store.mannheimsteamroller.com Open in urlscan Pro
23.227.38.74 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMA...
Effective URL:
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMA...
Submission: On November 26 via manual (November 26th 2021, 3:50:48 pm UTC) from IN — Scanned from CA

Summary HTTP 190 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 24 IPs in 2 countries across 21 domains to perform 190 HTTP transactions. The main IP is 23.227.38.74, located in Ottawa, Canada and belongs to CLOUDFLARENET, US. The main domain is store.mannheimsteamroller.com.
TLS certificate: Issued by R3 on October 22nd 2021. Valid for: 3 months.

This is the only time store.mannheimsteamroller.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	23.227.38.74 23.227.38.74	13335 (CLOUDFLAR...) (CLOUDFLARENET)
88	2a04:4e42:e00... 2a04:4e42:e00::268	54113 (FASTLY) (FASTLY)
5	2606:4700::68... 2606:4700::6811:572a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	184.29.136.126 184.29.136.126	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2606:4700:20:... 2606:4700:20::ac43:4910	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	34.138.230.116 34.138.230.116	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
2	2607:f8b0:400... 2607:f8b0:4006:80c::200a	15169 (GOOGLE) (GOOGLE)
1	23.52.163.40 23.52.163.40	16625 (AKAMAI-AS) (AKAMAI-AS)
9	2607:f8b0:400... 2607:f8b0:4006:80f::2003	15169 (GOOGLE) (GOOGLE)
1	174.129.223.30 174.129.223.30	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:210... 2600:9000:210b:9a00:14:6bfc:5740:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700::68... 2606:4700::6810:6c12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.217.165.41 23.217.165.41	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:303... 2606:4700:3035::ac43:bb45	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	52.216.147.140 52.216.147.140	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2606:2800:220... 2606:2800:220:de:468:2285:c1:4a3	15133 (EDGECAST) (EDGECAST)
2	2600:1400:d:4... 2600:1400:d:483::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.218.245.232 52.218.245.232	16509 (AMAZON-02) (AMAZON-02)
25	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
1	52.35.243.56 52.35.243.56	16509 (AMAZON-02) (AMAZON-02)
1	151.101.0.84 151.101.0.84	54113 (FASTLY) (FASTLY)
190	24

6 23.227.38.74 (Ottawa, Canada) 1 redirects

ASN13335 (CLOUDFLARENET, US)

store.mannheimsteamroller.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

88 2a04:4e42:e00::268 (United States)

ASN54113 (FASTLY, US)

cdn.shopify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:572a (United States)

ASN13335 (CLOUDFLARENET, US)

secure.apps.shappify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 184.29.136.126 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-136-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:20::ac43:4910 (United States)

ASN13335 (CLOUDFLARENET, US)

amaicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.138.230.116 (North Charleston, United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 116.230.138.34.bc.googleusercontent.com

monorail-edge.shopifysvc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80c::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.52.163.40 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-163-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:80f::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.129.223.30 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-174-129-223-30.compute-1.amazonaws.com

preordermanager.amai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:210b:9a00:14:6bfc:5740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.ywxi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:6c12 (United States)

ASN13335 (CLOUDFLARENET, US)

upsells.boldapps.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bundles.boldapps.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.217.165.41 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-165-41.deploy.static.akamaitechnologies.com

chimpstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::ac43:bb45 (United States)

ASN13335 (CLOUDFLARENET, US)

widgetic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.216.147.140 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

shopify-sales-timer.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:220:de:468:2285:c1:4a3 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1400:d:483::1931 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

assets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.218.245.232 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com

s3-us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.35.243.56 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-243-56.us-west-2.compute.amazonaws.com

www.trustedsite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.0.84 (United States)

ASN54113 (FASTLY, US)

log.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
88	shopify.com cdn.shopify.com	642 KB
25	facebook.com www.facebook.com	155 KB
10	amazonaws.com shopify-sales-timer.s3.amazonaws.com s3-us-west-2.amazonaws.com	130 KB
9	gstatic.com fonts.gstatic.com	70 KB
9	addthis.com s7.addthis.com m.addthis.com api-public.addthis.com	227 KB
8	shopifysvc.com monorail-edge.shopifysvc.com	4 KB
6	twitter.com platform.twitter.com syndication.twitter.com	148 KB
6	mannheimsteamroller.com 1 redirects store.mannheimsteamroller.com	35 KB
5	boldapps.net upsells.boldapps.net bundles.boldapps.net	115 KB
5	amaicdn.com amaicdn.com	227 KB
5	shappify.com secure.apps.shappify.com	40 KB
3	pinterest.com assets.pinterest.com log.pinterest.com	19 KB
2	facebook.net connect.facebook.net	85 KB
2	googleapis.com fonts.googleapis.com ajax.googleapis.com	34 KB
1	trustedsite.com www.trustedsite.com	945 B
1	widgetic.com widgetic.com	16 KB
1	chimpstatic.com chimpstatic.com	783 B
1	ywxi.net cdn.ywxi.net	5 KB
1	amai.com preordermanager.amai.com	1018 B
1	addthisedge.com v1.addthisedge.com	553 B
1	moatads.com z.moatads.com	1 KB
190	21

	Domain	Requested by
88	cdn.shopify.com	store.mannheimsteamroller.com cdn.shopify.com
25	www.facebook.com	connect.facebook.net store.mannheimsteamroller.com www.facebook.com
9	fonts.gstatic.com	fonts.googleapis.com
8	shopify-sales-timer.s3.amazonaws.com	store.mannheimsteamroller.com cdn.shopify.com shopify-sales-timer.s3.amazonaws.com
8	monorail-edge.shopifysvc.com	cdn.shopify.com
6	store.mannheimsteamroller.com	1 redirects cdn.shopify.com
5	amaicdn.com	store.mannheimsteamroller.com amaicdn.com
5	secure.apps.shappify.com	store.mannheimsteamroller.com
4	platform.twitter.com	s7.addthis.com platform.twitter.com
4	api-public.addthis.com	cdn.shopify.com s7.addthis.com
4	upsells.boldapps.net	store.mannheimsteamroller.com cdn.shopify.com
4	s7.addthis.com	store.mannheimsteamroller.com s7.addthis.com
2	syndication.twitter.com	platform.twitter.com
2	s3-us-west-2.amazonaws.com	cdn.shopify.com
2	assets.pinterest.com	s7.addthis.com assets.pinterest.com
2	connect.facebook.net	s7.addthis.com connect.facebook.net
1	log.pinterest.com
1	www.trustedsite.com	cdn.ywxi.net
1	widgetic.com	store.mannheimsteamroller.com
1	bundles.boldapps.net	store.mannheimsteamroller.com
1	chimpstatic.com	store.mannheimsteamroller.com
1	cdn.ywxi.net	store.mannheimsteamroller.com
1	preordermanager.amai.com	cdn.shopify.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	ajax.googleapis.com	amaicdn.com
1	z.moatads.com	s7.addthis.com
1	fonts.googleapis.com	cdn.shopify.com
190	28

This site contains links to these domains. Also see Links.

Domain
www.mannheimsteamroller.com

Subject Issuer	Validity	Valid
store.mannheimsteamroller.com R3	`2021-10-22` - `2022-01-20`	3 months	crt.sh
cdn.shopify.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-20` - `2022-05-22`	a year	crt.sh
shappify.com Cloudflare Inc ECC CA-3	`2021-06-02` - `2022-06-01`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-01` - `2022-04-30`	a year	crt.sh
monorail-edge.shopifysvc.com R3	`2021-10-04` - `2022-01-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.amai.com Amazon	`2021-08-04` - `2022-09-02`	a year	crt.sh
*.ywxi.net Amazon	`2021-08-04` - `2022-09-02`	a year	crt.sh
boldapps.net Cloudflare Inc ECC CA-3	`2021-10-26` - `2022-10-25`	a year	crt.sh
wildcardsan.us15.list-manage.com DigiCert SHA2 Secure Server CA	`2021-01-11` - `2022-01-17`	a year	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-11` - `2022-02-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-04` - `2021-12-03`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
*.s3-us-west-2.amazonaws.com Amazon	`2021-03-26` - `2022-03-05`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-24` - `2022-03-23`	a year	crt.sh
*.trustedsite.com Amazon	`2021-02-09` - `2022-03-10`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Frame ID: 14DED05B45842E313AF860DC2F1A9840
Requests: 163 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 7217F5C25CDFD58FD9BFE84454036A17
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 533A3CD5A5F2939E9F9DF1C755BE7699
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fstore.mannheimsteamroller.com
Frame ID: 64A827A2AD44163A026D638B8F5CCAEC
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: F4E20EE719121E5F0BCAC3F3AE64DF88
Requests: 25 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html
Frame ID: CF6F2A46BFECCEC43AD37692F29975A6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Christmas Symphony – Mannheim Steamroller

Page URL History Show full URLs

http://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_cam... HTTP 301
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_cam... Page URL

Page Statistics

190
Requests

99 %
HTTPS

52 %
IPv6

21
Domains

28
Subdomains

24
IPs

2
Countries

1955 kB
Transfer

5786 kB
Size

25
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.mannheimsteamroller.com/
Title: Home

Search URL Search Domain Scan URL

URL: http://www.mannheimsteamroller.com/event/
Title: Tour

Search URL Search Domain Scan URL

URL: http://www.mannheimsteamroller.com/whats-in-the-aire/
Title: What's in the Aire

Search URL Search Domain Scan URL

URL: http://www.mannheimsteamroller.com/stories/
Title: Stories

Search URL Search Domain Scan URL

URL: http://www.mannheimsteamroller.com/fun/fun-facts/
Title: Fun

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID HTTP 301
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

190 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request christmas-symphony Show response
store.mannheimsteamroller.com/products/
Redirect Chain

http://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a...
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4...

141 KB
29 KB

129ms
97ms

Document
text/html

23.227.38.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

365823b66a1884f5e864269fab50393d1e13543911c0363d2a9e9415b81d8af6

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Fri, 26 Nov 2021 15:50:41 GMT
content-type: text/html; charset=utf-8
x-sorting-hat-podid: 224
x-sorting-hat-shopid: 12587491
x-storefront-renderer-rendered: 1
link: <https://cdn.shopify.com>; rel=preconnect, <https://cdn.shopify.com>; rel=preconnect; crossorigin
x-shopify-request-trackable: true
x-alternate-cache-key: cacheable:c1e122a118991356e10401c371b11d10
x-cache: hit, server
x-frame-options: DENY
content-security-policy: block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
access-control-allow-origin: *
strict-transport-security: max-age=7889238
x-shopid: 12587491
x-shardid: 224
vary: Accept
content-language: en
x-shopify-stage: production
x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
x-request-id: 2aa02ee1-9fda-4d92-a207-732fc50a4a69
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-download-options: noopen
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b44461ccc927145-YUL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Date: Fri, 26 Nov 2021 15:50:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Sorting-Hat-PodId: 224
X-Sorting-Hat-ShopId: 12587491
X-Storefront-Renderer-Rendered: 1
Location: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none';
Access-Control-Allow-Origin: *
X-ShopId: 12587491
X-ShardId: 224
Vary: Accept
X-Shopify-Stage: production
X-Dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
X-Request-ID: d80365d7-2829-4974-bc84-717d6036084b
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 6b44461c19eb7142-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 bootstrap.min.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 118 KB
18 KB 37ms
10ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bootstrap.min.css?v=16275807143070108843

Requested by

Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

6522b65d1633ebd28856a3bbbb142027f7c6975e9a0de1b6a2479873b1e22d09

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 17452
x-xss-protection: 1; mode=block
x-request-id: 679e0b1db36b711532775b2e9d979df5
x-served-by: cache-lga21946-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:58:35 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.544246,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 10:03:03 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bootstrap.min.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 owl.carousel.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 2 KB
790 B 47ms
20ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/owl.carousel.css?v=3770034108071850157

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

f73150e288aa203fa8970bb6e6f1ebb3d98466dbc38352e177f6abee70a50095

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 539
x-xss-protection: 1; mode=block
x-request-id: 1d9c4d51477f40777a5e0c3b3acc69b5
x-served-by: cache-lga21944-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:46:00 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.544517,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Thu, 10 Nov 2022 12:27:55 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/owl.carousel.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 settings.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 131 KB
14 KB 49ms
23ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/settings.css?v=18086228612266433528

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

863301c839a9097d15e72a059159ac280951ce48f332b9df6850c8474393a3d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 14462
x-xss-protection: 1; mode=block
x-request-id: fd8432b8b036256e2419b83c8d675bb6
x-served-by: cache-lga21922-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:45:23 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.544445,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 10:03:03 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/settings.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 styles.scss.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 290 KB
35 KB 52ms
26ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

0ef263550319255637345422d4d0d659c4e916d85c9ddba1457cdac1e1b7ded6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 35789
x-xss-protection: 1; mode=block
x-request-id: 76cc0a1d519c3f9dcd7417e3635575bf
x-served-by: cache-lga21939-LGA, cache-yul12827-YUL
last-modified: Thu, 25 Nov 2021 14:43:35 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.544752,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Fri, 25 Nov 2022 14:43:35 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 nt-header-layout-5.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 10 KB
2 KB 47ms
21ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nt-header-layout-5.css?v=11560675515282914903

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

282f7f82642d0ee4a80ae0266a38882ab759a95ae8f4d65a5faee70bf827f7d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1536
x-xss-protection: 1; mode=block
x-request-id: f1779043e9d2fabdcb12781315f32bce
x-served-by: cache-lga21983-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:32 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.544762,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 12:08:59 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nt-header-layout-5.css>; rel="canonical"
x-cache-hits: 1, 12

GET
H2 200 nt-footer-layout-6.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 5 KB
2 KB 67ms
42ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nt-footer-layout-6.css?v=15156587086702057738

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

a6d23ff530abf8a1f29d0153f8ddfb9bcd92638d0bb7894a87b100b8146d970b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 901
x-xss-protection: 1; mode=block
x-request-id: 2ba4c93d9008b84e38f01cece506f379
x-served-by: cache-lga21958-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:46:45 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.553630,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 14:16:30 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nt-footer-layout-6.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 loader.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 2 KB
847 B 64ms
39ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/loader.css?v=13520581156167198092

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

fa10d16a37e32f2224fbfb2abe309993609b834516bea92bf74ca2559252e55f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 597
x-xss-protection: 1; mode=block
x-request-id: 9233d4ec90b3b560a76c202dbc905cc8
x-served-by: cache-lga21982-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:13 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.544983,VS0,VE2
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Thu, 24 Nov 2022 11:17:48 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/loader.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 toastr.min.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 6 KB
3 KB 66ms
41ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/toastr.min.css?v=10646864197997850718

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

a2426f1111a7c61667d668e9012e3eab58f4e784fe70fe16293dc43b634f812a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 2461
x-xss-protection: 1; mode=block
x-request-id: 1138784ffda09119ffd5cf929d810792
x-served-by: cache-lga21980-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:36 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.553884,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 12:00:52 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/toastr.min.css>; rel="canonical"
x-cache-hits: 1, 12

GET
H2 200 jquery.fancybox.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 6 KB
2 KB 66ms
41ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox.css?v=10889551828521818491

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

4ffbb565d1944814db3519fce9d0d320c0741acc97fea796a5612b664d78366a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1464
x-xss-protection: 1; mode=block
x-request-id: 02d83164ee22422a0a9b8519f6e81a1c
x-served-by: cache-lga13626-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:12 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.553574,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 09:59:20 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 font-awesome.min.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 27 KB
5 KB 46ms
21ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/font-awesome.min.css?v=1811080494831994179

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

911efb4e1383c28ad12d7f925d686dcd29d99421f2ca466ee63a867a138f5560

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 4995
x-xss-protection: 1; mode=block
x-request-id: 28ef2e5103711c2b505d5757e709da83
x-served-by: cache-lga21981-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:58:37 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.544793,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Fri, 11 Nov 2022 07:13:54 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/font-awesome.min.css>; rel="canonical"
x-cache-hits: 1, 12

GET
H2 200 sca-quick-view.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 5 KB
1 KB 71ms
47ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sca-quick-view.css?v=13512753789508389045

