shopping.ba.com Open in urlscan Pro
2a02:26f0:480:d::210:f153 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.shopping.ba.com/
Effective URL:
https://shopping.ba.com/
Submission: On July 05 via manual (July 5th 2024, 1:18:43 pm UTC) from CH — Scanned from CH

Summary HTTP 139 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 12 domains to perform 139 HTTP transactions. The main IP is 2a02:26f0:480:d::210:f153, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is shopping.ba.com. The Cisco Umbrella rank of the primary domain is 290131.
TLS certificate: Issued by GlobalSign Extended Validation CA - S... on February 26th 2024. Valid for: a year.

This is the only time shopping.ba.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 107	2a02:26f0:480... 2a02:26f0:480:d::210:f153	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	18.172.112.41 18.172.112.41	16509 (AMAZON-02) (AMAZON-02)
12	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.138.190.144 108.138.190.144	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
2	2600:1901:0:7... 2600:1901:0:7047::	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	18.239.69.128 18.239.69.128	16509 (AMAZON-02) (AMAZON-02)
1	18.239.94.113 18.239.94.113	16509 (AMAZON-02) (AMAZON-02)
1	13.227.219.71 13.227.219.71	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:238... 2600:9000:238d:c400:12:94b3:c380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	18.239.36.114 18.239.36.114	16509 (AMAZON-02) (AMAZON-02)
1	63.32.33.232 63.32.33.232	16509 (AMAZON-02) (AMAZON-02)
5	34.149.169.145 34.149.169.145	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
139	15

107 2a02:26f0:480:d::210:f153 (Frankfurt am Main, Germany) 4 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.shopping.ba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
shopping.ba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.112.41 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-172-112-41.fra60.r.cloudfront.net

accounts.britishairways.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.190.144 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-190-144.mxp64.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:7047:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

rum.browser-intake-datadoghq.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.239.69.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-69-128.ams58.r.cloudfront.net

channel.iagloyalty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.94.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-94-113.ams1.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.219.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-71.ams54.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:238d:c400:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.ctfassets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube-nocookie.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.36.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-36-114.ams58.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.33.232 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-33-232.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.149.169.145 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 145.169.149.34.bc.googleusercontent.com

rum.browser-intake-datadoghq.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
107	ba.com 4 redirects www.shopping.ba.com — Cisco Umbrella Rank: 848827 shopping.ba.com — Cisco Umbrella Rank: 290131	4 MB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 378	155 KB
7	browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu — Cisco Umbrella Rank: 11739	833 B
4	ctfassets.net images.ctfassets.net — Cisco Umbrella Rank: 3995	47 KB
3	iagloyalty.com channel.iagloyalty.com — Cisco Umbrella Rank: 591292	7 KB
2	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 3549 content.hotjar.io — Cisco Umbrella Rank: 6487	404 B
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 894 script.hotjar.com — Cisco Umbrella Rank: 1260	61 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2355	308 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	184 KB
1	youtube-nocookie.com www.youtube-nocookie.com — Cisco Umbrella Rank: 3880
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1543	48 KB
1	britishairways.com 1 redirects accounts.britishairways.com — Cisco Umbrella Rank: 157576	1 KB
139	12

	Domain	Requested by
106	shopping.ba.com	3 redirects shopping.ba.com www.datadoghq-browser-agent.com
12	cdn.cookielaw.org	shopping.ba.com www.datadoghq-browser-agent.com cdn.cookielaw.org
7	rum.browser-intake-datadoghq.eu	www.datadoghq-browser-agent.com
4	images.ctfassets.net
3	channel.iagloyalty.com	www.datadoghq-browser-agent.com
2	region1.google-analytics.com	www.datadoghq-browser-agent.com
2	www.googletagmanager.com	shopping.ba.com www.googletagmanager.com
1	content.hotjar.io	www.datadoghq-browser-agent.com
1	vc.hotjar.io	www.datadoghq-browser-agent.com
1	www.youtube-nocookie.com	shopping.ba.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	shopping.ba.com
1	www.datadoghq-browser-agent.com	shopping.ba.com
1	accounts.britishairways.com	1 redirects
1	www.shopping.ba.com	1 redirects
139	15

This site contains links to these domains. Also see Links.

