 20:53:06 GMT
trackables
secure.actblue.com/
0
377 B
Fetch
General
Full URL
https://secure.actblue.com/trackables
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/94832867bcea4e9f24ee.js?form_app=us
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.174 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json; charset=utf-8

Response headers

date
Wed, 01 Dec 2021 20:53:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
status
200 OK
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
x-start
2021-12-01 20:53:06.371
x-frame-options
SAMEORIGIN
x-download-options
noopen
vary
Accept-Encoding
content-type
text/html
via
1.1 varnish
cache-control
private, no-store
accept-ranges
bytes
s.js
cdn.sift.com/
61 KB
20 KB
Script
General
Full URL
https://cdn.sift.com/s.js
Requested by
Host: secure.actblue.com
URL: https://secure.actblue.com/donate/blue-future-2020?link_id=4&refcodeEmailReferrer=email_1372628___subject_1805852&can_id=c9f7c537c32da5d5d3b888cfe8a48893&source=email-freedom-to-vote-action-party&email_referrer=email_1372628___subject_1805852&email_subject=how-to-move-joe-manchin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.67.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
224.67.96.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7921df86278b7fa9be0cbd78d9990071763ec4e9e88aaff2c3d466723090b8ae

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 16:12:37 GMT
content-encoding
gzip
age
16829
x-guploader-uploadid
ADPycdsElyEL441lFtQK6TIBZT8FTxv-Tp3ugYZbmG--u_VpPsgpPz-Q9zBG4Y6eYEEAst1w27TKQ_gE16yY43Jw3uw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
20452
last-modified
Thu, 09 Apr 2020 21:59:13 GMT
server
UploadServer
etag
"07cb8203158abb26b3c18318350e7b36"
vary
Accept-Encoding
x-goog-hash
crc32c=fIrBTA==, md5=B8uCAxWKuyazwYMYNQ57Ng==
x-goog-generation
1586469553682331
cache-control
public, max-age=86400
x-goog-stored-content-length
20452
accept-ranges
bytes
content-type
application/javascript
expires
Thu, 02 Dec 2021 16:12:37 GMT
p1
c.paypal.com/v1/r/d/b/ Frame 0505
125 B
754 B
XHR
General
Full URL
https://c.paypal.com/v1/r/d/b/p1
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.53.164.154 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a84-53-164-154.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
be8448c23f9f5b3c58fd8d84d0338534c4407f7a9feaa601305ff7ec34cb1f84
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 01 Dec 2021 20:53:06 GMT
correlation-id
e1ac36c05f39f
strict-transport-security
max-age=63072000
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id
e1ac36c05f39f
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-type
application/json
content-length
125
e
c.paypal.com/v1/r/d/b/ Frame 0505
15 B
223 B
XHR
General
Full URL
https://c.paypal.com/v1/r/d/b/e
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.53.164.154 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a84-53-164-154.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

paypal-debug-id
bc53c2dd250e1
date
Wed, 01 Dec 2021 20:53:06 GMT
cache-control
max-age=0, no-cache, no-store, must-revalidate
correlation-id
bc53c2dd250e1
content-length
15
strict-transport-security
max-age=63072000
content-type
application/json
p3
c6.paypal.com/v1/r/d/b/ Frame 0505
0
327 B
Image
General
Full URL
https://c6.paypal.com/v1/r/d/b/p3?f=uid_1306be8a13_mja6ntm6mdu&s=SMART_PAYMENT_BUTTONS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::291 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 20:53:06 GMT
via
1.1 varnish, 1.1 varnish
correlation-id
347c19c10689f
x-timer
S1638391986.450382,VS0,VE246
x-served-by
cache-hhn11541-HHN, cache-mxp6934-MXP
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
paypal-debug-id
347c19c10689f
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
content-length
0
x-cache-hits
0, 0
logger
www.paypal.com/xoplatform/logger/api/ Frame 8E6D
844 B
753 B
XHR
General
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2cffbf33a964b7814572d22adc6ba21b8397dc74e015d0e996eddb01d86708bb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9keHR6cnRqYmRudnBuZGtpc3VyZmR2eG5lZ2h0bGwifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=aa864c339433b&storageID=uid_5b68de0f43_mja6ntm6mdu&sessionID=uid_1306be8a13_mja6ntm6mdu&buttonSessionID=uid_032faed715_mja6ntm6mdu&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiNmU3ZDJkY2M0NWI0YTM3NmZhMmRlZTFkNzU3NzIwZmQxZjFjYTljNSIsInByb2R1Y3RzIjp7InBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOmZhbHNlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