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

f2431d9cae765db6e982c7d0c4c9a9d15d6dc9d986ae8f28c38412ad6fd941c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1259
x-xss-protection: 1; mode=block
x-request-id: 33dd172caae1ae5f1a19a9a7147d3ec1
x-served-by: cache-lga21975-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:13 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.553497,VS0,VE2
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Fri, 11 Nov 2022 12:16:00 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sca-quick-view.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 sca-jquery.fancybox.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 43 KB
27 KB 60ms
36ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sca-jquery.fancybox.css?v=7918907339668535341

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

79b2c64048bd2c64b4c23bfb4ef8a4f97e4d539d0b792dfb1fc88f4bd925a26d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 27188
x-xss-protection: 1; mode=block
x-request-id: 401ec743dc7cd8bdd5cd7c4020ab06eb
x-served-by: cache-lga21941-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:46:45 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.544989,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 05:42:28 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sca-jquery.fancybox.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 91 KB
31 KB 64ms
40ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.min.js?v=6506911499012750403

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

5b6725689f9ca035bdd1f325690447c2cab1e9a27c39b3a3a6d702ab888236ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 31473
x-xss-protection: 1; mode=block
x-request-id: 8ea99037aa0f7bfb8a03d9883203a558
x-served-by: cache-lga21948-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:16 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.553919,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 11 Nov 2022 07:40:42 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.min.js>; rel="canonical"
x-cache-hits: 1, 3

GET
H2 200 jquery.themepunch.tools.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 105 KB
36 KB 71ms
47ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.themepunch.tools.min.js?v=1829877859153596686

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

73ea81488e436dcf501f872075efdd2aa3cebf6e334cb43467d14f28377b5804

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 35785
x-xss-protection: 1; mode=block
x-request-id: 0f9b903b473ab29c7c5bf82c3aac43bf
x-served-by: cache-lga21954-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 07:00:00 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.553888,VS0,VE2
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 11 Nov 2022 12:16:00 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.themepunch.tools.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.themepunch.revolution.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 63 KB
17 KB 69ms
46ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.themepunch.revolution.min.js?v=12866956227497450034

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

660aabb95e73c8818f3582b446067c6e35770cd46c49346374bf41155150c80e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 17012
x-xss-protection: 1; mode=block
x-request-id: 45b85f2b8dd0c2de02ab5f7b8f7adec5
x-served-by: cache-lga21961-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:13 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.553901,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 09:59:20 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.themepunch.revolution.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery-cookie.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 1 KB
797 B 46ms
34ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery-cookie.min.js?v=7236575574540404818

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

30de098fc5522f2f79107897afcd6d00062cecce3101a40cb671ecc73c674422

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 520
x-xss-protection: 1; mode=block
x-request-id: ce34e3a3fe76b18e2f24780fa563b1f3
x-served-by: cache-lga13626-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:58:38 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662171,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 06:53:58 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery-cookie.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 modernizr.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 3 KB
2 KB 45ms
33ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/modernizr.min.js?v=12518942495570507011

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

bff42b43d858853bf4333fb583660bad4a4132bc073a35771188da5f78fdb09b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1396
x-xss-protection: 1; mode=block
x-request-id: 25331beed4ccf4d92b4e23c653ec8c92
x-served-by: cache-lga21977-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:46:47 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662390,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:20:52 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/modernizr.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.flexslider-min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 22 KB
6 KB 45ms
33ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.flexslider-min.js?v=7553249248416720244

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

f4da2313ec5a6f93ff25851dfb2949f7f6cc5d0087ef20f5dce3037f7fb3c7a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 5771
x-xss-protection: 1; mode=block
x-request-id: 985e859700703bf091e760b1f32dc32275c8170d70bafb9a4b3d787f9447f1aa
x-served-by: cache-lga21943-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:11 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662401,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 21 Oct 2022 14:04:06 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.flexslider-min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 owl.carousel.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 23 KB
6 KB 42ms
31ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/owl.carousel.js?v=15265798338679244709

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

5b8f8e24f2eabbda7290548383723a6329e14b886392f8f8ece080f6efe6878c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 5908
x-xss-protection: 1; mode=block
x-request-id: ac146ebeb0b41357de0a6466ebf12ae4
x-served-by: cache-lga21948-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:46:00 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662751,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 08:25:40 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/owl.carousel.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 selectize.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 39 KB
12 KB 78ms
67ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/selectize.min.js?v=10245617905528283634

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

bfc193cbebe23fedd2cbb97458b22ad84fc6335ded6b80b09f702735cc0476e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 12260
x-xss-protection: 1; mode=block
x-request-id: 367f9181ff1d5f6ee5708b47b9b4c943
x-served-by: cache-lga21945-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:13 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662746,VS0,VE13
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 16:57:05 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/selectize.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.elevateZoom-3.0.8.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 32 KB
6 KB 104ms
93ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.elevateZoom-3.0.8.min.js?v=15001016163465525103

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

d1e9fd89f7772e932d857e64ae9ff086810e3e8394d3720470756c2de69fea91

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 5526
x-xss-protection: 1; mode=block
x-request-id: e7b963aa02e6463dffa80bef6e107f28
x-served-by: cache-lga21972-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 07:00:01 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662958,VS0,VE67
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 10:03:51 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.elevateZoom-3.0.8.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.fancybox.pack.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 22 KB
8 KB 82ms
71ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox.pack.js?v=14571656442996943808

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

9bece345f853bede1479269d88030c4ac724b6360a6143be3b6b2a1e9d6f57a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 7749
x-xss-protection: 1; mode=block
x-request-id: 8e4c64722ffe8348b868a96eff852d86
x-served-by: cache-lga13628-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:16 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663287,VS0,VE14
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 10 Nov 2022 12:08:56 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox.pack.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.fancybox-media.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 2 KB
1 KB 81ms
70ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox-media.js?v=2778842296868151451

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

b49af5d8fb7348cd3bf23ae73743db7898911256ad9d2377678821186aba8ec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1015
x-xss-protection: 1; mode=block
x-request-id: e7887a11fe1b3912746ef37e0bb58ebe4d10d7a33a9f82f54bc108442cb9916e
x-served-by: cache-lga13628-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:33 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663160,VS0,VE14
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 14 Oct 2022 05:20:21 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox-media.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 isotope.pkgd.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 34 KB
9 KB 88ms
77ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/isotope.pkgd.min.js?v=10716170274150304395

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

7eb4509b0d4771082ac20521c1f2c79bf575a7d9d1b8b94c65654f090057975a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 9196
x-xss-protection: 1; mode=block
x-request-id: b1874a336434fdc4f364cdfa1d9e26ec
x-served-by: cache-lga21970-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:10 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662997,VS0,VE20
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:20:52 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/isotope.pkgd.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 imagesloaded.pkgd.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 5 KB
2 KB 79ms
69ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/imagesloaded.pkgd.min.js?v=2960574115061968581

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

8f9866e833ce88be6659d2d4c65850c504d68d36020217e3b396d9301cb76b68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1521
x-xss-protection: 1; mode=block
x-request-id: dbe726d10a41308af4301c7b16f7b97b
x-served-by: cache-lga21931-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:36 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663419,VS0,VE13
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 11:30:33 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/imagesloaded.pkgd.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.appear.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 1 KB
791 B 51ms
40ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.appear.js?v=15457449512232779877

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

f908be4322ec368a47a2f78a6181c819cb49c89d20a8510c4ef67ef8fbca3086

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 545
x-xss-protection: 1; mode=block
x-request-id: 58e89bc63acaf58937c7a99fab1f10bb
x-served-by: cache-lga21963-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:33 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663420,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 10:11:48 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.appear.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 option_selection-fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/themes_support/ 9 KB
3 KB 50ms
40ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/option_selection-fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 2748
x-xss-protection: 1; mode=block
x-request-id: 2e8f222cfd87b11345e34a0dbbf00231
x-served-by: cache-lga21944-LGA, cache-yul12827-YUL
server: cache-yul12827-YUL
x-timer: S1637941842.664390,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/option_selection-fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f.js>; rel="canonical"
x-cache-hits: 1, 323540

GET
H2 200 webfont.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 12 KB
5 KB 91ms
81ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/webfont.js?v=4914639218279684479

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

aeeea5052852429293bb9cabb7617dcae1e5a616851d41ec713ee5c2e1b3ae55

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 4527
x-xss-protection: 1; mode=block
x-request-id: ee340d41e0621e853333a38b4c84f3ce
x-served-by: cache-lga21973-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:32 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664375,VS0,VE19
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 24 Nov 2022 12:28:07 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/webfont.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 load_feature-a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/storefront/ 9 KB
3 KB 95ms
21ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12820-YUL /

Resource Hash

a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://store.mannheimsteamroller.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 2777
x-xss-protection: 1; mode=block
x-request-id: 7d39d9e6d6ebb3cdbd33c354f5132152
x-served-by: cache-lga21959-LGA, cache-yul12820-YUL
server: cache-yul12820-YUL
x-timer: S1637941842.718212,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524.js>; rel="canonical"
x-cache-hits: 2, 2777891

GET
H2 200 features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/storefront/ 37 KB
12 KB 95ms
22ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12820-YUL /

Resource Hash

87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://store.mannheimsteamroller.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 12298
x-xss-protection: 1; mode=block
x-request-id: e624e9bc29b60a2db5947e2486240d8a
x-served-by: cache-lga21932-LGA, cache-yul12820-YUL
server: cache-yul12820-YUL
x-timer: S1637941842.718652,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js>; rel="canonical"
x-cache-hits: 1, 2671011

GET
H2 200 bold-upsell.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 19 KB
4 KB 62ms
40ms Stylesheet
text/css 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell.css?v=5191588650560232271

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

39b67047f62bfeb05b02e88df6cf72e2a71b5f4c6e6fde7e93c3ff365f30a63a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 3483
x-xss-protection: 1; mode=block
x-request-id: 9d7345b51967b51b06736a042bab18a7
x-served-by: cache-lga21940-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:35 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.553455,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:52:28 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 404 bold-upsell-custom.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 0
0 109ms
87ms Stylesheet
text/html 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell-custom.css?160
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 header_5_logo.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 5 KB
5 KB 80ms
71ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/header_5_logo.png?v=15104082059059083423

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

fb16c823b3edaf3b3dd09e69848bbd8a72039156863697ace4c4b7a303709701

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: header_generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 4638
x-xss-protection: 1; mode=block
x-request-id: 1be94f7897ae40ef8afe36f6e6fac0aa
x-served-by: cache-lga21927-LGA, cache-yul12827-YUL
last-modified: Fri, 05 Nov 2021 16:24:46 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664031,VS0,VE13
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Sat, 05 Nov 2022 16:24:46 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/header_5_logo.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 sale9.png
secure.apps.shappify.com/apps/discount/icons/default/ 1 KB
1 KB 124ms
47ms Image
image/png 2606:4700::6811:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.apps.shappify.com/apps/discount/icons/default/sale9.png
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e38d68218c650828bb81e12aa21878ae81e9ce0ba84532e46c088acbaabf6f5

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:41 GMT
via: 1.1 google
cf-cache-status: HIT
age: 315397
cf-polished: origSize=1352
content-length: 1224
last-modified: Thu, 18 Aug 2016 21:14:31 GMT
server: cloudflare
etag: "548-53a5f115a7bc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
expires: Fri, 03 Dec 2021 15:50:41 GMT
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 6b44461ecde67136-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 jquery.bxslider.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 49 KB
11 KB 13ms
13ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.bxslider.min.js?v=12097846045018392069

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

bddbba35635904eca1d7f9edc74bdbcba04ec0f5a16286fdbd8f78fb0f7e0c6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 11153
x-xss-protection: 1; mode=block
x-request-id: adc27bc0196cf8ac7b82813cb940adfd
x-served-by: cache-lga21957-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:13 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.611243,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 05:42:59 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.bxslider.min.js>; rel="canonical"
x-cache-hits: 1, 2

GET
H2 200 51Iu8-ecgyL_large.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/ 56 KB
57 KB 73ms
64ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/51Iu8-ecgyL_large.jpeg?v=1461175958

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

3c40cd169ced8d7ee501d4440e5229be5746aa4efdf4134da2762b29ea6ce96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 57274
x-xss-protection: 1; mode=block
x-request-id: d61b338b8cbf9e9d2661e001f8db6cb5
x-served-by: cache-lga13625-LGA, cache-yul12827-YUL
last-modified: Tue, 23 Nov 2021 20:58:13 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664019,VS0,VE12
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 20:58:13 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/51Iu8-ecgyL_large.jpeg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 discount-sales-clock-js.php Show response
secure.apps.shappify.com/apps/discount/ 4 KB
2 KB 127ms
51ms Script
application/javascript 2606:4700::6811:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.apps.shappify.com/apps/discount/discount-sales-clock-js.php?shop=mannheimsteamroller.myshopify.com
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e644a846d1945e3c6d6d26e961f8963e4c82b60eda4f9f6fed104f59edd4431a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cf-ray: 6b44461ecde87136-YUL
pragma: no-cache
date: Fri, 26 Nov 2021 15:50:41 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
content-type: application/javascript
content-length: 1896
via: 1.1 google

GET
H2 200 discount-sales-clock-css.php
secure.apps.shappify.com/apps/discount/ 204 B
610 B 135ms
46ms Stylesheet
text/css 2606:4700::6811:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.apps.shappify.com/apps/discount/discount-sales-clock-css.php?shop=mannheimsteamroller.myshopify.com
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa1983cd8b5e7dc6b6e03342469435dd02475c9c94d4e128522fe08ffcacd919

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cf-ray: 6b44461ecde37136-YUL
date: Fri, 26 Nov 2021 15:50:41 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"
access-control-allow-origin: *
cache-control: public, s-maxage=300
content-type: text/css;charset=UTF-8
content-length: 171
via: 1.1 google
expires: Fri, 26 Nov 2021 16:20:41 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 132ms
17ms Script
application/javascript 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-136-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Fri, 26 Nov 2021 15:50:41 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H2 200 sale11.png
secure.apps.shappify.com/apps/discount/icons/default/ 960 B
1 KB 106ms
30ms Image
image/png 2606:4700::6811:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.apps.shappify.com/apps/discount/icons/default/sale11.png
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 045e3e9d809f7ce8ebdffa7435f306fab3903c8e41919bf3d08ba974f899046e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:41 GMT
via: 1.1 google
cf-cache-status: HIT
age: 34289
cf-polished: origSize=1016
content-length: 960
last-modified: Thu, 18 Aug 2016 21:14:31 GMT
server: cloudflare
etag: "3f8-53a5f115a7bc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
expires: Fri, 03 Dec 2021 15:50:41 GMT
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 6b44461ecde97136-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 51T1BMn6EhL_200x200.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/ 12 KB
13 KB 48ms
40ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/51T1BMn6EhL_200x200.jpeg?v=1461175965

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

829963fc8364800c2f61ece45acfd5cb8111657235b70a841e5b63553d8cdcf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 12668
x-xss-protection: 1; mode=block
x-request-id: 32d53c90c7f6d474c9166397d258ab2a
x-served-by: cache-lga21956-LGA, cache-yul12827-YUL
last-modified: Wed, 10 Nov 2021 12:11:34 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663634,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Thu, 10 Nov 2022 12:11:34 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/51T1BMn6EhL_200x200.jpeg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 716MgwBGjwL._SL1080_200x200.jpg
cdn.shopify.com/s/files/1/1258/7491/products/ 14 KB
15 KB 75ms
66ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/716MgwBGjwL._SL1080_200x200.jpg?v=1469142545

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

81a19ccba74def3ced0f2656d08c4d116133adfa649effcafd03bfd1eee6c95d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 14578
x-xss-protection: 1; mode=block
x-request-id: ecb5bef4e93dc73f980e0f46b16f0a28
x-served-by: cache-lga21978-LGA, cache-yul12827-YUL
last-modified: Wed, 24 Nov 2021 13:48:02 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663529,VS0,VE13
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Thu, 24 Nov 2022 13:48:02 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/716MgwBGjwL._SL1080_200x200.jpg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 61DhHgRkpeL_200x200.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/ 14 KB
15 KB 61ms
52ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/61DhHgRkpeL_200x200.jpeg?v=1461175962

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

321fffd9d643ce3d0b4170a99043586def55a56525374344feb754613a1831cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 14548
x-xss-protection: 1; mode=block
x-request-id: 6d1da1f193edb289a931499e9f57756f
x-served-by: cache-lga13626-LGA, cache-yul12827-YUL
last-modified: Thu, 18 Nov 2021 14:45:02 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663484,VS0,VE12
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 14:45:02 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/61DhHgRkpeL_200x200.jpeg>; rel="canonical"
x-cache-hits: 1, 6