Domain
www.shopping.ba.com
exchange.shopping.ba.com
pgt.shopping.ba.com
thewineflyer.co.uk
www.americanexpress.com
www.roamavios.co.uk
rewards.ba.com
www.uber.com
itunes.apple.com
play.google.com
britishairways.com
www.onetrust.com

Subject Issuer	Validity	Valid
shopping.ba.com GlobalSign Extended Validation CA - SHA256 - G3	`2024-02-26` - `2025-03-23`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.datadoghq-browser-agent.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-12` - `2024-12-14`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.browser-intake-datadoghq.eu DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-14` - `2025-05-17`	a year	crt.sh
channel.iagloyalty.com Amazon RSA 2048 M02	`2024-02-06` - `2025-03-06`	a year	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
images.ctfassets.net Amazon RSA 2048 M02	`2023-12-19` - `2025-01-16`	a year	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-02-07` - `2025-03-08`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://shopping.ba.com/
Frame ID: 9E76EE667FC5252C51280B89A3499174
Requests: 144 HTTP requests in this frame

Frame: https://www.youtube-nocookie.com/embed/MhE0vRtwiY8?rel=0&
Frame ID: 2EEFE1F4D45DE0F254A66E64B120A726
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Shop through British Airways

Page URL History Show full URLs

https://www.shopping.ba.com/ HTTP 301
https://shopping.ba.com/ HTTP 302
https://shopping.ba.com/api/auth/silent-login?returnTo=/ HTTP 302
https://accounts.britishairways.com/authorize?client_id=biSs64j9pcEGVRJnx3WyuWLkZHLj3LVx&scope=openid%20profile%... HTTP 302
https://shopping.ba.com/api/auth/callback?error=login_required&error_description=Login%20required&st... HTTP 307
https://shopping.ba.com/ Page URL

Detected technologies

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

139
Requests

100 %
HTTPS

47 %
IPv6

12
Domains

15
Subdomains

15
IPs

3
Countries

4603 kB
Transfer

10862 kB
Size

16
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.shopping.ba.com/

Search URL Search Domain Scan URL

URL: https://exchange.shopping.ba.com/partners
Title: Convert Avios

Search URL Search Domain Scan URL

URL: https://pgt.shopping.ba.com/
Title: Buy Avios

Search URL Search Domain Scan URL

URL: https://pgt.shopping.ba.com/avios-gift-transfer
Title: Gift & Transfer Avios

Search URL Search Domain Scan URL

URL: https://thewineflyer.co.uk/?utm_source=BAEC&utm_medium=Shopping_Navigation_Bar&utm_content=Visit_Site
Title: Avios & Wine

Search URL Search Domain Scan URL

URL: https://www.americanexpress.com/uk/credit-cards/compare/british-airways-avios-credit-cards/?ieep=01MC8364
Title: Apply now

Search URL Search Domain Scan URL

URL: https://www.roamavios.co.uk/?utm_source=Avios&utm_medium=Estore&utm_campaign=Roam
Title: Find out more

Search URL Search Domain Scan URL

URL: https://www.shopping.ba.com/en-GB/collect/the-ivy-collection?utm_source=avios&utm_medium=instore&utm_campaign=ivy
Title: Find out more

Search URL Search Domain Scan URL

URL: https://www.shopping.ba.com/retailers
Title: Browse online retailers

Search URL Search Domain Scan URL

URL: https://www.shopping.ba.com/my-account
Title: Register your cards

Search URL Search Domain Scan URL

URL: https://www.shopping.ba.com/collect-on-card
Title: Browse in-store retailers

Search URL Search Domain Scan URL

URL: https://exchange.shopping.ba.com/partners?_gl=1*28jvel*_ga*MTQ5MTAwODIxLjE2OTc4MDU4OTM.*_ga_FWMPLLY660*MTY5ODY2OTc3NS4zMC4xLjE2OTg2NzAxNDMuMC4wLjA.
Title: Link your accounts

Search URL Search Domain Scan URL

URL: https://rewards.ba.com/?utm_source=estore&utm_medium=referral&utm_campaign=ba_estore_partner_page
Title: Search hotels now

Search URL Search Domain Scan URL

URL: https://www.shopping.ba.com/collect/britishairways-americanexpress
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.uber.com/gb/en/u/avios/
Title: Link your accounts

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/gb/app/british-airways-executive-club/id1388235740?mt=8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.usablenet.ba.avios&hl=en_GB