date
Wed, 01 Dec 2021 20:53:06 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
MISS, MISS
paypal-debug-id
f1276201c84ab
server-timing
content-encoding;desc=br
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-lhr7342-LHR, cache-cdg20767-CDG
x-timer
S1638391986.426215,VS0,VE216
etag
W/"34c-jhcha9aKCsn86VwtsAeBdBoGmKs"
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
content-encoding
br
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
none
x-cache-hits
0, 0
333956.gif
hexagon-analytics.com/images/
43 B
240 B
Image
General
Full URL
https://hexagon-analytics.com/images/333956.gif?bk=19482a20cc&tm=27&r=12031704&v=105&cs=UTF-8&h=secure.actblue.com&l=en-US&S=e15e3ee080f9fb337c6cb3e2fdfcc736&uu=1a260ef9e0fdf1b3ab64e35178bccff&t=Blue%20Future%20%E2%80%94%20Donate%20via%20ActBlue&u=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fblue-future-2020%3Flink_id%3D4%26refcodeEmailReferrer%3Demail_1372628___subject_1805852%26can_id%3Dc9f7c537c32da5d5d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&nm=4&mh=fe407dda3b01b3e3c72476fe7bf9f870&np=3&ph=596d9e73a4a75c4ceee60ad7b54864b3&sh=1200&sw=1600&cd=24&p=Linux%20x86_64&to=0&d=0&ce=true&tp=0&ol=true&pr=Gecko&ps=20030107&vd=Google%20Inc.&vs=&hc=4&je=false&ss=true&ls=true&in=true&db=false&tl=false&tr=false&ts=true&tb=false&ab=false&cf=64d58bfddb44af6942e7931de5174ca7&z=z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.232.42 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
42.232.102.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://secure.actblue.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Dec 2021 20:53:06 GMT
via
1.1 google
x-content-type-options
nosniff
server
nginx
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
clear
expires
Thu, 01 Jan 1970 00:00:00 GMT
logger
www.paypal.com/xoplatform/logger/api/
815 B
1 KB
XHR
General
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-logs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
228b63e02a863b51cb248e952f3bf08345b95b665a92774e73e6d40b355f4962
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://secure.actblue.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

date
Wed, 01 Dec 2021 20:53:07 GMT
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
paypal-debug-id
f119724e15efb
strict-transport-security
max-age=63072000; includeSubDomains; preload
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-hhn4076-HHN
x-timer
S1638391987.634412,VS0,VE551
etag
W/"32f-e9YpBwsTs4Fwh6Us8flM5vd0YR0"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://secure.actblue.com
content-encoding
br
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
none
x-cache-hits
0
logger
www.paypal.com/xoplatform/logger/api/ Frame
0
0
Preflight
General
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://secure.actblue.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://secure.actblue.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
f1276209a9f66
x-content-type-options
nosniff
dc
ccg11-origin-www-1.paypal.com
accept-ranges
none
date
Wed, 01 Dec 2021 20:53:06 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-served-by
cache-hhn4076-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1638391986.470435,VS0,VE156
content-encoding
br
vary
accept-encoding
/
api-js.mixpanel.com/track/
25 B
372 B
XHR
General
Full URL
https://api-js.mixpanel.com/track/?verbose=1&ip=1&_=1638391989647
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-logs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.240.159 -, , ASN (),
Reverse DNS
Software
envoy /
Resource Hash
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

Referer
https://secure.actblue.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=604800; includeSubDomains
via
1.1 google
server
envoy
access-control-allow-headers
X-Requested-With
date
Wed, 01 Dec 2021 20:53:09 GMT
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://secure.actblue.com
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
13
alt-svc
clear
content-length
25

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| CF_CONFIG object| indigoListResponse object| preloadedState object| Bugsnag object| mixpanel object| actBlueConfig function| setImmediate function| clearImmediate object| actblue function| abConfigure object| webpackJsonp object| __core-js_shared__ object| core object| regeneratorRuntime object| tracker function| PERSIST object| SafeDDLogs object| SafeMixpanel string| MODE object| _gaq object| DD_LOGS object| _gat object| gaGlobal string| _user_id string| _session_id object| _sift object| a object| b object| c string| d object| denylistedDomainsHashedValueListForGpayButtonWithCardInfo object| whitelistedDomainsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchentIdsHashedValueListForGpayButtonWithCardInfo object| google object| __post_robot_10_0_44___uid_dxtzrtjbdnvpndkisurfdvxneghtll object| paypal object| __zoid_9_0_82___uid_dxtzrtjbdnvpndkisurfdvxneghtll object| paypalDDL string| PaypalOffersObject function| ppq object| __post_robot_10_0_44__ object| PAYPAL function| __siftFlashCB undefined| Sift object| PluginDetect