GET
H2 200 61PURZzTPmL_200x200.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/ 21 KB
21 KB 69ms
61ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/61PURZzTPmL_200x200.jpeg?v=1461175946

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

61f32a3c3336f0e0abedd74a5e21c4e6c30a7f6521c176c8c13fd9f387bfe167

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 21468
x-xss-protection: 1; mode=block
x-request-id: d8681bf62771d082085d2cb5d3e75907
x-served-by: cache-lga21972-LGA, cache-yul12827-YUL
last-modified: Wed, 24 Nov 2021 14:49:37 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663925,VS0,VE12
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Thu, 24 Nov 2022 14:49:37 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/61PURZzTPmL_200x200.jpeg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 61uWmriDERL_200x200.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/ 16 KB
16 KB 47ms
39ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/61uWmriDERL_200x200.jpeg?v=1461175937

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

9813b0fcd11d038e3e01e1a2b22d3c8adb0e60e4bcd39b1bbe59a6485939dbc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 16240
x-xss-protection: 1; mode=block
x-request-id: 93cb8259b3ec4c061fc9eede8820dc89
x-served-by: cache-lga21928-LGA, cache-yul12827-YUL
last-modified: Thu, 18 Nov 2021 14:45:51 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663732,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 14:45:51 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/61uWmriDERL_200x200.jpeg>; rel="canonical"
x-cache-hits: 1, 2

GET
H2 200 2017-hoodie_200x200.jpg
cdn.shopify.com/s/files/1/1258/7491/products/ 4 KB
4 KB 91ms
83ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/2017-hoodie_200x200.jpg?v=1511376527

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

4441d3fe3ba01c627ae4992a13ea07f70ad6b12378a40153db6fb6f8ad264066

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 4226
x-xss-protection: 1; mode=block
x-request-id: e72b5a22fdd36c7591c41db8097ebdb9
x-served-by: cache-lga21949-LGA, cache-yul12827-YUL
last-modified: Thu, 11 Nov 2021 08:55:44 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663902,VS0,VE21
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 11 Nov 2022 08:55:44 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/2017-hoodie_200x200.jpg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 sb_block_sold_by_image.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 3 KB
3 KB 59ms
52ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sb_block_sold_by_image.png?v=16948958644280575943

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

211af9761cd3bf4df824f1a9b1a5170650908c782d02f73ddfc57221d894f1d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: header_generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 2662
x-xss-protection: 1; mode=block
x-request-id: d1deab80cbfaea0252f03936dc193ff3
x-served-by: cache-lga21959-LGA, cache-yul12827-YUL
last-modified: Tue, 23 Nov 2021 10:09:05 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663833,VS0,VE12
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 10:09:05 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sb_block_sold_by_image.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 sold_by_1.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 466 B
722 B 47ms
39ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_1.png?v=18000017558408525538

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

97d6537ea25fd895abfbfbfaa9ba8f60afa81742eda89a88b3a09766327a1e16

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: header_generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 466
x-xss-protection: 1; mode=block
x-request-id: 02d742acea560fb9186193feee1e1d47
x-served-by: cache-lga21932-LGA, cache-yul12827-YUL
last-modified: Wed, 10 Nov 2021 11:57:45 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.663775,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Thu, 10 Nov 2022 11:57:45 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_1.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 sold_by_2.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 530 B
1 KB 58ms
51ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_2.png?v=15832669950340441732

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

6305b967d0267049439f5e037aa34218bce088cee2b6a715624065b351564fb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: header_generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 530
x-xss-protection: 1; mode=block
x-request-id: 1dfcba1c9bace2fe9935ff584c8e8d27
x-served-by: cache-lga21962-LGA, cache-yul12827-YUL
last-modified: Thu, 04 Nov 2021 09:52:29 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664342,VS0,VE11
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:52:29 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_2.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 sold_by_3.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 568 B
1 KB 74ms
67ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_3.png?v=6284532704315261954

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

846851aa1249c0de2c577f36df89218d572683e4d96da0351077443a2706a75c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: header_generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 568
x-xss-protection: 1; mode=block
x-request-id: 75e4cdde6300fe874b4ea5ac812aa245
x-served-by: cache-lga21954-LGA, cache-yul12827-YUL
last-modified: Thu, 04 Nov 2021 09:52:29 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664501,VS0,VE12
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:52:29 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_3.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 31EEXP4VC4L_small.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/ 1 KB
2 KB 78ms
71ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/31EEXP4VC4L_small.jpeg?v=1461176128

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

11bbdd8d16ffe55a66d680af15154b0abf1f04fedf348cc8a1888b1b3dacb615

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1454
x-xss-protection: 1; mode=block
x-request-id: 429b0fe16c63f779ddc57e766ff2867a
x-served-by: cache-lga21934-LGA, cache-yul12827-YUL
last-modified: Thu, 18 Nov 2021 13:38:33 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664269,VS0,VE13
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 13:38:33 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/31EEXP4VC4L_small.jpeg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 41onpvNcghL_small.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/ 2 KB
2 KB 74ms
67ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/41onpvNcghL_small.jpeg?v=1461176127

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

0e0a57061bb49265b9625aca8f3111ef3943dea05031a4c4be09b0ea9f07572e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1916
x-xss-protection: 1; mode=block
x-request-id: 2398c3d56bf260292655dfc94c82469b
x-served-by: cache-lga21952-LGA, cache-yul12827-YUL
last-modified: Sat, 20 Nov 2021 00:29:27 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664118,VS0,VE12
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 20 Nov 2022 00:29:27 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/41onpvNcghL_small.jpeg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 31YTB7KXCEL_small.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/ 2 KB
2 KB 67ms
60ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/31YTB7KXCEL_small.jpeg?v=1461176136

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

99f2266fa780b44460d6b43e7907280e7ce5b5c131baaadf4c754e4a01940050

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1860
x-xss-protection: 1; mode=block
x-request-id: be829d70a437d218eee84f7e2fe72a7f
x-served-by: cache-lga21974-LGA, cache-yul12827-YUL
last-modified: Sat, 06 Nov 2021 06:39:47 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664225,VS0,VE11
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 06 Nov 2022 06:39:46 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/31YTB7KXCEL_small.jpeg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 21puM8tM0cL_small.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/ 1 KB
2 KB 45ms
39ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/products/21puM8tM0cL_small.jpeg?v=1461176007

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

12f63bb29363e0dd95f7258e419eab75bb717a689683c1f1c980aba23cff61ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1514
x-xss-protection: 1; mode=block
x-request-id: 6c2a7191a103d15efccbeb4d47e24cbf
x-served-by: cache-lga21926-LGA, cache-yul12827-YUL
last-modified: Thu, 04 Nov 2021 09:52:31 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664130,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:52:30 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/products/21puM8tM0cL_small.jpeg>; rel="canonical"
x-cache-hits: 1, 9

GET
H2 200 footer-6-shipping.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 4 KB
4 KB 58ms
52ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-shipping.png?v=856916164454700406

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

1e375b90aa0ff390bb8e01ce28f22238f5c86de0c54f1d97b36317679215a103

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: header_generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 3628
x-xss-protection: 1; mode=block
x-request-id: 64db7f89e6e93c305797fdf730c0311f
x-served-by: cache-lga21935-LGA, cache-yul12827-YUL
last-modified: Tue, 23 Nov 2021 09:00:35 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664161,VS0,VE11
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 09:00:35 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-shipping.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 footer-6-payment.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 3 KB
3 KB 67ms
61ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-payment.png?v=14186654180442311331

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

245b1992d58bb7732fae3a38762d68b4a2c44b975228082a46a339ae223fe23a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: header_generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 2578
x-xss-protection: 1; mode=block
x-request-id: 8f1ccf40f2147558b13ba464836bbedb
x-served-by: cache-lga21954-LGA, cache-yul12827-YUL
last-modified: Thu, 04 Nov 2021 09:52:31 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.664158,VS0,VE12
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:52:31 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-payment.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 footer-6-logo.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 3 KB
3 KB 90ms
84ms Image
image/webp 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-logo.png?v=15513195865022962543

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

211af9761cd3bf4df824f1a9b1a5170650908c782d02f73ddfc57221d894f1d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: header_generated
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 2662
x-xss-protection: 1; mode=block
x-request-id: fcf0a0ab74846008693ab232c190b2d8
x-served-by: cache-lga21974-LGA, cache-yul12827-YUL
last-modified: Thu, 04 Nov 2021 11:20:46 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.665155,VS0,VE20
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 11:20:46 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-logo.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 fastclick.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 8 KB
2 KB 31ms
15ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fastclick.min.js?v=4851315590105602228

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

5f6e8a7ba95ff5f883f5e3fefc184719f45a1ed6dfec028a734694f2246f5c00

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 2191
x-xss-protection: 1; mode=block
x-request-id: 4447577d14c92c0b6aa19a1c4173a1bc
x-served-by: cache-lga21969-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:32 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.655796,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 10:03:51 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fastclick.min.js>; rel="canonical"
x-cache-hits: 1, 3

GET
H2 200 timber.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 8 KB
3 KB 29ms
13ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/timber.js?v=13101353195487559715

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

83442f23cd2b3ec46114358b557a36fb369224f52d5ad9b5fb033f027aa46043

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 2459
x-xss-protection: 1; mode=block
x-request-id: 5d01d7ef8701f2d2cfbea0441f3f85af
x-served-by: cache-lga21974-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:45:20 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.655882,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 11:30:33 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/timber.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 bootstrap.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 36 KB
10 KB 36ms
21ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bootstrap.min.js?v=13739510949898416090

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

a3dd9be3f239f7aa17fbee85435c6a5326971e3bc6d994dea16d479c1d748080

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 9203
x-xss-protection: 1; mode=block
x-request-id: b7bbb619359086f3a0447c1d74ab0a364058e42ebc782fe4b18ecbbe3b1e9963
x-served-by: cache-lga21960-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:58 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.655918,VS0,VE2
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 14 Oct 2022 05:20:21 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bootstrap.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 typeahead.bundle.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 39 KB
12 KB 31ms
16ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/typeahead.bundle.js?v=15236839003933281630

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

de0653541de96b651cd9f2179fb45d52422560ecff2a52566172b4da275b7793

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 11162
x-xss-protection: 1; mode=block
x-request-id: a9df7683eeec3ba472e0a84cd69c97d5
x-served-by: cache-lga21956-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:46:46 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.655973,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 10:56:15 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/typeahead.bundle.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.fakecrop.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 3 KB
1 KB 36ms
21ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fakecrop.js?v=10094933026786126442

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

e53dca3111b1336cffd918dbd56d41ec90fe05685e3f0863036f3973f4391a0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1011
x-xss-protection: 1; mode=block
x-request-id: 494062106e119e9a3cc79a2654acdc4d
x-served-by: cache-lga21925-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:33 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.657202,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 11 Nov 2022 12:16:00 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fakecrop.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 callbacks.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 1 KB
781 B 28ms
14ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/callbacks.js?v=13094540780648305879

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

bdfdd1a4ef85bcdabfc21825832cc157ed0eece870692bc3fee69a9e5a97d46a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 524
x-xss-protection: 1; mode=block
x-request-id: d6aac26592939085324c009e3efdb027
x-served-by: cache-lga21966-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:36 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.656546,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 06:53:58 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/callbacks.js>; rel="canonical"
x-cache-hits: 1, 10

GET
H2 200 jquery-ias.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 6 KB
2 KB 30ms
15ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery-ias.js?v=8229918673207537957

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

acefae6dc2e39d998b6360be788f2f856d094d179ce90843dcd3f6da3450115f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1795
x-xss-protection: 1; mode=block
x-request-id: bf56053501f4667a57090e6582b29bd1
x-served-by: cache-lga21958-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:13 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.656416,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 11:30:33 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery-ias.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 trigger.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 2 KB
926 B 34ms
19ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/trigger.js?v=16209555773358476781

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

b4f12f29925ade46c40ac66961ae40ea758da31851a6cd5ff346c3a37909e8c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 662
x-xss-protection: 1; mode=block
x-request-id: f289b9052b884aad87ce2c8e900aade4
x-served-by: cache-lga21979-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:15 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.656304,VS0,VE2
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 10 Nov 2022 12:27:57 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/trigger.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 spinner.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 4 KB
3 KB 29ms
15ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/spinner.js?v=16956320993684403617

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

03d3dc01679028aacc8d5257992fabfda6773ff0880a0259f1666b509d088909

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 2080
x-xss-protection: 1; mode=block
x-request-id: 4e6d02427efbbdb55dff1f1accf6b233
x-served-by: cache-lga21959-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:46:00 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.656298,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:20:52 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/spinner.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 fakecrop.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 398 B
818 B 84ms
70ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fakecrop.js?v=1359312657973655740

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

f11b7bc12475ee06547f27ba064c8985adb1ab7ad8650b49de7f3d0a4f46503e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 205
x-xss-protection: 1; mode=block
x-request-id: 72643a5870f601da20cea60330b6d320
x-served-by: cache-lga21972-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:14 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.657053,VS0,VE20
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 07:48:34 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fakecrop.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 ajax.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 833 B
601 B 44ms
30ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ajax.js?v=18350205453729597014

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

07ad707152bdc4a5b2563321b0c5b49fe144ba11eb2f02d08c869740ecb13136

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 362
x-xss-protection: 1; mode=block
x-request-id: 60c3a383c44d5d64f293652236541d21
x-served-by: cache-lga13622-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:35 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.656915,VS0,VE5
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 12:07:43 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ajax.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 image.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 3 KB
1 KB 36ms
22ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/image.js?v=4679231692544412797

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

346dcbd7c57fccd552686b1b8e02ca64215edb8efa7b8e6ce2ce4bde31403812

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1144
x-xss-protection: 1; mode=block
x-request-id: db735cd0f197fc5867bb315d50b4edda
x-served-by: cache-lga21966-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 07:00:01 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.656770,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 11 Nov 2022 22:04:52 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/image.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 countdown.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 550 B
548 B 29ms
15ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/countdown.js?v=10975744542011170680

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

22cb0b052f391817811d2c75c58780d28b51723249a4d23211757a01dc64e49f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 292
x-xss-protection: 1; mode=block
x-request-id: b63367bb31d2e8347d9877ddb567ccaf
x-served-by: cache-lga13626-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:15 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.656688,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 11:46:08 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/countdown.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 cart.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 2 KB
1 KB 40ms
27ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/cart.js?v=739851446797349870

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

eabcd621d6b8bc1f12ae51c08e26244be0b7a0360b4c32e2db8271595a1254a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 821
x-xss-protection: 1; mode=block
x-request-id: c156fe441a3447bf4ef8f73f316d4591
x-served-by: cache-lga21972-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:32 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.656624,VS0,VE2
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 10 Nov 2022 10:13:11 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/cart.js>; rel="canonical"
x-cache-hits: 1, 11

GET
H2 200 api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/themes_support/ 6 KB
2 KB 34ms
20ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1583
x-xss-protection: 1; mode=block
x-request-id: baeb7181ce4a8e17c629a3aa03f59df3
x-served-by: cache-lga13620-LGA, cache-yul12827-YUL
server: cache-yul12827-YUL
x-timer: S1637941842.657403,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f.js>; rel="canonical"
x-cache-hits: 1, 282936

GET
H2 200 wishlist.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 1 KB
1 KB 42ms
29ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/wishlist.js?v=18432795781182097157

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

e0f455d1d1498d51838797b63bfdd045e33d3c3a2350af4696c6f0bb7af4b163

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 441
x-xss-protection: 1; mode=block
x-request-id: 78a175392e8447c5363247503a198223
x-served-by: cache-lga21977-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:34 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.657755,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 13:32:35 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/wishlist.js>; rel="canonical"
x-cache-hits: 1, 3

GET
H2 200 compare.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 1 KB
640 B 41ms
28ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/compare.js?v=13508649120770554424

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

e0a2ca62a811279a19f1a26a7dcb809caab7490808bb66c0081a19354a3a3709

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 404
x-xss-protection: 1; mode=block
x-request-id: 698fc0047f5a667d7baa0790d3c92b27
x-served-by: cache-lga21945-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:34 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.657714,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 23 Nov 2022 10:03:51 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/compare.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 filter.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 5 KB
2 KB 40ms
27ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/filter.js?v=4560581715482007549