Search URL Search Domain Scan URL

URL: https://britishairways.com/
Title: Go to BA.com

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.shopping.ba.com/ HTTP 301
https://shopping.ba.com/ HTTP 302
https://shopping.ba.com/api/auth/silent-login?returnTo=/ HTTP 302
https://accounts.britishairways.com/authorize?client_id=biSs64j9pcEGVRJnx3WyuWLkZHLj3LVx&scope=openid%20profile%20email%20offline_access%20read%3Amember%3Aqrcode%20read%3Amember_transactions&response_type=code&redirect_uri=https%3A%2F%2Fshopping.ba.com%2Fapi%2Fauth%2Fcallback&audience=https%3A%2F%2Fapi.avios.com%2Fv1%2Fact%2F&prompt=none&nonce=emrxf_gEXVTlZkFuzveLlvoI0g-BPAFv-VzCo7H0oek&state=eyJyZXR1cm5UbyI6Imh0dHBzOi8vc2hvcHBpbmcuYmEuY29tLyJ9&code_challenge_method=S256&code_challenge=QqZN9Wk33pqfHmLsIAuWijWsmFjjZkpUDbQv9FHov9s HTTP 302
https://shopping.ba.com/api/auth/callback?error=login_required&error_description=Login%20required&state=eyJyZXR1cm5UbyI6Imh0dHBzOi8vc2hvcHBpbmcuYmEuY29tLyJ9 HTTP 307
https://shopping.ba.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

139 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
shopping.ba.com/
Redirect Chain

https://www.shopping.ba.com/
https://shopping.ba.com/
https://shopping.ba.com/api/auth/silent-login?returnTo=/
https://accounts.britishairways.com/authorize?client_id=biSs64j9pcEGVRJnx3WyuWLkZHLj3LVx&scope=openid%20profile%20email%20offline_access%20read%3Amember%3Aqrcode%20read%3Amember_transactions&respon...
https://shopping.ba.com/api/auth/callback?error=login_required&error_description=Login%20required&state=eyJyZXR1cm5UbyI6Imh0dHBzOi8vc2hvcHBpbmcuYmEuY29tLyJ9
https://shopping.ba.com/

71 KB
20 KB

545ms
545ms

Document
text/html

2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

64747106044e74dffa4c71ba734390a21ca1f6ece6cfd874a5bf9eb0b8cba324

Security Headers

Name	Value
Content-Security-Policy	default-src 'nonce-fc4d48240710bf93ca48ce35576be9bd' 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src https://shopping.ba.com/akam/13/ *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'nonce-fc4d48240710bf93ca48ce35576be9bd' 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 18157
content-security-policy: default-src 'nonce-fc4d48240710bf93ca48ce35576be9bd' 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src https://shopping.ba.com/akam/13/ *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'nonce-fc4d48240710bf93ca48ce35576be9bd' 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Fri, 05 Jul 2024 13:18:35 GMT
etag: "150hkmjr0ln1ji0"
expires: Fri, 05 Jul 2024 13:18:35 GMT
origin-agent-cluster: ?1
pragma: no-cache
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin,Accept-Encoding
x-akamai-transformed: 9 17912 0 pmb=mTOE,2
x-amz-cf-id: Q-3sYxzVk0odfUV2vv4wXduuSvEpAfqYifqCvpTTGQ95J5p5v5fUyw==
x-amz-cf-pop: LHR50-P4
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-envoy-upstream-service-time: 443
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

Redirect headers

cache-control: max-age=0, no-cache, no-store
content-length: 1
content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
date: Fri, 05 Jul 2024 13:18:34 GMT
expires: Fri, 05 Jul 2024 13:18:34 GMT
location: /
origin-agent-cluster: ?1
pragma: no-cache
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-amz-cf-id: B5B4PYmeqsjEM7zAnZxqVlPEGgGJ41f6VY0h0_jcP4gKGIcennn2MQ==
x-amz-cf-pop: LHR50-P4
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-envoy-upstream-service-time: 11
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/ade1477a-0ef4-45f7-9204-cdcbf62b0946/ 6 KB
2 KB 127ms
62ms Script
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/ade1477a-0ef4-45f7-9204-cdcbf62b0946/OtAutoBlock.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

636100419f26cf6cbb753bb1a5ff72c5bd1054caddbf1657e35e22e40e3d8029

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 65858
content-md5: jUf2x/k7Ng705nfxiq8N0Q==
content-length: 2177
x-ms-lease-status: unlocked
last-modified: Wed, 28 Feb 2024 17:54:56 GMT
server: cloudflare
etag: 0x8DC38865FA099EF
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d4b0ec32-f01e-0082-636f-6a783d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89e7a44e4952970e-AMS
expires: Sat, 06 Jul 2024 13:18:35 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 110ms
46ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