27 Cookies

Domain/Path Name / Value
secure.actblue.com/cf/assets/app-css Name: skip_prefill_check
Value: true
secure.actblue.com/cf/assets/app Name: skip_prefill_check
Value: true
secure.actblue.com/cf/assets Name: skip_prefill_check
Value: true
secure.actblue.com/cf/static Name: skip_prefill_check
Value: true
secure.actblue.com/donate Name: skip_prefill_check
Value: true
.actblue.com/ Name: mp_1498bce7991dd9e45621a9bf2dbfa01b_mixpanel
Value: %7B%22distinct_id%22%3A%20%2217d77c5b205e25-018240febcd9cd-978183a-1d4c00-17d77c5b206828%22%2C%22%24device_id%22%3A%20%2217d77c5b205e25-018240febcd9cd-978183a-1d4c00-17d77c5b206828%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
secure.actblue.com/ Name: _dd_s
Value: logs=1&id=7c3ab221-b096-4ed7-b1b7-974bac98eb3e&created=1638391984655&expire=1638392884655
.actblue.com/ Name: __utma
Value: 88171332.656667783.1638391985.1638391985.1638391985.1
.actblue.com/ Name: __utmc
Value: 88171332
.actblue.com/ Name: __utmz
Value: 88171332.1638391985.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.actblue.com/ Name: __utmt
Value: 1
.actblue.com/ Name: __utmb
Value: 88171332.1.10.1638391985
.secure.actblue.com/ Name: _session_id
Value: b03c2f9ca07f08ce25d8c45fc31385e7
.google.com/ Name: NID
Value: 511=NaivR6c1I2_Amyy_-4OPnuZaNnIQevxFw_lMo3HiOmOmuN55u6rugJi6e7d8twfZdj0EME11FoNDOBNGUV6EAFXdJlzxZ7pRLlBZcJ4ViSwb9mK2u974utbstBjctW2fE6uWj1uCQAPWvr9wM2mQHWfD9eMvm3_cbUICiVRxmDg
.paypalobjects.com/ Name: paypal-offers--country
Value: DE
.paypal.com/ Name: l7_az
Value: dcg14.slc
.paypal.com/ Name: enforce_policy
Value: gdpr_v2.1
.paypal.com/ Name: LANG
Value: de_DE%3BDE
.paypal.com/ Name: x-pp-s
Value: eyJ0IjoiMTYzODM5MTk4NTg4MyIsImwiOiIwIiwibSI6IjAifQ
www.paypal.com/ Name: nsid
Value: s%3A9XXMSYVypBok0A8ahkf9026S0IatIWA9.hEtuf9Oy%2Fgd2D6dGBT68WFwaKSgPzjdWwpIS5mtNLVQ
.paypalobjects.com/ Name: paypal-offers--cust
Value: null:null:null
.paypal.com/ Name: tsrce
Value: loggernodeweb
.paypal.com/ Name: ts
Value: vreXpYrS%3D1733086386%26vteXpYrS%3D1638393786%26vr%3D77c5b84d17d0a760b70d68b6f95ea684%26vt%3D77c5b84d17d0a760b70d68b6f95ea683%26vtyp%3Dnew
.paypal.com/ Name: ts_c
Value: vr%3D77c5b84d17d0a760b70d68b6f95ea684%26vt%3D77c5b84d17d0a760b70d68b6f95ea683
.actblue.com/ Name: __ssid
Value: 1a260ef9e0fdf1b3ab64e35178bccff
.c.paypal.com/ Name: sc_f
Value: djjAavruvFYCRycfo7eXnjMh-IraMPwYn_6ZniiPapbEuAFi3yDQ8HsANqB4wQMvjiAfNbPhhi8jZAqzRpkLoGGIAT5f-P68MCY9vW
.paypal.com/ Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK
Value: jMucPc-3lSZb5jeEZCT3WRA_2eKpBMMv4dKtrFPbrgNpWZBACnvKvL8N7AHSUqe139RaIpuQ3WyXseF0