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

8db5bb73b9ddf20fd1b88b3587c7f631e11d3bc9784327f6b08f48b078d30d0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1382
x-xss-protection: 1; mode=block
x-request-id: aae392c0badc0177422a0d0d92ee78e2
x-served-by: cache-lga21930-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:12 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.657538,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 10 Nov 2022 12:27:55 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/filter.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 scroll-home-page.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 729 B
701 B 84ms
70ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/scroll-home-page.js?v=5974368109683302598

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

9a9cb2ad25ffbdfe308987c344c5161213892665e8a6c2236fdf17086edf55a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 399
x-xss-protection: 1; mode=block
x-request-id: b68bb9e32566ff529e650cb1aeb34fdb
x-served-by: cache-lga21979-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:32 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.657478,VS0,VE20
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 11 Nov 2022 18:10:55 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/scroll-home-page.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 authorize.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 2 KB
846 B 42ms
29ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/authorize.js?v=9845956515385613575

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

5122cd7eda76e629024c860bb8645a4ea096443c1424fb69091fd5359d33291f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 570
x-xss-protection: 1; mode=block
x-request-id: 163051dcb13612b2c4a4f0045cdaf0a8
x-served-by: cache-lga21968-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:34 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.661576,VS0,VE0
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 11:20:46 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/authorize.js>; rel="canonical"
x-cache-hits: 1, 11

GET
H2 200 app.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 324 B
792 B 83ms
71ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/app.js?v=7269919959552742872

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

ce4547c612c4efd5eecd7e16c47bdd6a33ed788aec261e771877c774b26b9d00

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 194
x-xss-protection: 1; mode=block
x-request-id: 1024769f4202e3410beb59f0e004347d
x-served-by: cache-lga21976-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:14 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.661706,VS0,VE16
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 11 Nov 2022 12:44:31 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/app.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 shopier.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 5 KB
2 KB 49ms
36ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/shopier.js?v=1437114590246282879

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

80a8f706d27fa1291270113918a6669ce32d8d54e6253dd6168d2824e7d0064f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 2230
x-xss-protection: 1; mode=block
x-request-id: 2b89056a75e7e45f6e21dfb8901f8ea6
x-served-by: cache-lga13622-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:14 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.661749,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 08:13:31 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/shopier.js>; rel="canonical"
x-cache-hits: 1, 3

GET
H2 200 toastr.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 5 KB
2 KB 95ms
83ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/toastr.min.js?v=2051314057409125813

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

d8ae2cda39264b831ea5c4440e1df3be6944b2aeaf54fbfc41b6696e3624f0cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 1685
x-xss-protection: 1; mode=block
x-request-id: e25e70b0655ba9334506d24cce6a4531
x-served-by: cache-lga21960-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:36 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.661752,VS0,VE23
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:52:29 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/toastr.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 snow-fall.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 869 B
735 B 73ms
60ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/snow-fall.js?v=4822747077956979953

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

c8da3d1ab690b842e502d50b685c069664cf07c2aeef312806974703689f3f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 435
x-xss-protection: 1; mode=block
x-request-id: 1935a4887c2f184f9c108e21f9682031
x-served-by: cache-lga13622-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:46:46 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.661816,VS0,VE14
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 12:00:52 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/snow-fall.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 handlebars.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 44 KB
13 KB 89ms
77ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/handlebars.min.js?v=13774848309150936004

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

639e1ed2ff83f3363bfe02331ce9d804ea58b0c52b974e998ec9e7c9976e77ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 12639
x-xss-protection: 1; mode=block
x-request-id: 5f51b8ac8f2430fd0c8057d8193609fe
x-served-by: cache-lga21927-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:12 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.661963,VS0,VE21
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 11:46:08 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/handlebars.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 ajax-cart.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 8 KB
3 KB 48ms
36ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ajax-cart.js?v=15983112782682249836

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

e3850d25d5596e92887ed401c10cc55856d087e9cc690013d8a96f2ae69c1d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 2383
x-xss-protection: 1; mode=block
x-request-id: 3c42936e939d9d8accd4e8959c1db1c9
x-served-by: cache-lga21928-LGA, cache-yul12827-YUL
last-modified: Mon, 16 Dec 2019 19:56:35 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.661957,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 10:11:48 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ajax-cart.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.countdown.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 3 KB
2 KB 46ms
34ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.countdown.min.js?v=10057026977864178463

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

f90abe8ed675ad8dea42d36c57156f378ab98301a28e5913ded0dec3029cbb94

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1310
x-xss-protection: 1; mode=block
x-request-id: af54c73dba441b9df36d96519840c24c
x-served-by: cache-lga21951-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:13 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662020,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 13:01:52 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.countdown.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 currencies.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 2 KB
1 KB 47ms
35ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/currencies.js?v=6595593996013463708

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

640bb437573381031f580147a21b6d180f96592b310f0bbcf69eee7fbe3531b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1260
x-xss-protection: 1; mode=block
x-request-id: bc7bbcd42753d91fec4ec1f3f427daf1
x-served-by: cache-lga21967-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:14 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662141,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 24 Nov 2022 14:49:19 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/currencies.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 jquery.currencies.min.js Show response
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 8 KB
2 KB 47ms
36ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.currencies.min.js?v=8855014844445018519

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

a31a26eb998a31249f6c6fdb1dad3a537c8f68799b7ad67274052cf74db0c0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1928
x-xss-protection: 1; mode=block
x-request-id: fc52804425efa38f436fb8c74959afc6
x-served-by: cache-lga13624-LGA, cache-yul12827-YUL
last-modified: Thu, 12 Dec 2019 05:07:14 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.662100,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 10 Nov 2022 11:57:45 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.currencies.min.js>; rel="canonical"
x-cache-hits: 1, 12

GET
H2 200 common.js Show response
amaicdn.com/preorder2/ 397 KB
122 KB 111ms
26ms Script
application/x-javascript 2606:4700:20::ac43:4910
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://amaicdn.com/preorder2/common.js
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4910 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab455f20c1b9c777b6451db93db8fccc3efbadf020e6520ff680cb14e921dd1b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:41 GMT
via: 1.1 de0a592002999100a0085e087a370865.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4995
x-cache: Miss from cloudfront
content-encoding: br
last-modified: Tue, 16 Nov 2021 08:16:27 GMT
server: cloudflare
etag: W/"af720d6cbf506d353832efea853259d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pn4NzZyhR8prwoF%2FlDbWQDxgFSHZN2NHrWQ06LsmANXtlXzfbuJqyC7ISIuluLgRiBDg99ECLHngDTHkkQOOkRtu7fAxF61YqqI%2BSdIfTa7mp2ME4UiGJcgJK3UnP6lq5T6EP4CQBXW2"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=259200
x-amz-cf-pop: YUL62-C2
cf-ray: 6b44461ec817713f-YUL
x-amz-cf-id: E33MOAtZil9FOcur8Ja-wx1_CiuybVfdIccyNRFECFqPxrzJKv9RNA==

GET
H2 200 trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js Show response
cdn.shopify.com/s/ 78 KB
16 KB 57ms
51ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

cf09cf4fe3ac51fe7db563cbfbf53adb16d17d75d4288002358bc883012f5461

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 16398
x-xss-protection: 1; mode=block
x-request-id: ec467023fafb180a59e3a9f4d531513d
x-served-by: cache-lga21953-LGA, cache-yul12827-YUL
last-modified: Fri, 19 Nov 2021 20:24:45 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.665172,VS0,VE10
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
expires: Sat, 19 Nov 2022 20:24:52 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js>; rel="canonical"
x-cache-hits: 3, 1618687

GET
H2 200 shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/ 8 KB
3 KB 56ms
50ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 2598
x-xss-protection: 1; mode=block
x-request-id: 948c2dd1dc19ad385edfd7296a9ee230
x-served-by: cache-lga13621-LGA, cache-yul12827-YUL
server: cache-yul12827-YUL
x-timer: S1637941842.665180,VS0,VE9
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js>; rel="canonical"
x-cache-hits: 1, 1649164

GET
H2 200 fontawesome-webfont.woff2
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 70 KB
71 KB 91ms
23ms Font
font/woff2 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/font-awesome.min.css?v=1811080494831994179

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12820-YUL /

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/font-awesome.min.css?v=1811080494831994179
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 71896
x-xss-protection: 1; mode=block
x-request-id: 2a60e99d887b0f232de4402d25b7a45d
x-served-by: cache-lga21981-LGA, cache-yul12820-YUL
last-modified: Mon, 16 Dec 2019 19:56:35 GMT
server: cache-yul12820-YUL
x-timer: S1637941842.718177,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: font/woff2
access-control-allow-origin: *
expires: Thu, 10 Nov 2022 11:47:48 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fontawesome-webfont.woff2>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 nth-theshopier.woff
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 2 KB
3 KB 89ms
20ms Font
font/woff2 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nth-theshopier.woff?v=9308052721942006495

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12820-YUL /

Resource Hash

c0c85a9d81bc8b49d7392cf859dbab86ceb479876b8caa74ac0ce91626bb2743

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-image: proxied_with_processing
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 2064
x-xss-protection: 1; mode=block
x-request-id: 14a64093ff1824534cd35a001eea2a8d
x-served-by: cache-lga21975-LGA, cache-yul12820-YUL
last-modified: Thu, 04 Nov 2021 09:52:28 GMT
server: cache-yul12820-YUL
x-timer: S1637941842.717048,VS0,VE1
date: Fri, 26 Nov 2021 15:50:41 GMT
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: font/woff2
access-control-allow-origin: *
expires: Fri, 04 Nov 2022 09:52:28 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nth-theshopier.woff>; rel="canonical"
x-cache-hits: 1, 1

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
483 B 124ms
39ms Ping
text/plain 34.138.230.116
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

116.230.138.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 Nov 2021 15:50:41 GMT
x-dc: gcp-us-east1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://store.mannheimsteamroller.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length: 0
x-request-id: 0e93fdc2-b367-4f84-aae6-f5e2e8087a4b

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 83ms
37ms Stylesheet
text/css 2607:f8b0:4006:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/webfont.js?v=4914639218279684479

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

19d31578c07647f1c2f442ff2018dc058bd6f53009730b72da9388412306c712

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 26 Nov 2021 14:49:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 26 Nov 2021 15:50:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 26 Nov 2021 15:50:41 GMT

GET
H2 200 ico-select.svg
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ 534 B
552 B 19ms
18ms Image
image/svg+xml 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ico-select.svg?v=119411542836263156

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

79be5893415ae1764252c67a9c20b0b5679f066426c9241d0437f6ee2cf75fbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 288
x-xss-protection: 1; mode=block
x-request-id: 55881218aa13e102cc97610c7eee4a81
x-served-by: cache-lga21945-LGA, cache-yul12827-YUL
last-modified: Wed, 18 Dec 2019 06:59:57 GMT
server: cache-yul12827-YUL
x-timer: S1637941842.806205,VS0,VE7
date: Fri, 26 Nov 2021 15:50:41 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/svg+xml
access-control-allow-origin: *
expires: Fri, 18 Nov 2022 15:00:44 GMT
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ico-select.svg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 83ms
19ms Script
application/x-javascript 23.52.163.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.163.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-163-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:41 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 3BDAE1FAB05E52F4
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=38169
accept-ranges: bytes
content-length: 948
x-amz-id-2: JQEtOEyiFCqCP1YLI1OIPGBGUg/WHgpDv22+z5rvn/G8szLTqEelRVwbxuu0H6mk2GphOf1hSec=

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 71ms
20ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 12:46:08 GMT
x-content-type-options: nosniff
age: 11073
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:48 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 26 Nov 2022 12:46:08 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 72ms
22ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:36:42 GMT
x-content-type-options: nosniff
age: 274439
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 11:36:42 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 87ms
37ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 07:27:38 GMT
x-content-type-options: nosniff
age: 548583
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 20 Nov 2022 07:27:38 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 84ms
34ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 07:31:32 GMT
x-content-type-options: nosniff
age: 548349
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7988
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 20 Nov 2022 07:31:32 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 81ms
32ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 14:01:50 GMT
x-content-type-options: nosniff
age: 524931
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7848
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 20 Nov 2022 14:01:50 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ 90 KB
33 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10721
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Nov 2022 12:52:01 GMT

GET
H2 200 consent-tracking-api.js Show response
cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/ 4 KB
2 KB 13ms
13ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12820-YUL /

Resource Hash

895a9abb219fd2af30ad07d7ed904c321249fa5d6a7cf966e69586443ff2ebca

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://store.mannheimsteamroller.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
content-length: 1475
x-xss-protection: 1; mode=block
x-request-id: 6fbf5dda0bd95212d3ef37129e9443e2
x-served-by: cache-lga21942-LGA, cache-yul12820-YUL
server: cache-yul12820-YUL
x-timer: S1637941842.002438,VS0,VE0
date: Fri, 26 Nov 2021 15:50:42 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js>; rel="canonical"
x-cache-hits: 59, 7577

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-557aa41515b86c38/ 861 B
553 B 132ms
124ms Script
application/javascript 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-557aa41515b86c38/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-29-136-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c8048752e2260e948686dd9f326fdc242e897b4cc8d5324cbaa05de22c75750f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
content-encoding: gzip
etag: -1516040408--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 376

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 127 B
1 KB 116ms
83ms Script
application/javascript 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=61a1025164453088&bkl=0&bl=1&pdt=243&sid=61a1025164453088&pub=ra-557aa41515b86c38&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=store.mannheimsteamroller.com&fp=products%2Fchristmas-symphony&fr=&of=0&pd=1&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1637941842068&jsl=262145&uvs=61a1025152388093000&skipb=1&callback=addthis.cbs.jsonp__61188912354043330
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-29-136-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f876a85a09d23bf0c36a833aa798f30e1980524bec00dbf4f8599cfb18998365

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Nov 2021 15:50:42 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
p3p: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
content-length: 127
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 7217 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 533A 71 KB
26 KB 30ms
30ms Document
text/html 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-136-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

55d783462e6671fa985a6b0829db15474f4e57f0555c93e15cc2db6a1d1e6cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/

Response headers

server: nginx/1.15.8
content-type: text/html
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
etag: W/"5ed917ff-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Fri, 26 Nov 2021 15:50:42 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 pxiGyp8kv8JHgFVrLPTucHtA.woff2
fonts.gstatic.com/s/poppins/v15/ 7 KB
7 KB 21ms
20ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiGyp8kv8JHgFVrLPTucHtA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d749eb62e331c970c314b8a5c15b28e6859ada77e6f12744146a1193c3fb25ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 06:16:32 GMT
x-content-type-options: nosniff
age: 34450
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7520
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:15 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 26 Nov 2022 06:16:32 GMT

GET
H2 200 pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 25ms
24ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c696de4c3bffff1930d31a5f99fd1bd5fe660f2bdbc4f6601f5500f786fb692a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:32:51 GMT
x-content-type-options: nosniff
age: 274671
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:14 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 11:32:51 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 22ms
22ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e28d860a51754d183f6f97432fd94046cd31afb7ce65c8ea179b0ff63b3d84fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:38:42 GMT
x-content-type-options: nosniff
age: 274320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7844
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:45 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 11:38:42 GMT

GET
H2 200 pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 7 KB
8 KB 21ms
21ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de60204842daf5531d76ca6a7104d8def25ab425a0b32e8d7b42f610699abf9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 12:48:28 GMT
x-content-type-options: nosniff
age: 10934
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7616
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:27 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 26 Nov 2022 12:48:28 GMT

GET
H2 200 1508196c812a7a4ace2b5caaf751b92d.js Show response
amaicdn.com/preorder2/store/ 7 KB
2 KB 71ms
71ms Script
application/x-javascript 2606:4700:20::ac43:4910
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://amaicdn.com/preorder2/store/1508196c812a7a4ace2b5caaf751b92d.js?1591270671
Requested by: Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4910 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71a1f71060033a3d191d074ba674204b757e851e63c87ba2579c3c338cfe9a23

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
via: 1.1 266cd0ca40a2604d8ba51f8173b83663.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: YUL62-C2
x-cache: Miss from cloudfront
content-encoding: br
last-modified: Tue, 10 Nov 2020 12:29:41 GMT
server: cloudflare
etag: W/"1bde4382f72affed836bcf422b5b9682"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHg02CGZH6Ige%2FQ3xLIzdRCMsCRTrja2hyi6dzlArL0Clp6gv99PSst4BXuUmrI%2Bz%2BJPvR72k10b59kD8ZS8GaIp%2FH116z9fyvGKex8wXJh0gmfYWP8hr8Xq%2BDAMta0SjM5a2LySeE8c"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=259200
cf-ray: 6b4446216bc4713f-YUL
x-amz-cf-id: VBb-sDOAgHACPR2zH68n91nXiD8Ngls0Haj5NgwHJ95_D1KwN-BoYA==