022e2f39deba7f332eabe69b27b31d98d4d5f2535116745957a691d1b1ec4cc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ceCldLDyZN6bSQL6yyKLMg==
age: 78228
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:22 GMT
server: cloudflare
etag: 0x8DC9B7A38C8323B
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 0e1d26ea-301e-0069-5679-cdcc26000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89e7a44e4955970e-AMS

GET
H2 200 datadog-rum-v4.js Show response
www.datadoghq-browser-agent.com/ 150 KB
48 KB 79ms
22ms Script
application/javascript 108.138.190.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
Requested by: Host: shopping.ba.com
URL: https://shopping.ba.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.190.144 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-190-144.mxp64.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jul 2024 13:18:09 GMT
content-encoding: br
via: 1.1 861c9a33ccdd7a6a61b188ea139dd8fa.cloudfront.net (CloudFront)
last-modified: Mon, 09 Oct 2023 11:26:13 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
age: 27
x-amz-server-side-encryption: AES256
etag: W/"2630b3d7ad4a41fac67742216e506d83"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
x-amz-cf-id: CbnlWdWdXLV3008bydbA_Nx13dk5z6pToHXFbBsy0iBcBa5UydYL7Q==

GET
H2 200 baec.theme.css
shopping.ba.com/shopping/themes/baec/ 35 KB
6 KB 104ms
103ms Stylesheet
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/themes/baec/baec.theme.css

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d612ca56c2d0926b1c1ebd7e3a6feefd83c106d3b3e1a89bea520050e06f2baa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 8
content-length: 4762
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:03:22 GMT
cross-origin-opener-policy: same-origin
etag: W/"8b0a-19073c1d810"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: a-PZNOIEn8KbN1Sw3WiLW7S2Ho0RlKdt7DnvLBHfLt3U7vHLsSDRDA==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 20f6f50b743ba5e1.css
shopping.ba.com/shopping/_next/static/css/ 79 KB
15 KB 84ms
83ms Stylesheet
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/20f6f50b743ba5e1.css

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

764ebb6c8fa06632267e0320eb99620fd65023176589cb7c28256e05371fe850

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
content-length: 13046
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"13acd-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: yd9fdKZjDAm4CEn4P_sQuE5G8Yh9tQHWHDS-MIjc1NJkeoDHdP3EXQ==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 5cdbba71022a5bdd.css
shopping.ba.com/shopping/_next/static/css/ 31 KB
7 KB 79ms
79ms Stylesheet
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/5cdbba71022a5bdd.css

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

051c82aa3681985c1316e0b37bb6cb784dedfdfe55b497626bd93937eb032316

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
content-length: 5057
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"7c5f-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: DJ8iK3MZzVhbjy6M6VEb9jzzqJqHM-NHsr8wB9KFoP93gbqWc9lkKA==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 5ee328ac3c0c3a55.css
shopping.ba.com/shopping/_next/static/css/ 19 KB
5 KB 106ms
105ms Stylesheet
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/5ee328ac3c0c3a55.css

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f8e026a3648d3b5fa6449fa9b108701668d3d658a537f3837c5180b84fff2d79

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 33
content-length: 3056
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"4a96-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: gqNs2wsbC-sMS44gMzYiS0JQ9gWFco1lFGxhxLP5RB-C_Qw2f9e5-w==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 webpack-4770840a29d67275.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 2 KB
3 KB 81ms
81ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/webpack-4770840a29d67275.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

35aff929a0a656bb6223cd664f112cd0c695c47629edebedb5e9e798e00c31a5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 14
content-length: 1023
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"847-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: FISUKpnBYCHWeoEAmLfUQfacG9mjaDPVwSMTPzdUYoH6dKFwJN6qAg==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 framework-ff7f418116f76b2d.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 138 KB
46 KB 137ms
137ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/framework-ff7f418116f76b2d.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

22e40d6ed5176b9983cc290c782e8b8075ffe2c4793bd16d1054957966442955

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 45
content-length: 45319
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"226cb-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: gnerwnWjCHCKr5vuM4vsSdx7ECaqdzvGmqefneC0MASmNuzZDpRH9w==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 main-d7ac5cd9b4f926b6.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 110 KB
34 KB 170ms
170ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