2 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'; report-uri /system/csp_reports
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

actblue-indigo-uploads.s3.amazonaws.com
api-js.mixpanel.com
b.stats.paypal.com
c.paypal.com
c6.paypal.com
cdn.mxpnl.com
cdn.sift.com
dub.stats.paypal.com
hexagon-analytics.com
pay.google.com
play.google.com
secure.actblue.com
sessions.bugsnag.com
ssl.google-analytics.com
stats.g.doubleclick.net
t.paypal.com
u1584542.ct.sendgrid.net
www.datadoghq-browser-agent.com
www.google-analytics.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
107.178.240.159
13.32.21.206
151.101.1.35
151.101.192.174
151.101.2.133
151.101.65.21
167.89.123.122
2600:1901:0:7a0b::
2600:1901:0:bc29::
2a00:1450:4001:809::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2008
2a00:1450:4001:830::200e
2a00:1450:400c:c07::9a
2a00:1450:400c:c0c::5c
2a04:4e42:600::291
34.102.232.42
34.96.67.224
52.217.195.25
64.4.245.84
84.53.164.154
059da9d9d9fefff7c5314a7212e8bc2e6cb7c156f6aaabe456d49e0f752cae53
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
0c0ad0d7ce4c0952e95e55a0236af1c0d8ccad07f861eb1bb39278e9939580b7
111f1700ccb35898fa18b3bbf8eb1d0b0f6e7f744cf9fa6e59e5a2723dd9f20f
12500d956b47de01bfe02a21db437ebbd7b462f54137f0a37b80992df7f5ce59
129737dfffcc16554dffd7d6dd3a57b6831c96a75d8acec4ea31709555115a53
1f5e2f2af423fb1a2d6dc60d17c36dae19a80457497648bb2cf6310217d317ce
228b63e02a863b51cb248e952f3bf08345b95b665a92774e73e6d40b355f4962
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b
2cffbf33a964b7814572d22adc6ba21b8397dc74e015d0e996eddb01d86708bb
328bf2ff2d277978392e1115026937bc2b419477a08ad00fc6c93f1b557f1543
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
575e2d3eb530ec50f9d8e36467fbaa9d12b2f437ea591529ecbdf9b436bf7950
653e7cf0591c3856565188ac0fe9b6baa746f318b2cd4f205ac4e08a76edf338
675b4cc8a4641bc4bb742abb5faae460ea2962ebbff19ede88c98c6f9cedaf36
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
738b57410ce8960d28e803acd95c2dbe6b2ee383724cfc4fcb1dde5441d944a0
73f397a29f507fe52c577f48d1bc55ef5a3e01a91d3d5883defecea30de26e50
75d44774b306d7d48738b89d0a1d8ecb345af7e598aba9a55c715f40d7e55d01
76d9d29a27dcf9f3fc81e979de9a3a14babfb5b0804e7038042911922e92644a
7921df86278b7fa9be0cbd78d9990071763ec4e9e88aaff2c3d466723090b8ae
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8ba56f6b8db4984684e70e96502fb1a4f4d436e22e147ad693f70e78c3921a41
8fdcc852dcd07e3a1b1ae4472fd5d7f6c8afd10f822d23ea795ebf766de097c7
912bc848d461e328a48863196601323b69ed445926c856f23a426efe674e67eb
91b7831e6e365f38a4b3370dec41ad3ab7c96d9a3cee1f2cf5138fb78c150772
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
99096f106b88e7ccc51d85cdb0004b3a46a0bbe089ed367ae69ef7c2f0be6d9e
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b3e3e6a28c1d32ab2ea7321b2dc3201cda4634cc33b4410099f0b042037614e4
b5efd45abcbbb1a90b0dfae047ffad5450b48fa2daafb9a8f28b678026372dab
b9c3775055aea46cb3b10223549a1a4106934451f4b4f18a8bd18957f59f5ab0
be8448c23f9f5b3c58fd8d84d0338534c4407f7a9feaa601305ff7ec34cb1f84
c0a876e22dd207a67ea508bf2a41c88b3f98dbc7ebc1fd335ccf427bf39aa4ec
cfb7471169bdefbc47bc94817ff0229176c201d309a0a69e5f9ab00076f7fc0d
d041681ad7b48ebd3e8eaf22937c7235b8c1ea0cf9069ec2fb88dcd42d3f9588
d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6
e31c5993a5042148c00242dd1ac5d2ac5751fa228123ae0870397716fd39e78c
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d2e3e21c3a530e24c66e000977b610f5fce4691f381b43a10561cfdcc89580
e74178a6bf366283a6b8b9857ce6ffc27a9635c259fc4b109ee58709352c5009
ee3ed54dc3c5ac3559562178e312ff0bfb8f16ac58fed86f8e088a4ffd6ba53b