GET
H2 200 1508196c812a7a4ace2b5caaf751b92d.css
amaicdn.com/preorder2/store/ 1 KB
738 B 64ms
64ms Stylesheet
text/css 2606:4700:20::ac43:4910
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://amaicdn.com/preorder2/store/1508196c812a7a4ace2b5caaf751b92d.css?1591270671
Requested by: Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4910 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b727c48698c708c57542957cdd4d1c7c2f74ed9144006ac1d89ce529d1151a54

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
via: 1.1 284604a136e5c9e34fb26b90f74b125e.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: YUL62-C2
x-cache: Miss from cloudfront
content-encoding: br
last-modified: Tue, 10 Nov 2020 12:29:41 GMT
server: cloudflare
etag: W/"738234db3051e3b6cf0ee58938b01063"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FI3ng1LWaSh%2FIkX6Y1xLoeBRDBYCn0BCF7CnD%2FJ6McJysZ5n9iS3QARZ6yFKhHpeLm9%2BSaWKyLQJTQ0D7kJRxv5boUAlON%2BQHNIleBwByhN0ZjzsjCadW%2BmUXEoCgDTuK%2FKPiOUDDK6b"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=259200
cf-ray: 6b4446216bc6713f-YUL
x-amz-cf-id: _SmdJapiDui_gAoLAbDD_OE3Po7n7x681Ob_PzspDQ-GDazguSRmUQ==

GET
H2 200 common.css
amaicdn.com/preorder2/ 14 KB
3 KB 20ms
20ms Stylesheet
text/css 2606:4700:20::ac43:4910
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://amaicdn.com/preorder2/common.css
Requested by: Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4910 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d60c40d0f004b5f759ccb67857c8d9bc3f0fb6f74dea446dce2917beded7d61b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
via: 1.1 fdced9a893123e4285bf6f674dce492d.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4959
x-cache: Miss from cloudfront
content-encoding: br
last-modified: Tue, 16 Nov 2021 08:16:27 GMT
server: cloudflare
etag: W/"9aa068a41aee96d34c96412798a13c9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N2qGtBA%2BP5K56ttUtU65rj3btPmgwdfGGOWE8LzF0C8LWbVEXj0el1SFcvwTKzOGWf2R0WssF0iwtELB%2FCdJPh%2B25AzZ%2BSVWl29ZxP1K7ZRr%2BK87NT9FI291DUOFWTgtRMzfqvBLGS1w"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=259200
x-amz-cf-pop: YUL62-C2
cf-ray: 6b4446216bc7713f-YUL
x-amz-cf-id: xYnudRaYJDUda1zV-aysKT-HgE0OJcdbbFmAI5zpJggiPOnnmXT_3A==

GET
H2 200 spurit.global-2.x.min.js Show response
amaicdn.com/all-apps/ 325 KB
99 KB 30ms
30ms Script
application/x-javascript 2606:4700:20::ac43:4910
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://amaicdn.com/all-apps/spurit.global-2.x.min.js
Requested by: Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4910 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b88de92c177074c266273089f091c29a305473c417d4f0155027495efd777c1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
via: 1.1 5632fe5930775cf7bdf993a5c3c6fa2e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 916
x-cache: Miss from cloudfront
content-encoding: br
last-modified: Thu, 27 May 2021 11:43:29 GMT
server: cloudflare
etag: W/"20168a2850f2673f670d47652ae405d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cqXN2YZ%2F6%2FMNQgMaXg65VO%2FNYKsEhuDZEd5E0lA7B5ReVmijfXjhEdLmQko7LNENvj0MXF5YDV8NgT%2FyOMd%2BuS0AhnQy%2BuD9fiLeYLA2Nr63H07PmEzKxXmQmS6ieK4xOA4OYg4DX2xd"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=259200
x-amz-cf-pop: YUL62-C2
cf-ray: 6b4446216bc8713f-YUL
x-amz-cf-id: FyUGUIDxff8ziavAEQkxMWrG5Cf0pQctUeDuLUieaCb2xnd7nfPL-Q==

GET
H2 200 shopify-boomerang-1.0.0.min.js Show response
cdn.shopify.com/shopifycloud/boomerang/ 58 KB
18 KB 15ms
14ms Script
application/javascript 2a04:4e42:e00::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-yul12827-YUL /

Resource Hash

886430890562cc216ae31a8047f07542f8df8c11f9465f9b08a8dd2da529ac9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
content-length: 17388
x-xss-protection: 1; mode=block
x-request-id: b3ae10cedc8093f40a60dd92858b8e57
x-served-by: cache-lga21967-LGA, cache-yul12827-YUL
server: cache-yul12827-YUL
x-timer: S1637941842.218608,VS0,VE0
date: Fri, 26 Nov 2021 15:50:42 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=3600, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js>; rel="canonical"
x-cache-hits: 1, 2012479

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
482 B 47ms
46ms Ping
text/plain 34.138.230.116
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

116.230.138.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
x-dc: gcp-us-east1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://store.mannheimsteamroller.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length: 0
x-request-id: 5aa5424c-762a-4d9b-992e-b56836b1cd70

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
482 B 45ms
45ms Ping
text/plain 34.138.230.116
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

116.230.138.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
x-dc: gcp-us-east1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://store.mannheimsteamroller.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length: 0
x-request-id: c8578862-d0dc-46c1-bf9d-f90c1caed61f

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
482 B 45ms
45ms Ping
text/plain 34.138.230.116
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

116.230.138.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
x-dc: gcp-us-east1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://store.mannheimsteamroller.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length: 0
x-request-id: 43728228-229e-4e27-8a8b-fde7e8f29bc4

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
482 B 53ms
52ms Ping
text/plain 34.138.230.116
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

116.230.138.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
x-dc: gcp-us-east1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://store.mannheimsteamroller.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length: 0
x-request-id: d169c805-f12b-4c5a-b285-895235231537

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
482 B 67ms
66ms Ping
text/plain 34.138.230.116
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

116.230.138.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
x-dc: gcp-us-east1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://store.mannheimsteamroller.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length: 0
x-request-id: a3b13f13-5567-43a9-967b-21f8b6cb19f6

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 30ms
29ms Script
application/javascript 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-136-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Fri, 26 Nov 2021 15:50:42 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
482 B 60ms
59ms Ping
text/plain 34.138.230.116
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

116.230.138.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
x-dc: gcp-us-east1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://store.mannheimsteamroller.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length: 0
x-request-id: 790541b2-178e-4097-9426-6628cb154fa4

GET
H2 200 getlocation Show response
preordermanager.amai.com/ 45 B
1018 B 125ms
39ms XHR
application/json 174.129.223.30
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://preordermanager.amai.com/getlocation?hash=0.22676275509194377
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.129.223.30 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-174-129-223-30.compute-1.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 7becfb9e0a5ccbdcd505ea0205f20d569291586611dbdafb1d8ec4a302009a73

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 26 Nov 2021 15:50:42 GMT
cache-control: no-cache, private
server: nginx/1.18.0 (Ubuntu)
access-control-allow-headers: X-Requested-With, Content-Type, X-Token-Auth, Authorization
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json

GET
H2 200 1.js Show response
cdn.ywxi.net/js/ 18 KB
5 KB 99ms
30ms Script
text/javascript 2600:9000:210b:9a00:14:6bfc:5740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ywxi.net/js/1.js?shop=mannheimsteamroller.myshopify.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:210b:9a00:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

49003c970644945f5d917faa1ad44eb94547494d060c9d959132e8fe3db67205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:35:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 927
content-security-policy-report-only: report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
x-cache: Hit from cloudfront
content-length: 4523
via: 1.1 f28d01ff99a9babe0b725f1873c60b2a.cloudfront.net (CloudFront)
referrer-policy: strict-origin-when-cross-origin
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-cf-pop: EWR53-C3
x-amz-cf-id: 32MNDlj41HyPMU7pYe1zBBFg1GLnf7W45cMHDJIlEEreVngz6LDikQ==
expires: Fri, 26 Nov 2021 16:35:15 GMT

GET
H2 200 generate_bundle.php Show response
secure.apps.shappify.com/apps/bundle/ 97 KB
34 KB 34ms
33ms Script
application/javascript 2606:4700::6811:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.apps.shappify.com/apps/bundle/generate_bundle.php?shop=mannheimsteamroller.myshopify.com
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fdb4ccca2ca3cf95703b46a299b7906c662f500ff6eb1b409c5dffc1072e979

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
via: 1.1 google
cf-cache-status: HIT
age: 7457
cf-polished: origSize=102099
p3p: CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"
cf-bgj: minify
content-encoding: gzip
last-modified: Fri, 26 Nov 2021 12:24:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 6b4446226bcc7136-YUL
expires: Fri, 26 Nov 2021 19:50:42 GMT

GET
H2 200 UpsellTracker.js Show response
upsells.boldapps.net/v2_ui/js/ 149 KB
36 KB 63ms
24ms Script
application/javascript 2606:4700::6810:6c12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://upsells.boldapps.net/v2_ui/js/UpsellTracker.js?shop=mannheimsteamroller.myshopify.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6c12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df870e6ec42abc29c776c7144bfceec6e31d4ba9dfdd3b94d49ae607209dbe82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 87171
content-length: 36795
last-modified: Fri, 12 Nov 2021 20:51:52 GMT
server: cloudflare
etag: "25328-5d09da0eeca00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
cache-control: public, max-age=172800
accept-ranges: bytes
cf-ray: 6b444622a8cb7139-YUL
expires: Sun, 28 Nov 2021 15:50:42 GMT

GET
H2 200 upsell.js Show response
upsells.boldapps.net/v2_ui/js/ 307 KB
77 KB 81ms
43ms Script
application/javascript 2606:4700::6810:6c12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://upsells.boldapps.net/v2_ui/js/upsell.js?shop=mannheimsteamroller.myshopify.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6c12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e61b8d9fae3bf7e8dc6a117f45ea71454b348ce7ea966289ab63dd8072fff03

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 12 Nov 2021 20:51:52 GMT
server: cloudflare
age: 87171
etag: "4ca81-5d09da0eeca00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6b444622a8cf7139-YUL
expires: Sun, 28 Nov 2021 15:50:42 GMT

GET
H/1.1 200
OK 733e96712da5deb75c462e38c.js Show response
chimpstatic.com/mcjs-connected/js/users/9c5ee2d505dce6f872341394a/ 50 B
783 B 160ms
51ms Script
application/javascript 23.217.165.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://chimpstatic.com/mcjs-connected/js/users/9c5ee2d505dce6f872341394a/733e96712da5deb75c462e38c.js?shop=mannheimsteamroller.myshopify.com
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.217.165.41 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-217-165-41.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency: 52, 15, 19, 16
Date: Fri, 26 Nov 2021 15:50:42 GMT
Last-Modified: Mon, 28 Jan 2019 17:44:12 GMT
Server: AmazonS3
x-amz-request-id: 4J09F1D89GEA5B2X
X-EdgeConnect-MidMile-RTT: 0, 0, 0, 0
ETag: "104d46a3208b40e8ded389332f5a78a3"
Content-Type: application/javascript
Cache-Control: max-age=1800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50
x-amz-id-2: qEOpoBJyPxWFbfHEd8W0W2HtksqlXoLBrjGslbInb7sL4Xr3uEOC5JoF4nunK0SY9B5d1/dDo+k=
Expires: Fri, 26 Nov 2021 16:20:42 GMT

GET
H2 200 bundles_install_check.js Show response
bundles.boldapps.net/ 122 B
592 B 80ms
30ms Script
application/javascript 2606:4700::6810:6c12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bundles.boldapps.net/bundles_install_check.js?shop=mannheimsteamroller.myshopify.com
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6c12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48922662ded60ae654cf1bd95f3f85d65afa8121d93f155bc7c69cd3b9cb43c7

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 24 Nov 2021 21:22:31 GMT
server: cloudflare
age: 87171
etag: "7a-5d18f74a433c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
content-encoding: gzip
cache-control: public, max-age=172800
cf-ray: 6b444622bb247156-YUL
expires: Sun, 28 Nov 2021 15:50:42 GMT

GET
H2 200 sdk.js Show response
widgetic.com/sdk/ 49 KB
16 KB 61ms
24ms Script
application/javascript 2606:4700:3035::ac43:bb45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://widgetic.com/sdk/sdk.js?shop=mannheimsteamroller.myshopify.com
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:bb45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ef0cc1e828b27fd66ca9d77b1c5750ed658b428194d8ec696d7275ecf702b5d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7457
x-cache: MISS
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 23 Apr 2021 08:36:21 GMT
server: cloudflare
etag: W/"60828705-c2fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNADNNC4Gzr4LyBr5kqaQoWDI9UtGHbMULhxaOBz%2BfNE1TqDTN1DyoZdQJyWiZksQ4W%2BsNxwZk9t6nyDMIH%2BgTvUKUeiLkRXgEVnPS83sxwM8cQ3wLm%2BBgdDk4%2FvQ93oiMJvKQAznPFuevQ%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 161906665
via: 1.1 varnish-v4
cache-control: public, max-age=86400
cf-ray: 6b444622ad37714a-YUL
x-cache-hits: 0

GET
H/1.1 200
OK common.js Show response
shopify-sales-timer.s3.amazonaws.com/prod/js/ 31 KB
7 KB 120ms
38ms Script
application/x-javascript 52.216.147.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Requested by: Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.147.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: d5f7497a0cc616f1966d0ff5d7aced455748eb6fe8da233c01b62e5cd0131111

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Oct 2021 12:57:26 GMT
Server: AmazonS3
x-amz-request-id: VSM290DNTXDDZ1VQ
ETag: "efbc8b7aa424533fa443b25ce529f73a"
Content-Type: application/x-javascript
x-amz-storage-class: REDUCED_REDUNDANCY
Accept-Ranges: bytes
Content-Length: 7135
x-amz-id-2: 3Uhfn2k0q/UJTV1JwTkoIr6GG5pkT1BooRVHXyrxRkUrERRIxDNyN6Dwsg50YrkCFVjIPtoPlEE=

POST
H2 200 shares-post.json Show response
api-public.addthis.com/url/serviceapi/ 2 B
292 B 51ms
33ms XHR
application/json 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-136-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: text/plain

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
surrogate-key: sFbt=https://store.mannheimsteamroller.com/products/christmas-symphony
last-modified: Fri, 26 Nov 2021 15:00:00 GMT
server: nginx/1.15.8
date: Fri, 26 Nov 2021 15:50:42 GMT
content-type: application/json
access-control-allow-origin: https://store.mannheimsteamroller.com
cache-control: no-transform, max-age=0, s-maxage=14400
access-control-allow-credentials: true
content-length: 2

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 33 B
310 B 126ms
109ms Script
application/json 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&callback=_ate.cbs.rcb_62rv0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-136-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

0fc2942278b27e5a9f5134df76c09d0282976a986d5c1561f43bd4db873fb194

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: store.mannheimsteamroller.com/products/christmas-symphony
last-modified: Fri, 26 Nov 2021 15:50:42 GMT
server: nginx/1.15.8
date: Fri, 26 Nov 2021 15:50:42 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 53

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 33 B
310 B 122ms
106ms Script
application/json 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&callback=_ate.cbs.rcb_cbbq0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-136-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

11d611a3bf5539e8792184cc096a5986e487474a3c3623507aef30a71ba9cb08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: store.mannheimsteamroller.com/products/christmas-symphony
last-modified: Fri, 26 Nov 2021 15:50:42 GMT
server: nginx/1.15.8
date: Fri, 26 Nov 2021 15:50:42 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 53

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 59ms
22ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