776acbdc6b61d516d9182ab5c54f5eeb61de07703701613d0b9c20113d5df5da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 31
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"1b813-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: CRu7TOVUwPbrYuOJ9dZ1vyMSf4T-2yMg5DbxarxskWuRjQIfI4l_DA==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 _app-622c551d2e706bd8.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 6 MB
2 MB 108ms
106ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/_app-622c551d2e706bd8.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

af26391e69ce7ed901ec3b05eaaeca7be9a40140aff9c861c9d37f735dd84201

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 20
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"58b4fd-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 0E929x7HaSwGJ4zb3Pc0WvH4O2zFAeVqHlQaZsWtd7yz6cru7qe-gA==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 180-b2cc3094744f0443.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 17 KB
7 KB 174ms
171ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/180-b2cc3094744f0443.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2d25aca6592a2f118e63b368a7ddf74b1cf8cefc742561979950a9949e6164c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 67
content-length: 5432
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"4223-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 4oB3WboYGoE4ZG0rWV6O7BQDBy-R5IqIBIfQ6vlan7pqwf6CcwJ5ZQ==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 675-73507b408b3d3541.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 289 KB
80 KB 122ms
119ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/675-73507b408b3d3541.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5c97025d1fbfb3227752d6af76d71ecea2eeaac3940f9728ac63c6de5dbdfe49

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 20
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"4831d-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: -3jl03hlCt7Hm_X9wdUtn6puKPaaWdtGYVItjyTO0s36YhozT2qT1w==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 197-4c51b637364ad999.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 114 KB
33 KB 133ms
131ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/197-4c51b637364ad999.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f717a7701dc3f61b403ac8657014b0a63d5e9011702ad3069d5fd8cd46f4199f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 12
content-length: 31590
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"1c7c2-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: XQnthKDTvg1o2MJVFJWu3jp4BLzcldQU0PPp0cg8fmXRiyuwIdS84w==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 459-9cb64d69e17085e8.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 30 KB
11 KB 83ms
83ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/459-9cb64d69e17085e8.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b1705f56b85897cd30486041b23985977ccb85447c0bfb28b268589d96f1dc42

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 12
content-length: 9434
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"7610-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: DZtv4k7TQvERieFDBPby6ToB3XFdNKUXibx2Xd9s4m4spQqwVAy9DA==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 796-f4acef2a02b434a7.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 9 KB
5 KB 139ms
139ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/796-f4acef2a02b434a7.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b254b91f72ff9628fff4f3a942ddca6bd7fb0a3fc0bf36b30473995e94b015f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 53
content-length: 2836
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"2407-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: aXp1IZa-nVaXK6tH_grO1RiTiKE9LZjvrqDV-bjPb73Ckzosmg0hew==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 640-0ab87c568874d000.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 16 KB
7 KB 138ms
138ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/640-0ab87c568874d000.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b000bcdc92d9db11f44e951591b4eefeff19452d9e3824c78bb44dffc70c0803

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 51
content-length: 5305
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"3f49-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: M0686-M68WaH2o_lFAnlm5EeGxQUAS-rqViKA1SkEZ7oFRpW5qnNmg==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 38-5e14d4ef30dbd534.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 26 KB
9 KB 97ms
96ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/38-5e14d4ef30dbd534.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

352a01213045e62776ce296d5f4b6728ae0b4a5172043a774b379f1c3b560baf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 16
content-length: 7080
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"67a9-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 64NJU87ONLFOBCKhL665u_HG1jCXnU9_ZSlYdVYnECcr6-b6Gw2-Lw==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 index-fcd94431fc4b33f6.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 34 KB
11 KB 132ms
132ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/index-fcd94431fc4b33f6.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8dbb69371fb0a43c8c5abf8ee3b8f669d5abf44fd27916302acc5d5d5fbc4f89

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 12
content-length: 9509
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"89f5-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: nNp9W7TkgQeBndOHD7jN3gQGdTxmckQxd4Yu9BQ0gZnQo7s1tdsLQw==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 _buildManifest.js Show response
shopping.ba.com/shopping/_next/static/04Of9H0CZJM9-gaMh6iWF/ 3 KB
3 KB 164ms
164ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/04Of9H0CZJM9-gaMh6iWF/_buildManifest.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d2f44cdb5134098de00b53a2415acb05a72fc7701684384e464f4abe3811a6d2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 40
content-length: 1063
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"b9b-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: iVoRzWti3QoDCXEzv1KEp53bBK7ddj7fWLAJt3dFieYcivAFRRelZA==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 _ssgManifest.js Show response
shopping.ba.com/shopping/_next/static/04Of9H0CZJM9-gaMh6iWF/ 77 B
2 KB 98ms
98ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/04Of9H0CZJM9-gaMh6iWF/_ssgManifest.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:35 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 9
content-length: 77
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"4d-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: BQJvB1PlUrYabd0gFIqawl2AUGxj2Xacl_tJZO8aWUpAeQRlXLEkWQ==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 a16b4e3 Show response
shopping.ba.com/akam/13/ 26 KB
9 KB 333ms
332ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://shopping.ba.com/akam/13/a16b4e3
Requested by: Host: shopping.ba.com
URL: https://shopping.ba.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: cc05f84d25aac11feb381002f1ea8a00a6c4c7ddf6acc2d91ce2a2c6268df887

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Jul 2024 13:18:36 GMT
content-encoding: gzip
last-modified: Thu, 22 Feb 2024 19:35:59 GMT
etag: "eba068f440a2a087789e3a7c5aab737834660d15b2595428fcf15b4d53efc4ef"
stored-attribute-sha-checksum: cc05f84d25aac11feb381002f1ea8a00a6c4c7ddf6acc2d91ce2a2c6268df887
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=21600
content-length: 8795
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 253 KB
81 KB 104ms
47ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MPGT4DX

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

675fcc02a100da4b767e40f85507be80b153e16cfd03f1b1e041b249cdb063ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82227
x-xss-protection: 0
last-modified: Fri, 05 Jul 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 estore.css
shopping.ba.com/shopping/fonts/estore/ 179 B
2 KB 84ms
84ms Stylesheet
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/fonts/estore/estore.css

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/themes/baec/baec.theme.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0af45f4cdefe7c0a20dfadd1a93af5c9a0c05bbf62c3276f91a29d8b4015aae3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:35 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 8
content-length: 179
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:03:22 GMT
cross-origin-opener-policy: same-origin
etag: W/"b3-19073c1d810"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 0FqqEre-qlQ-qDTiXM8AgjcTtjhHf8K8J8_9hbf_jkszm_k29ojorw==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 mylius-modern.css
shopping.ba.com/shopping/fonts/mylius-modern/ 1 KB
2 KB 126ms
126ms Stylesheet
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/fonts/mylius-modern/mylius-modern.css

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/themes/baec/baec.theme.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b0777bcefa881f893a593f018308467e8e7ab19167c0f622dcc1b74116a037ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 19
content-length: 228
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:03:22 GMT
cross-origin-opener-policy: same-origin
etag: W/"434-19073c1d810"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: M2fyyx0t3MB-HKm5r-6Ub90rOL0C-jy_QYqI9jauJZ6wig-IP_kOWw==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 open-sans.css
shopping.ba.com/shopping/fonts/open-sans/ 769 B
3 KB 117ms
116ms Stylesheet
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/fonts/open-sans/open-sans.css

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/themes/baec/baec.theme.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

988fda87602253060006219d2a2b02c3222483cb9c76980f3210614aa27d195a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:35 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
content-length: 769
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:03:22 GMT
cross-origin-opener-policy: same-origin
etag: W/"301-19073c1d810"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: HMd7BkpKuh_tlPd138qa2kaYyoXrta3EGocYQUBiqtLMw7J1FNlvug==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 ade1477a-0ef4-45f7-9204-cdcbf62b0946.json Show response
cdn.cookielaw.org/consent/ade1477a-0ef4-45f7-9204-cdcbf62b0946/ 4 KB
2 KB 115ms
53ms XHR
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/ade1477a-0ef4-45f7-9204-cdcbf62b0946/ade1477a-0ef4-45f7-9204-cdcbf62b0946.json

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71e25adb9a844628a45a429b626e44c4be3b49be2f0d8a0d4531082894eb7bb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 74009
content-md5: aLLCaBI/Ub3EUsDNMbioQg==
content-length: 1543
x-ms-lease-status: unlocked
last-modified: Wed, 28 Feb 2024 17:54:55 GMT
server: cloudflare
etag: 0x8DC38865F83C798
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 671530bc-001e-0096-2d72-793052000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89e7a44f2d156680-AMS
expires: Sat, 06 Jul 2024 13:18:35 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/ 430 KB
105 KB 42ms
41ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e789e43937c7abc5959eba06825459f4e08e050ff9ea43ab8ec5a041a3e7558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5m3SVn9yaQSlRqLvlzjrBg==
age: 64535
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 106956
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:34 GMT
server: cloudflare
etag: 0x8DC8B51807E16D9
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 15141953-c01e-005e-3b3d-bd6089000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89e7a44f9a94970e-AMS

GET
H2 200 OpenSans-Regular.ttf
shopping.ba.com/shopping/fonts/open-sans/ 128 KB
79 KB 90ms
89ms Font
font/ttf 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/fonts/open-sans/OpenSans-Regular.ttf