628a5235287ca822fec1812476ca143481a42a846c22d3b6f70c98f4f281ee2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: jJZvi6XgakhkAoIuar91mA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: 4yAzRQDUJG6w6QJrD9YP3mLe3A4b3TBFkl6rSDWFW/2MV2YXSiE84I4lMDsVpzgu8pd7uwUlcJgoxHNX5yYofw==
x-fb-trip-id: 1512268381
x-fb-content-md5: b94c9f9f5272fe204b4a8b8ed4e2823a
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "0eef643157834ed72008b84fbf935da4"
timing-allow-origin: *
expires: Fri, 26 Nov 2021 15:55:56 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 135ms
33ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (cha/81E0) /
Resource Hash: 00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:42 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 1051
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 29104
x-tw-cdn: VZ
Last-Modified: Mon, 18 Oct 2021 18:33:56 GMT
Server: ECS (cha/81E0)
Etag: "a709ab1b2c0d5d5e7c19895f6e1dcbfd+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 pinit.js Show response
assets.pinterest.com/js/ 361 B
431 B 71ms
19ms Script
application/javascript 2600:1400:d:483::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pinterest.com/js/pinit.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d:483::1931 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-encoding: br
x-cdn: akamai
etag: "62d32c28f14783b94192cd8d35bc010d"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=266
accept-ranges: bytes
content-length: 203
access-control-expose-headers: X-CDN

GET
H2 200 counter.d27508c102582d608697.js Show response
s7.addthis.com/static/ 24 KB
8 KB 25ms
25ms Script
application/javascript 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/counter.d27508c102582d608697.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-136-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5fd2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Fri, 26 Nov 2021 15:50:42 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 8265

GET
H3 200 cart.json Show response
store.mannheimsteamroller.com/ 283 B
1 KB 121ms
91ms XHR
application/json 23.227.38.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://store.mannheimsteamroller.com/cart.json?1637941842360

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49734d774c446f4aef9960b4638be22a16cc1f87d26e552dfa4d5de78e4b30dd

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
X-Requested-With: XMLHttpRequest
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
x-shopify-stage: production
content-type: application/json; charset=utf-8
strict-transport-security: max-age=7889238
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-sorting-hat-shopid: 12587491
x-shardid: 224
x-storefront-renderer-rendered: 1
server: cloudflare
x-frame-options: DENY
content-language: en
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept
x-download-options: noopen
x-shopid: 12587491
x-request-id: aa6a540f-825f-42b1-9891-6e0364ff7ad9
content-security-policy: block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
cf-ray: 6b444622ffe24bbe-YUL
x-sorting-hat-podid: 224
x-cartjs-updatedat: 0

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 85 B
352 B 28ms
27ms Script
application/json 184.29.136.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&callback=_ate.cbs.sc_httpsstoremannheimsteamrollercomproductschristmassymphony0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-136-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ec8bdf6deb889cd67eb602bce3fbd54efa7b5ebb64d871e5f8e22f4c4d13b2d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: store.mannheimsteamroller.com/products/christmas-symphony
last-modified: Fri, 26 Nov 2021 15:17:35 GMT
server: nginx/1.15.8
date: Fri, 26 Nov 2021 15:50:42 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 95

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 290 KB
82 KB 39ms
18ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=9c5e99bc020d3d432377d4ae3fd49045

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bbcb5a5d0f046a0c21da3d12140cb26a945291dc6ad8d63ac2989768b2853e95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://store.mannheimsteamroller.com/
Origin: https://store.mannheimsteamroller.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: r1/u3AZ5MUHYcyougYEF3g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 84322
x-fb-rlafr: 0
x-fb-debug: 3UKTdhnuE5IWS6fj/YLCQTPPhKw0zF2A5L9K7tVrwN/KaMdXBvoKOuzKyYGnZhgTpviqswl4UmJY81CG7xe1TQ==
x-fb-content-md5: 8fede54fa9b9877151d23c006fcac5d5
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "4a7810307829258f6420f073c684148e"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 26 Nov 2022 14:51:58 GMT

POST
H2 200 validate_product_offer Show response
upsells.boldapps.net/v2/mannheimsteamroller.myshopify.com/ 2 B
501 B 140ms
115ms Fetch
application/json 2606:4700::6810:6c12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://upsells.boldapps.net/v2/mannheimsteamroller.myshopify.com/validate_product_offer

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6c12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.3.29

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: application/json
Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/7.3.29
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6b4446239a61ecea-YUL

GET
H3 200 cart.json Show response
store.mannheimsteamroller.com/ 283 B
1 KB 75ms
74ms Fetch
application/json 23.227.38.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://store.mannheimsteamroller.com/cart.json?_tmp=1637941842462

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e07288f222a3d0c5f61c1ccfadea5f03ec1dafa496f060da16a4451ee4b3da45

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
x-shopify-stage: production
content-type: application/json; charset=utf-8
strict-transport-security: max-age=7889238
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-sorting-hat-shopid: 12587491
x-shardid: 224
x-storefront-renderer-rendered: 1
server: cloudflare
x-frame-options: DENY
content-language: en
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept
x-download-options: noopen
x-shopid: 12587491
x-request-id: 09335818-915c-4273-9e59-4e06e8e30946
content-security-policy: block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
cf-ray: 6b44462368884bbe-YUL
x-sorting-hat-podid: 224
x-cartjs-updatedat: 0

GET
H/1.1 200
OK client.json Show response
s3-us-west-2.amazonaws.com/mfesecure-public/host/store.mannheimsteamroller.com/ 185 B
986 B 429ms
114ms XHR
application/json 52.218.245.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/mfesecure-public/host/store.mannheimsteamroller.com/client.json?source=jsmain
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.245.232 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 453d0175b3e250ee15ac4af4f1d424ac87b80b1b9529189c07feb0db8ca8563e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Content-Encoding: gzip
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: VSMCW8D8CF233VJE
x-amz-replication-status: COMPLETED
Content-Length: 161
x-amz-id-2: JY7qakEV+aGBEYyeREOmMZ3QCG3zfCrqCxuY4VehgjXyXrALMxinkxTFB7Dr9oUDQUIySNlSiVA=
Last-Modified: Sat, 06 Nov 2021 00:03:09 GMT
Server: AmazonS3
ETag: "b14e522cf4725032cf59c44c8674b283"
Access-Control-Max-Age: 60
Access-Control-Allow-Methods: GET, HEAD
x-amz-version-id: upa3AROUF2jbseoENOOXJ_59ntiI693A
Access-Control-Allow-Origin: https://store.mannheimsteamroller.com
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Cache-Control: public, max-age=60
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/json

GET
H/1.1 200
OK client.json Show response
s3-us-west-2.amazonaws.com/mfesecure-public/host/store.mannheimsteamroller.com/ 185 B
986 B 438ms
117ms XHR
application/json 52.218.245.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/mfesecure-public/host/store.mannheimsteamroller.com/client.json?source=jsinline
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.245.232 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 453d0175b3e250ee15ac4af4f1d424ac87b80b1b9529189c07feb0db8ca8563e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Content-Encoding: gzip
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: VSMEDBFT6CYQT9YN
x-amz-replication-status: COMPLETED
Content-Length: 161
x-amz-id-2: tvLUA3aZIaZXU4Ca+PnUhCWQIJiUYDvrHur7GYkXW8RxHfXI8lVrW2mRMAD2ciC8Eq1Vl743nuQ=
Last-Modified: Sat, 06 Nov 2021 00:03:09 GMT
Server: AmazonS3
ETag: "b14e522cf4725032cf59c44c8674b283"
Access-Control-Max-Age: 60
Access-Control-Allow-Methods: GET, HEAD
x-amz-version-id: upa3AROUF2jbseoENOOXJ_59ntiI693A
Access-Control-Allow-Origin: https://store.mannheimsteamroller.com
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Cache-Control: public, max-age=60
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/json

GET
DATA 200
OK truncated
/ 171 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d2fd5a42a1849ad0d820611e243fd81fe81ee767716b639ff7e88c1e9f78bb6

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 937 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c69e528427c8218cb4bc5fe647db3366146403d53593a3f96482479a14eca234

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK common.css
shopify-sales-timer.s3.amazonaws.com/prod/css/ 7 KB
2 KB 36ms
36ms Stylesheet
text/css 52.216.147.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shopify-sales-timer.s3.amazonaws.com/prod/css/common.css
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.min.js?v=6506911499012750403
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.147.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 020256ed061fcedb32b553f0b41a378cf675aaa30cc4bff1b0b4ff10d966f743

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Oct 2021 12:57:26 GMT
Server: AmazonS3
x-amz-request-id: VSM960QPYM294MW3
ETag: "eee30aabcc39c7fd080b67aa641119be"
Content-Type: text/css
x-amz-storage-class: REDUCED_REDUNDANCY
Accept-Ranges: bytes
Content-Length: 1322
x-amz-id-2: TeKD5wn6GBX5wKBjqfniT48ph/c+84wY5ED3XNdXMR5eyb6Ss3Sal0nVGHlfiYACVfOYtR46quE=

GET
H/1.1 200
OK flipclock.css
shopify-sales-timer.s3.amazonaws.com/Libs/ 9 KB
9 KB 70ms
33ms Stylesheet
text/css 52.216.147.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shopify-sales-timer.s3.amazonaws.com/Libs/flipclock.css
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.min.js?v=6506911499012750403
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.147.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4a942df3840bf9906c7d776a6c9b89e80a1024dd62ca9384f74d99cbd6db32bc

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Last-Modified: Thu, 04 Jun 2020 13:14:29 GMT
Server: AmazonS3
x-amz-request-id: VSM96FPRGYZJP391
ETag: "304912902ea706e6e15bd2fcb4923db6"
Content-Type: text/css
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 9299
x-amz-id-2: u4IEu9VPbWzh5xktT7pYkUbOiLkhHfLH8CeFOXDgprevqtMON5M/LK3rMbXeE0SzveB1ZVO9JqU=

GET
H/1.1 200
OK moment.js Show response
shopify-sales-timer.s3.amazonaws.com/Libs/ 52 KB
52 KB 108ms
36ms Script
application/javascript 52.216.147.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shopify-sales-timer.s3.amazonaws.com/Libs/moment.js
Requested by: Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.147.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: fae111500cc7ac97add95d1e3338f4b5d722991c712983632339b50c37fb3c59

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Last-Modified: Thu, 04 Jun 2020 13:14:29 GMT
Server: AmazonS3
x-amz-request-id: VSM8PQM8K6M5XW8D
ETag: "0b72c2145fc66024267cd6f298877485"
Content-Type: application/javascript
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 53325
x-amz-id-2: k80vFHubqeLfNLiCcX/QyKPx/OeImv2ViicFdyLOGGb0z3fe2TwoSCXLjeegVouzAVD859mnucI=

GET
H/1.1 200
OK widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html Show response
platform.twitter.com/widgets/ Frame 64A8 319 KB
103 KB 35ms
34ms Document
text/html 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fstore.mannheimsteamroller.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (cha/81BB) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 750161
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 26 Nov 2021 15:50:42 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Mon, 18 Oct 2021 18:32:00 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (cha/81BB)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H2 200 pinit_main.js Show response
assets.pinterest.com/js/ 66 KB
19 KB 19ms
19ms Script
application/javascript 2600:1400:d:483::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pinterest.com/js/pinit_main.js?0.4663795491575502
Requested by: Host: assets.pinterest.com
URL: https://assets.pinterest.com/js/pinit.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d:483::1931 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-encoding: br
x-cdn: akamai
etag: "3725764cf05d1a0938de73d398772331"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=246
accept-ranges: bytes
content-length: 18679
access-control-expose-headers: X-CDN

GET
H2 200 like.php Show response
www.facebook.com/v2.6/plugins/ Frame F4E2 48 KB
18 KB 150ms
106ms Document
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=9c5e99bc020d3d432377d4ae3fd49045

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f6335a7d4ad18aa5a54f02cab84373856ff761ffe1311bee32faa6cd25c27312

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v5.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: yiADxGIXmPnd7MWhGhPvQP8bQY+841X/tcgMnlin8jYVFcLLdhgs+yjsJ1Ej3anwHH75p0V+tTXXdYHqNU2PUQ==
date: Fri, 26 Nov 2021 15:50:42 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

POST
H2 200 validate_product_offer Show response
upsells.boldapps.net/v2/mannheimsteamroller.myshopify.com/ 2 B
282 B 80ms
80ms Fetch
application/json 2606:4700::6810:6c12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://upsells.boldapps.net/v2/mannheimsteamroller.myshopify.com/validate_product_offer

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6c12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.3.29

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: application/json
Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 26 Nov 2021 15:50:42 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/7.3.29
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6b4446245b4aecea-YUL

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 859adbfc48bb0b06c58fe109db4909585fbca5df398d49185fc0f486bad1ac96

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 64A8 233 B
448 B 150ms
49ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=557d5e2c2d19bdf5cecf86d031c96dfc3434c497

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fstore.mannheimsteamroller.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

2816082c025f64540b613fde3096d814ae21ac75279461ec1d6bcb5c07099fdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-response-time: 6
date: Fri, 26 Nov 2021 15:50:42 GMT
content-encoding: gzip
last-modified: Fri, 26 Nov 2021 15:50:42 GMT
server: tsa_b
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: c9c94fd0f478425ee9597fe0f61ce3137fd3d6e94b6cc344e3f8ceb75309de77
content-length: 167

GET
H/1.1 200
OK moment-timezone-with-data-2010-2020.js Show response
shopify-sales-timer.s3.amazonaws.com/Libs/ 43 KB
43 KB 37ms
36ms Script
application/javascript 52.216.147.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shopify-sales-timer.s3.amazonaws.com/Libs/moment-timezone-with-data-2010-2020.js
Requested by: Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.147.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7904ee2f3a727716d388ece888b992ccfc8a03e5d78cf62a6e7e454ec30dffeb

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Last-Modified: Thu, 04 Jun 2020 13:32:12 GMT
Server: AmazonS3
x-amz-request-id: VSM3AMK30RKJFEWB
ETag: "24faae3c38012dae201e12dfbc657b0c"
Content-Type: application/javascript
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 43677
x-amz-id-2: 4NznyfXt0OzrcMSq1LiESpTIMyFeFBDftBlXbz9Gd5HrlBOeFCHeSlcT2MEuqsfIlkrWjS4PhDw=

GET
H/1.1 200
OK flipclock.js Show response
shopify-sales-timer.s3.amazonaws.com/Libs/ 54 KB
11 KB 37ms
37ms Script
application/javascript 52.216.147.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shopify-sales-timer.s3.amazonaws.com/Libs/flipclock.js
Requested by: Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.147.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 582e5b6c7f1b60a0a278e9b8c5e57535d8a84a758fe654003b86de304e66b3f8

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 04 Jun 2020 13:14:29 GMT
Server: AmazonS3
x-amz-request-id: VSM5TGPZG1PZXV40
ETag: "7380df0b4731441bf4cb9205d2b2d2d9"
Content-Type: application/javascript
Cache-Control: 604800
Accept-Ranges: bytes
Content-Length: 11272
x-amz-id-2: ly7VzDVF0GRsFR1iAbICqLBlnr/0+EEYTIpKVKRctT+VgxGkrdObcTzV20Q931qgokv0jtN+w74=