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/fonts/open-sans/open-sans.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6530480277da62efde047eb26e78a7e532d1cfaeec91603e68d63876b9669f0d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:03:22 GMT
cross-origin-opener-policy: same-origin
etag: W/"1ff10-19073c1d810"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: font/ttf
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: CMBqnKPz0N2QAuin9a8sgibpVDgBfqKjKGMBi1k2xxvMT7X6RbD8Fg==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/ade1477a-0ef4-45f7-9204-cdcbf62b0946/018dea3b-1237-70f4-b624-02130d7fd127/ 41 KB
11 KB 65ms
65ms Fetch
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/ade1477a-0ef4-45f7-9204-cdcbf62b0946/018dea3b-1237-70f4-b624-02130d7fd127/en.json

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9ce019e89e40578ac493a6357dec78d900da37dcf3d23108325f757f804b601

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 74009
content-md5: bRu2hT2OfS7Dh0XAqJPUGg==
content-length: 10755
x-ms-lease-status: unlocked
last-modified: Wed, 28 Feb 2024 17:54:58 GMT
server: cloudflare
etag: 0x8DC388661274B88
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b3facfca-e01e-0045-6c72-79ec60000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89e7a4501e006680-AMS
expires: Sat, 06 Jul 2024 13:18:35 GMT

GET
H2 200 otFloatingRounded.json Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 10 KB
3 KB 45ms
45ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otFloatingRounded.json

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef072b9ae1b3c29f94781c86bcdfdb71c1e06bbc7a2f05bc65dcfa2eefdde02c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: sEKo6xnVSu75mlcvCcW0sA==
age: 20767
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2644
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:25 GMT
server: cloudflare
etag: 0x8DC8B517B768D7B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 4b238618-001e-00c0-22cf-bd19ce000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89e7a4508e706680-AMS

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/v2/ 62 KB
13 KB 43ms
42ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/v2/otPcCenter.json

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f40f57620246d052ea666f8f9d25dc6fcd93a7bbd6314077a2eb7213e98a4b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 01SMtGeyB0SRvW+F1DYVMg==
age: 55872
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12808
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:28 GMT
server: cloudflare
etag: 0x8DC8B517D165CD5
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: fd04ddfd-101e-0057-679b-bd7a07000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89e7a4508e716680-AMS

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 5 KB
2 KB 44ms
43ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otCookieSettingsButton.json

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7429ba59299387d5b2445949464b6b58111c47c8363459c1dfe16a541ff0c397

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: P+JM5OTYESbConLeIFfe7w==
age: 74008
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1766
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:28 GMT
server: cloudflare
etag: 0x8DC8B517CC342D5
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 6dd75e93-701e-006e-27a1-bd3aa3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89e7a4508e726680-AMS

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 21 KB
4 KB 42ms
41ms Fetch
text/css 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otCommonStyles.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 55872
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:38 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: e94b4e86-e01e-008e-03a0-bddc2b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89e7a4508e736680-AMS

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.eu/api/v2/ 53 B
340 B 155ms
83ms Fetch
application/json 2600:1901:0:7047::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.eu/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ashopping%2Cversion%3Av1.27.0.5813&dd-api-key=pub70a15a57839c8b61fce987fd4662a196&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=60d195bb-f3eb-4a35-872f-363c2fb74051&batch_time=1720185515602

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7047:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

45309b48c75f48a98ee19175f8b5a3e800c874d20c20192cbb2dafc276036d77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 05 Jul 2024 13:18:35 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53
dd-request-id: 60d195bb-f3eb-4a35-872f-363c2fb74051

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 311 KB
103 KB 47ms
46ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FWMPLLY660&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MPGT4DX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3f84d5c77517c8730a07c0feacd4e898a442bface97c85f1c3c535f4b65173d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jul 2024 13:18:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 105450
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 OpenSans-SemiBold.ttf
shopping.ba.com/shopping/fonts/open-sans/ 128 KB
79 KB 201ms
201ms Font
font/ttf 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/fonts/open-sans/OpenSans-SemiBold.ttf

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/fonts/open-sans/open-sans.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e603135cc3b1200c7260b34f37f9cb1f2178a42b363037e26a1e18276ab78bf0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:35 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 11
content-length: 78860
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:03:22 GMT
cross-origin-opener-policy: same-origin
etag: W/"1fec8-19073c1d810"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: font/ttf
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: cJfBGIVRccEkmE20SOvWj1726vgs6vyLt8usFXQQStjZrxdB8fZ7_g==
expires: Fri, 05 Jul 2024 13:18:35 GMT