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 94ms
70ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: O57oX9cwpttf6Wuo6ZgXlgELUnzbIlKSItvEsWFVhkkBnm+lv9d9EnNCH9F5wgooYhC+pqUEdlgTluUOv/gyag==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 93ms
70ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: i2eGt3tpNmJ475yncGQUC+TlGQiuUMbZ/oj3lyq6A59ospBMo6JRROhk833l3Vaf8wZGQYc1L66CNDzZrGd0zA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 109ms
86ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: CVn+PD9+R4RmXiEDulnKKKHDpoRtpMMZ7mz4+136e4q+0FuJ7B0SFw+BBM4HFWjc4frxg2CtTcaom4OKNM27gw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 96ms
73ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: EBsfHSTXf9XgIgsodB7MWtkx7cQL+qakwGZZJIPcacB+b0PAY35U1nAqw5lHxslIyXDt2EUZrIadz34eiiu0Rw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 101ms
74ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: p3OhO1CfXF18I1ZzTRBRjrouWYn9ktatrGyCIR6ZLfAWW8ojieNVTWWiLlJrQZUNkkAQM9HOqBHRgwNUFfKKwg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 112ms
86ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: SjrUWMoIaR+xF8kiy5DZ7Pt/GtKQcWAHcQmfn3E2E3qb7DFPrOjCgTv0vs0h783eq6gMn04onWEfMDBpXRSaQw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 100ms
75ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: d/nvm2sPqMALHlKpJVv36JdJa1HTFeRoUjNJknBm/+3CTt8vxVFEysSw9PDM0SmHkqhr/+aBdHwQg4o5PeMfdA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 105ms
73ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: n2bbStCzfkBksWsZgDt+jwriHzGIGtUVuQM9FbiR/b4XVko7gR7CXkJhyH2wuK7BDjurTT93yVdD0OMm95Z7XA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 103ms
83ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: TBcGSWHEo2n6UXyJdncZ32kCfNJ9zyuaGi2iglj5SW7MFJZ2FEX1E2Rbjn53WUCNYYRVKPP5VSP3Wjj2a0dkCA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 86ms
67ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ILwgbWUVSpsciJf/uP7XgFfDyu350x1ORUH0uzrC7kR21iFfCLeFFFdvUpN7T3GXq5MBwja5AJ0pz62ayOBR9w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 90ms
72ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: TwUTiTRkhpaOwkWcr16MLFPvIsNpmByXXtD+TbQ+XlNKOzoMVv2S+ETOE7K11EMCLSQnaIUaw4dBcEPs8/2u8w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 84ms
67ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 54MvN2aP6h5NpjkLgMCOWBQ6z8hbh08eHofpyuOaiS2jvTofKyPT8oF1Ii8DsAPDKrRYeUUvfet1X1ocbwyC/g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 86ms
71ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: zvM6GuFWe2wn6m5x2aM1UWOmBmBltdahtirHX9WN8ri/RTGdHlSNbYz9YKLvQNrdU6TMowA/9x4lQDjKJrr2kA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 80ms
71ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: IpzHyirxmEmsQXVFQZ/EqkSP3Wbq2blL+qG2J5ttR1CH9yC/Yc/ZZyz6oVRZti+tAww4GIecaR/ZByY8lAwXZw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 89ms
80ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: dRQAk9I8ssjs5HvFdRjJpzBn4fppzEUZMg/OaaiJAanbZKfvU5OhNg1SkpXExWbWyfyax0SwIv/QSCCUa8lXvA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 89ms
80ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: +pE47mppXd/XKzcnuoVKMLLO1uhB1wG4kf+G7rpx0E61aD0Lkt8O7WdRty4PB6IwYhTbSYQKtNhheqqfZeVGzA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 89ms
81ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: hPXLHvrf5amxvJvJEhGHzL8cHTfXg7XaareEq/9yfwTyabIte1A+/fxJNLZVCFPr1yTOtgXaRMuTWymHd3wbag==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
37 B 75ms
70ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: OJpUXxpJnLLBOKuuQpT5YBTvSrwgWVF4wUEYF91K6uG1W3TG5R2oV14Clz+K273bHkrrKnDzl6imT3wN6RKhlw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 81ms
77ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 8Xcbv6Se826N3ngRJkNPbb9mzsCKb/aINjFuESgCOsjL6u7Lig0Y9xyLBZge8wlqYrD2VOeB+AmobnJAnqAbQg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 96ms
93ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: haZ2tLrjgJjstqHiMIpWecrwLtk8Zl/MtToKnHGdIojXPwfEOrJu+py3z1n3pdtyIUK6Kpb99T9dnu+qPcehfQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame F4E2 0
30 B 92ms
74ms Other
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 2kvRRVhwDtS9gpEixaY/dYCJA2BGIpkM+5XqgJCTF7uBt0rSQsY4Tt6xQIi80+UzT4SPSHpkXmfdbT+G8OyGVw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

GET
H3 200 OqOE21UvWe3.png
www.facebook.com/rsrc.php/v3/y5/r/ Frame F4E2 400 B
451 B 24ms
24ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 07:33:39 GMT
x-content-type-options: nosniff
content-md5: uF0RL4E+h23ClLQmPOTTMw==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy: cross-origin
content-length: 400
x-fb-rlafr: 0
x-fb-debug: JwdpFPKpURcbP8sfwHSMFyClgP35pl+lca3FBsEcUDYSgCLq4PBM4Ml5GhLAH/nlaH2Gdahf+m5JOH72BGtQgw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 21 Nov 2022 07:33:39 GMT

GET
H3 200 RZAsbT6fr_E.js Show response
www.facebook.com/rsrc.php/v3iEpO4/yn/l/en_US/ Frame F4E2 518 KB
136 KB 21ms
20ms XHR
application/x-javascript 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3iEpO4/yn/l/en_US/RZAsbT6fr_E.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ac0daa16fac429a0b169261c82facc3c224f278108b7683ec1cfa8484a7dd05b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 22:58:26 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: C/ObLsWq0T2DQnYDmw8fig==
document-policy: force-load-at-top
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
content-length: 138777
x-fb-rlafr: 0
x-fb-debug: oK5V4Wl0Pk9xtsjHgAF/PDJuXiTL47snrQilvXl4zkzCjjKeXOLwtAqF2y06Atrj+cmRyKnZgxu7MR2UJ0Ffuw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 19 Nov 2022 22:58:26 GMT

GET
H/1.1 200
OK ba059cb90942b2ae03d3b7886895de8d.css
shopify-sales-timer.s3.amazonaws.com/prod/store/ 864 B
1 KB 54ms
53ms Stylesheet
text/css 52.216.147.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shopify-sales-timer.s3.amazonaws.com/prod/store/ba059cb90942b2ae03d3b7886895de8d.css?0.47950635020940857
Requested by: Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.147.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0c8e286fa77c898fbc3d5958ea70329a60c14925a76a45e3c059e604622c7774

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Last-Modified: Tue, 09 Jun 2020 10:12:14 GMT
Server: AmazonS3
x-amz-request-id: VSMCVTB0WGT2GPY9
ETag: "33db8f0ff57c3b46118ca9aa4133c3aa"
Content-Type: text/css
x-amz-storage-class: REDUCED_REDUNDANCY
Accept-Ranges: bytes
Content-Length: 864
x-amz-id-2: tlsdWI2Z8fbNKvCACnX2c45pZaw5fC/NOOm4esJxO6oD7s9CF2KzFcqgWXnNRNXqQTUJTTwAuv8=

GET
H/1.1 200
OK button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js Show response
platform.twitter.com/js/ 7 KB
3 KB 33ms
33ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (cha/81E0) /
Resource Hash: 186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:42 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Oct 2021 18:31:51 GMT
Server: ECS (cha/81E0)
Age: 750161
Etag: "e8090d17c9828f5a217bebb39dd3e689+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

GET
H/1.1 200
OK ba059cb90942b2ae03d3b7886895de8d.js Show response
shopify-sales-timer.s3.amazonaws.com/prod/store/ 1010 B
974 B 37ms
37ms Script
application/javascript 52.216.147.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shopify-sales-timer.s3.amazonaws.com/prod/store/ba059cb90942b2ae03d3b7886895de8d.js?0.2912490031740218
Requested by: Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.147.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: f9b028844cba5c51be4d554b91f048daf7c3943926add67b6be2d46c28207e90

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 15:50:43 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Jun 2020 10:12:14 GMT
Server: AmazonS3
x-amz-request-id: VSMCW53RD1PD7KSN
ETag: "bc9664c506ff86bbb18ae82dee36e92a"
Content-Type: application/javascript
x-amz-storage-class: REDUCED_REDUNDANCY
Accept-Ranges: bytes
Content-Length: 540
x-amz-id-2: e/vt8QW1dlI5rt1o6o7dUDDacvMJi6R8jXXbE71ZFA5/C14bsRnQGYw+Bc78d5dN9OWL397QVG8=

GET
H3 200 cavalry_endpoint.php
www.facebook.com/common/ Frame F4E2 67 B
99 B 46ms
46ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1637941842784&t_start=1637941842784&t_domcontent=1637941842789&t_layout=1637941842890&t_onload=1637941842890&t_paint=1637941842890&t_creport=1637941842890&t_tti=1637941842789&lid=7034906646061400402-0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df49a4d8cb97eb%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff133d68be3fb878%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: no-cache
x-fb-debug: TQYDkMzqWi0tZCkNX+csp3iDxGj/edJrhd3DU7umNgV8r7ZNyaNJQJy1hjoApr7olNlh3yAguZ6NBbvyhGVOUQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 26 Nov 2021 15:50:42 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html Show response
platform.twitter.com/widgets/ Frame CF6F 32 KB
12 KB 34ms
34ms Document
text/html 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (cha/81E0) /
Resource Hash: d94cce9ec0cffd5417657d26aa1741a7e3b2b0a5f4232a80d789c1a254c4e2ef

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 750161
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 26 Nov 2021 15:50:42 GMT
Etag: "89e8ce4106e3294685b0af818d97b80c+gzip"
Last-Modified: Mon, 18 Oct 2021 18:31:56 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (cha/81E0)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12235

GET
H2 200 ajax Show response
www.trustedsite.com/rpc/ 6 B
945 B 336ms
110ms Script
text/javascript 52.35.243.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustedsite.com/rpc/ajax?do=tmjs-visit&host=store.mannheimsteamroller.com&rand=1637941842920

Requested by

Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js?shop=mannheimsteamroller.myshopify.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.243.56 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-243-56.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:43 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-security-policy-report-only: report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
content-length: 26
x-content-type-options: nosniff

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
379 B 58ms
58ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22%23%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1637941843077%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22f001879%3A1634581029404%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 13
pragma: no-cache
last-modified: Fri, 26 Nov 2021 15:50:43 GMT
server: tsa_b
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: c9c94fd0f478425ee9597fe0f61ce3137fd3d6e94b6cc344e3f8ceb75309de77
x-transaction: c60959f02e11911f
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 /
log.pinterest.com/ 0
334 B 59ms
27ms Image
text/plain 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.pinterest.com/?type=pidget&guid=Q42VX872cUM4&tv=2021110201&event=init&sub=www&button_count=1&follow_count=0&pin_count=0&profile_count=0&board_count=0&section_count=0&lang=en&nvl=en-US&via=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&viaSrc=canonical
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://store.mannheimsteamroller.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:43 GMT
via: 1.1 varnish
x-cache: MISS
x-envoy-upstream-service-time: 1
x-cache-hits: 0
content-length: 0
x-served-by: cache-yul12829-YUL
pragma: no-cache
server: envoy
x-timer: S1637941844.660431,VS0,VE16
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-pinterest-rid: 3818826327371541
accept-ranges: bytes
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 produce
monorail-edge.shopifysvc.com/v1/ 0
481 B 49ms
49ms Ping
text/plain 34.138.230.116
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/v1/produce

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

116.230.138.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://store.mannheimsteamroller.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 Nov 2021 15:50:43 GMT
x-dc: gcp-us-east1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://store.mannheimsteamroller.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length: 0
x-request-id: 8e9fa3cf-1baa-424d-a522-41081c207790

GET
H3 200 cart.js Show response
store.mannheimsteamroller.com/ 283 B
1 KB 76ms
75ms XHR
text/javascript 23.227.38.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://store.mannheimsteamroller.com/cart.js?hash=0.8409009472947742

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d34da5a8203b8196c66e6e95c79127820950885b831912667ddee2b733e5923

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
X-Requested-With: xmlhttprequest
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
x-shopify-stage: production
content-type: text/javascript; charset=utf-8
strict-transport-security: max-age=7889238
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-sorting-hat-shopid: 12587491
x-shardid: 224
x-storefront-renderer-rendered: 1
server: cloudflare
x-frame-options: DENY
content-language: en
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept
x-download-options: noopen
x-shopid: 12587491
x-request-id: f9e0f9cc-a452-49b2-b192-b10b734db7e6
content-security-policy: block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
cf-ray: 6b4446393f894bbe-YUL
x-sorting-hat-podid: 224
x-cartjs-updatedat: 0

GET
H3 200 cart.js Show response
store.mannheimsteamroller.com/ 283 B
1 KB 77ms
76ms XHR
text/javascript 23.227.38.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://store.mannheimsteamroller.com/cart.js?hash=0.7715510362609757

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7a28c4751ae2a02d4ebc3429b4ce21d3af3ed52d30dca040bd7eb21642b2354

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12137637&mc_cid=5b813a6dfb&mc_eid=UNIQID
X-Requested-With: xmlhttprequest
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:50:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
x-shopify-stage: production
content-type: text/javascript; charset=utf-8
strict-transport-security: max-age=7889238
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-sorting-hat-shopid: 12587491
x-shardid: 224
x-storefront-renderer-rendered: 1
server: cloudflare
x-frame-options: DENY
content-language: en
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept
x-download-options: noopen
x-shopid: 12587491
x-request-id: f70ef9b0-57df-4b89-a05f-253f4ef38859
content-security-policy: block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
cf-ray: 6b44463f6f3d4bbe-YUL
x-sorting-hat-podid: 224
x-cartjs-updatedat: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

183 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
store.mannheimsteamroller.com/	1970-01-20 07:44:37	Name: secure_customer_sig Value:
.mannheimsteamroller.com/	1970-01-19 23:19:11	Name: _orig_referrer Value:
.mannheimsteamroller.com/	1970-01-19 23:19:11	Name: _landing_page Value: %2Fproducts%2Fchristmas-symphony%3Futm_source%3DMannheim%2BSteamroller%2BFan%2BClub%26utm_campaign%3D5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02%26utm_medium%3Demail%26utm_term%3D0_c4d4a4658a-5b813a6dfb-12137637%26mc_cid%3D5b813a6dfb%26mc_eid%3DUNIQID
.mannheimsteamroller.com/	1970-01-20 07:44:37	Name: _y Value: 6f33e79b-b15c-4d0f-83e8-3dbbf36034de
.mannheimsteamroller.com/	1970-01-19 22:59:03	Name: _s Value: 6ff65022-1438-4827-936d-664647e605dd
.mannheimsteamroller.com/	1970-01-20 07:44:37	Name: _shopify_y Value: 6f33e79b-b15c-4d0f-83e8-3dbbf36034de
.mannheimsteamroller.com/	1970-01-19 22:59:03	Name: _shopify_s Value: 6ff65022-1438-4827-936d-664647e605dd
.shappify.com/	1970-01-19 22:59:03	Name: __cf_bm Value: 9BCRCRxDRaInEGXS9CxN_hojAgK7ISOr4z7WPrAS0lg-1637941841-0-ATdU/06VnI5qKwrHdqqNHHSQZBwn2YQLXX6He9l/ERuxmvZUezuukKHCHZm7dSt7ZIWJFF1txu+iB38v6GgRuSQ=
.store.mannheimsteamroller.com/	1970-01-20 07:44:37	Name: currency Value: USD
store.mannheimsteamroller.com/	1970-01-20 08:27:49	Name: __atuvc Value: 1%7C47
store.mannheimsteamroller.com/	1970-01-19 22:59:03	Name: __atuvs Value: 61a1025152388093000
.addthis.com/	1970-01-20 08:20:37	Name: ouid Value: 61a1025200015b26b6ba8c2a2346cb688ccfe2765923945a93b0
.addthis.com/	1970-01-20 08:20:37	Name: di2 Value: aU~pt#%!k#$M`#!AgP2TOFjODhOC_OB\|OByIPv7LW6Lj6Hq01U#7Hp#7Ab#7&u#3>T#1:R#19w#*+X#&<}
.addthis.com/	1970-01-20 05:07:40	Name: bt2 Value: 61a10252001Bs0002
.addthis.com/	1970-01-20 08:20:37	Name: um Value: j.'2021112615504214900961001882'
.addthis.com/	1970-01-20 08:20:37	Name: uid Value: 61a102521064bfb1
.addthis.com/	1970-01-20 08:20:37	Name: na_id Value: 2021112615504214900961001882
.addthis.com/	1970-01-20 08:20:37	Name: vc Value: 2
.addthis.com/	1970-01-20 08:27:49	Name: uvc Value: 1%7C47
.mannheimsteamroller.com/	1970-01-19 22:59:03	Name: _shopify_sa_t Value: 2021-11-26T15%3A50%3A42.204Z
.mannheimsteamroller.com/	1970-01-19 22:59:03	Name: _shopify_sa_p Value: utm_source%3DMannheim%2520Steamroller%2520Fan%2520Club%26utm_medium%3Demail%26utm_campaign%3D5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02%26utm_term%3D0_c4d4a4658a-5b813a6dfb-12137637
.addthis.com/	1970-01-20 08:27:49	Name: loc Value: MDAwMDBOQUNBT04yMjUzMTA0MzUwNTAwMDBDSA==
.boldapps.net/	1970-01-19 22:59:03	Name: __cf_bm Value: vP3_Ua_PfGdjj6bg.E7YItfU6AtAY5cIoWxC.TAhqtM-1637941842-0-AcR8lbjgAB3AOkNnWYZKtsUP41/SaMVJHu6j3rTjzUNtIfQLsfd7oblCkVt4h6q4xVRBCT290VNPwPYnWs63X+w=
store.mannheimsteamroller.com/	1970-01-19 23:00:28	Name: trustedsite_visit Value: 1
www.trustedsite.com/	1970-01-19 23:09:06	Name: AWSALBCORS Value: PxUMm9y0Hk5JArvy2kkHsOqdodmaMOGjMKdGE6bdYLksZ2DsC8tr0PPNZj67FhVG5OTh6n1N/XTpyhoYzeY1qxOYs8JNi9e9oOQ6ErmP7W3M2SmwKZzSub2trD3G

205 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell-custom.css?160 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
amaicdn.com
api-public.addthis.com
assets.pinterest.com
bundles.boldapps.net
cdn.shopify.com
cdn.ywxi.net
chimpstatic.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
log.pinterest.com
m.addthis.com
monorail-edge.shopifysvc.com
platform.twitter.com
preordermanager.amai.com
s3-us-west-2.amazonaws.com
s7.addthis.com
secure.apps.shappify.com
shopify-sales-timer.s3.amazonaws.com
store.mannheimsteamroller.com
syndication.twitter.com
upsells.boldapps.net
v1.addthisedge.com
widgetic.com
www.facebook.com
www.trustedsite.com
z.moatads.com
s7.addthis.com
104.244.42.136
151.101.0.84
174.129.223.30
184.29.136.126
23.217.165.41
23.227.38.74
23.52.163.40
2600:1400:d:483::1931
2600:9000:210b:9a00:14:6bfc:5740:93a1
2606:2800:220:de:468:2285:c1:4a3
2606:4700:20::ac43:4910
2606:4700:3035::ac43:bb45
2606:4700::6810:6c12
2606:4700::6811:572a
2607:f8b0:4006:80c::200a
2607:f8b0:4006:80f::2003
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
2a04:4e42:e00::268
34.138.230.116
52.216.147.140
52.218.245.232
52.35.243.56
00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d
020256ed061fcedb32b553f0b41a378cf675aaa30cc4bff1b0b4ff10d966f743
03d3dc01679028aacc8d5257992fabfda6773ff0880a0259f1666b509d088909
045e3e9d809f7ce8ebdffa7435f306fab3903c8e41919bf3d08ba974f899046e
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
07ad707152bdc4a5b2563321b0c5b49fe144ba11eb2f02d08c869740ecb13136
0c8e286fa77c898fbc3d5958ea70329a60c14925a76a45e3c059e604622c7774
0d2fd5a42a1849ad0d820611e243fd81fe81ee767716b639ff7e88c1e9f78bb6
0e0a57061bb49265b9625aca8f3111ef3943dea05031a4c4be09b0ea9f07572e
0ef263550319255637345422d4d0d659c4e916d85c9ddba1457cdac1e1b7ded6
0fc2942278b27e5a9f5134df76c09d0282976a986d5c1561f43bd4db873fb194
11bbdd8d16ffe55a66d680af15154b0abf1f04fedf348cc8a1888b1b3dacb615
11d611a3bf5539e8792184cc096a5986e487474a3c3623507aef30a71ba9cb08
12f63bb29363e0dd95f7258e419eab75bb717a689683c1f1c980aba23cff61ac
186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66
19d31578c07647f1c2f442ff2018dc058bd6f53009730b72da9388412306c712
1b88de92c177074c266273089f091c29a305473c417d4f0155027495efd777c1
1e375b90aa0ff390bb8e01ce28f22238f5c86de0c54f1d97b36317679215a103
20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e
211af9761cd3bf4df824f1a9b1a5170650908c782d02f73ddfc57221d894f1d4
22cb0b052f391817811d2c75c58780d28b51723249a4d23211757a01dc64e49f
245b1992d58bb7732fae3a38762d68b4a2c44b975228082a46a339ae223fe23a
2816082c025f64540b613fde3096d814ae21ac75279461ec1d6bcb5c07099fdd
282f7f82642d0ee4a80ae0266a38882ab759a95ae8f4d65a5faee70bf827f7d1
2ef0cc1e828b27fd66ca9d77b1c5750ed658b428194d8ec696d7275ecf702b5d
30de098fc5522f2f79107897afcd6d00062cecce3101a40cb671ecc73c674422
321fffd9d643ce3d0b4170a99043586def55a56525374344feb754613a1831cc
346dcbd7c57fccd552686b1b8e02ca64215edb8efa7b8e6ce2ce4bde31403812
365823b66a1884f5e864269fab50393d1e13543911c0363d2a9e9415b81d8af6
3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded
39b67047f62bfeb05b02e88df6cf72e2a71b5f4c6e6fde7e93c3ff365f30a63a
3c40cd169ced8d7ee501d4440e5229be5746aa4efdf4134da2762b29ea6ce96e
3e61b8d9fae3bf7e8dc6a117f45ea71454b348ce7ea966289ab63dd8072fff03
3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4441d3fe3ba01c627ae4992a13ea07f70ad6b12378a40153db6fb6f8ad264066
453d0175b3e250ee15ac4af4f1d424ac87b80b1b9529189c07feb0db8ca8563e
48922662ded60ae654cf1bd95f3f85d65afa8121d93f155bc7c69cd3b9cb43c7
49003c970644945f5d917faa1ad44eb94547494d060c9d959132e8fe3db67205
49734d774c446f4aef9960b4638be22a16cc1f87d26e552dfa4d5de78e4b30dd
4a942df3840bf9906c7d776a6c9b89e80a1024dd62ca9384f74d99cbd6db32bc
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4ffbb565d1944814db3519fce9d0d320c0741acc97fea796a5612b664d78366a
5122cd7eda76e629024c860bb8645a4ea096443c1424fb69091fd5359d33291f
55d783462e6671fa985a6b0829db15474f4e57f0555c93e15cc2db6a1d1e6cab
565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4
582e5b6c7f1b60a0a278e9b8c5e57535d8a84a758fe654003b86de304e66b3f8
5b6725689f9ca035bdd1f325690447c2cab1e9a27c39b3a3a6d702ab888236ac
5b8f8e24f2eabbda7290548383723a6329e14b886392f8f8ece080f6efe6878c
5f6e8a7ba95ff5f883f5e3fefc184719f45a1ed6dfec028a734694f2246f5c00
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61f32a3c3336f0e0abedd74a5e21c4e6c30a7f6521c176c8c13fd9f387bfe167
628a5235287ca822fec1812476ca143481a42a846c22d3b6f70c98f4f281ee2a
6305b967d0267049439f5e037aa34218bce088cee2b6a715624065b351564fb1
639e1ed2ff83f3363bfe02331ce9d804ea58b0c52b974e998ec9e7c9976e77ce
640bb437573381031f580147a21b6d180f96592b310f0bbcf69eee7fbe3531b7
6522b65d1633ebd28856a3bbbb142027f7c6975e9a0de1b6a2479873b1e22d09
660aabb95e73c8818f3582b446067c6e35770cd46c49346374bf41155150c80e
6d34da5a8203b8196c66e6e95c79127820950885b831912667ddee2b733e5923
71a1f71060033a3d191d074ba674204b757e851e63c87ba2579c3c338cfe9a23
73ea81488e436dcf501f872075efdd2aa3cebf6e334cb43467d14f28377b5804
7904ee2f3a727716d388ece888b992ccfc8a03e5d78cf62a6e7e454ec30dffeb
79b2c64048bd2c64b4c23bfb4ef8a4f97e4d539d0b792dfb1fc88f4bd925a26d
79be5893415ae1764252c67a9c20b0b5679f066426c9241d0437f6ee2cf75fbc
7becfb9e0a5ccbdcd505ea0205f20d569291586611dbdafb1d8ec4a302009a73
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7eb4509b0d4771082ac20521c1f2c79bf575a7d9d1b8b94c65654f090057975a
80a8f706d27fa1291270113918a6669ce32d8d54e6253dd6168d2824e7d0064f
81a19ccba74def3ced0f2656d08c4d116133adfa649effcafd03bfd1eee6c95d
829963fc8364800c2f61ece45acfd5cb8111657235b70a841e5b63553d8cdcf6
83442f23cd2b3ec46114358b557a36fb369224f52d5ad9b5fb033f027aa46043
846851aa1249c0de2c577f36df89218d572683e4d96da0351077443a2706a75c
859adbfc48bb0b06c58fe109db4909585fbca5df398d49185fc0f486bad1ac96
863301c839a9097d15e72a059159ac280951ce48f332b9df6850c8474393a3d3
87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae
886430890562cc216ae31a8047f07542f8df8c11f9465f9b08a8dd2da529ac9a
895a9abb219fd2af30ad07d7ed904c321249fa5d6a7cf966e69586443ff2ebca
8db5bb73b9ddf20fd1b88b3587c7f631e11d3bc9784327f6b08f48b078d30d0d
8e38d68218c650828bb81e12aa21878ae81e9ce0ba84532e46c088acbaabf6f5
8f9866e833ce88be6659d2d4c65850c504d68d36020217e3b396d9301cb76b68
911efb4e1383c28ad12d7f925d686dcd29d99421f2ca466ee63a867a138f5560
97d6537ea25fd895abfbfbfaa9ba8f60afa81742eda89a88b3a09766327a1e16
9813b0fcd11d038e3e01e1a2b22d3c8adb0e60e4bcd39b1bbe59a6485939dbc1
99f2266fa780b44460d6b43e7907280e7ce5b5c131baaadf4c754e4a01940050
9a9cb2ad25ffbdfe308987c344c5161213892665e8a6c2236fdf17086edf55a3
9bece345f853bede1479269d88030c4ac724b6360a6143be3b6b2a1e9d6f57a0
9fdb4ccca2ca3cf95703b46a299b7906c662f500ff6eb1b409c5dffc1072e979
a2426f1111a7c61667d668e9012e3eab58f4e784fe70fe16293dc43b634f812a
a31a26eb998a31249f6c6fdb1dad3a537c8f68799b7ad67274052cf74db0c0e9
a3dd9be3f239f7aa17fbee85435c6a5326971e3bc6d994dea16d479c1d748080
a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1
a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524
a6d23ff530abf8a1f29d0153f8ddfb9bcd92638d0bb7894a87b100b8146d970b
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab455f20c1b9c777b6451db93db8fccc3efbadf020e6520ff680cb14e921dd1b
ac0daa16fac429a0b169261c82facc3c224f278108b7683ec1cfa8484a7dd05b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
acefae6dc2e39d998b6360be788f2f856d094d179ce90843dcd3f6da3450115f
aeeea5052852429293bb9cabb7617dcae1e5a616851d41ec713ee5c2e1b3ae55
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b49af5d8fb7348cd3bf23ae73743db7898911256ad9d2377678821186aba8ec3
b4f12f29925ade46c40ac66961ae40ea758da31851a6cd5ff346c3a37909e8c7
b727c48698c708c57542957cdd4d1c7c2f74ed9144006ac1d89ce529d1151a54
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
bbcb5a5d0f046a0c21da3d12140cb26a945291dc6ad8d63ac2989768b2853e95
bddbba35635904eca1d7f9edc74bdbcba04ec0f5a16286fdbd8f78fb0f7e0c6f
bdfdd1a4ef85bcdabfc21825832cc157ed0eece870692bc3fee69a9e5a97d46a
bfc193cbebe23fedd2cbb97458b22ad84fc6335ded6b80b09f702735cc0476e7
bff42b43d858853bf4333fb583660bad4a4132bc073a35771188da5f78fdb09b
c0c85a9d81bc8b49d7392cf859dbab86ceb479876b8caa74ac0ce91626bb2743
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c696de4c3bffff1930d31a5f99fd1bd5fe660f2bdbc4f6601f5500f786fb692a
c69e528427c8218cb4bc5fe647db3366146403d53593a3f96482479a14eca234
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c8048752e2260e948686dd9f326fdc242e897b4cc8d5324cbaa05de22c75750f
c8da3d1ab690b842e502d50b685c069664cf07c2aeef312806974703689f3f9f
ce4547c612c4efd5eecd7e16c47bdd6a33ed788aec261e771877c774b26b9d00
cf09cf4fe3ac51fe7db563cbfbf53adb16d17d75d4288002358bc883012f5461
d1e9fd89f7772e932d857e64ae9ff086810e3e8394d3720470756c2de69fea91
d5f7497a0cc616f1966d0ff5d7aced455748eb6fe8da233c01b62e5cd0131111
d60c40d0f004b5f759ccb67857c8d9bc3f0fb6f74dea446dce2917beded7d61b
d749eb62e331c970c314b8a5c15b28e6859ada77e6f12744146a1193c3fb25ce
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d8ae2cda39264b831ea5c4440e1df3be6944b2aeaf54fbfc41b6696e3624f0cf
d94cce9ec0cffd5417657d26aa1741a7e3b2b0a5f4232a80d789c1a254c4e2ef
de0653541de96b651cd9f2179fb45d52422560ecff2a52566172b4da275b7793
de60204842daf5531d76ca6a7104d8def25ab425a0b32e8d7b42f610699abf9e
df870e6ec42abc29c776c7144bfceec6e31d4ba9dfdd3b94d49ae607209dbe82
e07288f222a3d0c5f61c1ccfadea5f03ec1dafa496f060da16a4451ee4b3da45
e0a2ca62a811279a19f1a26a7dcb809caab7490808bb66c0081a19354a3a3709
e0f455d1d1498d51838797b63bfdd045e33d3c3a2350af4696c6f0bb7af4b163
e28d860a51754d183f6f97432fd94046cd31afb7ce65c8ea179b0ff63b3d84fa
e3850d25d5596e92887ed401c10cc55856d087e9cc690013d8a96f2ae69c1d74
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c
e53dca3111b1336cffd918dbd56d41ec90fe05685e3f0863036f3973f4391a0d
e644a846d1945e3c6d6d26e961f8963e4c82b60eda4f9f6fed104f59edd4431a
e7a28c4751ae2a02d4ebc3429b4ce21d3af3ed52d30dca040bd7eb21642b2354
e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f
eabcd621d6b8bc1f12ae51c08e26244be0b7a0360b4c32e2db8271595a1254a5
ec8bdf6deb889cd67eb602bce3fbd54efa7b5ebb64d871e5f8e22f4c4d13b2d7
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
f11b7bc12475ee06547f27ba064c8985adb1ab7ad8650b49de7f3d0a4f46503e
f2431d9cae765db6e982c7d0c4c9a9d15d6dc9d986ae8f28c38412ad6fd941c5
f4da2313ec5a6f93ff25851dfb2949f7f6cc5d0087ef20f5dce3037f7fb3c7a9
f6335a7d4ad18aa5a54f02cab84373856ff761ffe1311bee32faa6cd25c27312
f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f
f73150e288aa203fa8970bb6e6f1ebb3d98466dbc38352e177f6abee70a50095
f876a85a09d23bf0c36a833aa798f30e1980524bec00dbf4f8599cfb18998365
f908be4322ec368a47a2f78a6181c819cb49c89d20a8510c4ef67ef8fbca3086
f90abe8ed675ad8dea42d36c57156f378ab98301a28e5913ded0dec3029cbb94
f9b028844cba5c51be4d554b91f048daf7c3943926add67b6be2d46c28207e90
fa10d16a37e32f2224fbfb2abe309993609b834516bea92bf74ca2559252e55f
fa1983cd8b5e7dc6b6e03342469435dd02475c9c94d4e128522fe08ffcacd919
fae111500cc7ac97add95d1e3338f4b5d722991c712983632339b50c37fb3c59
fb16c823b3edaf3b3dd09e69848bbd8a72039156863697ace4c4b7a303709701
fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f

store.mannheimsteamroller.com Open in urlscan Pro 23.227.38.74 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

190 Requests

99 %HTTPS

52 %IPv6

21 Domains

28 Subdomains

24 IPs

2 Countries

1955 kBTransfer

5786 kBSize

25 Cookies

5 Outgoing links

Page URL History

Redirected requests

190 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

store.mannheimsteamroller.com Open in urlscan Pro
23.227.38.74 Public Scan

Screenshot
Live screenshot

Full Image

190
Requests

99 %
HTTPS

52 %
IPv6

21
Domains

28
Subdomains

24
IPs

2
Countries

1955 kB
Transfer

5786 kB
Size

25
Cookies

190 HTTP transactions
3 data transactions