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
489 B 43ms
43ms Fetch
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 55872
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 95fab747-301e-00ea-4a21-ce6c8b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89e7a450eec46680-AMS

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 42ms
42ms Image
image/png 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 77874
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:24 GMT
server: cloudflare
etag: 0x8DC9B7A3A3C19A0
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 38c16a5e-f01e-005d-29b2-cd638e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89e7a450fcab970e-AMS

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 42ms
41ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jul 2024 13:18:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 64766
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:24 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 3e5e20fe-101e-00df-537c-cdc2de000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89e7a450fcac970e-AMS

POST
H2 204 collect Show response
region1.google-analytics.com/g/ 0
254 B 94ms
34ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FWMPLLY660&gtm=45je4730v894685627z8891140445za200zb891140445&_p=1720185515308&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1862316499.1720185516&ul=de-ch&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1720185515&sct=1&seg=0&dl=https%3A%2F%2Fshopping.ba.com%2F&dt=Shop%20through%20British%20Airways&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2171&_z=fetch
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Jul 2024 13:18:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://shopping.ba.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.eu/api/v2/ 53 B
138 B 83ms
83ms Fetch
application/json 2600:1901:0:7047::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.eu/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ashopping%2Cversion%3Av1.27.0.5813&dd-api-key=pub70a15a57839c8b61fce987fd4662a196&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=3927a40b-560d-4db8-a46a-61477f660343&batch_time=1720185515875

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7047:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

f0f91c441f9d25df791ba546949d8fb34ce681e937d3d902affe51b3cbf27585

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 05 Jul 2024 13:18:35 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53
dd-request-id: 3927a40b-560d-4db8-a46a-61477f660343

GET
DATA 200
OK truncated
/ 16 KB
16 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a04f86a098e1f43e3141a7cd030984aaa18d4f3b34f7e0a5a6e159f6ef9f52d4

Request headers

Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 157 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 release-1 Show response
channel.iagloyalty.com/api/featureflags/ 4 B
851 B 160ms
30ms Fetch
application/json 18.239.69.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://channel.iagloyalty.com/api/featureflags/release-1?product=SHOPPING&opco=BAEC

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.239.69.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-239-69-128.ams58.r.cloudfront.net

Software

Resource Hash

b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:09:56 GMT
via: 1.1 5869d8337913ed7453262c3cf9c9a9e6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: AMS58-P4
age: 591
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
cross-origin-resource-policy: same-origin
content-length: 4
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: W/"4-X/5TO4MPCKAyY0ipFgr6/IraRNs"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shopping.ba.com
origin-agent-cluster: ?1
access-control-allow-credentials: true
x-amz-cf-id: p9Ea6kgbmXX7AF7sc7cpqXJ1R64yB9Giyeld0vp9inDczRAuqIoKoQ==

GET
H2 200 hotjar-1111164.js Show response
static.hotjar.com/c/ 20 KB
6 KB 140ms
66ms Script
application/javascript 18.239.94.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1111164.js?sv=6

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.239.94.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-239-94-113.ams1.r.cloudfront.net

Software

Resource Hash

4c48569227386fd0214bc4c9e370b98714db0e3a30a6ea47673b60f3bdad4a74

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:36 GMT
via: 1.1 73bf4f8a14baf53971357e0a4893be3e.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P3
etag: W/c81239980fabe046f77f405cfd183585
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: 5tLsdLPgTiQOrkVLrAt_IASAjDh5eE0EGxKA23x30bJRYvt3NgCbeA==

GET
H2 204 me Show response
shopping.ba.com/api/auth/ 0
2 KB 253ms
253ms Fetch 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/api/auth/me

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 2875401067849081507
x-datadog-trace-id: 2783124084568249395
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:36 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 126
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: QucXRL643O1dL5uEnYswwJJBRdQYmxsmbOMYOS4_DKYOYcIoeIJn-g==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 footer Show response
channel.iagloyalty.com/api/contentful/ 1 KB
2 KB 145ms
30ms Fetch
application/json 18.239.69.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://channel.iagloyalty.com/api/contentful/footer?opco=BAEC&mode=collect&locale=en-GB

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.239.69.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-239-69-128.ams58.r.cloudfront.net

Software

Resource Hash

fb567dc24b3d3f8b38fac537c2f87e7630bc662cc0a01d448ade6e21464f1248

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:12:40 GMT
via: 1.1 5869d8337913ed7453262c3cf9c9a9e6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: AMS58-P4
age: 428
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
cross-origin-resource-policy: same-origin
content-length: 1277
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: W/"4fd-5kNnPD7OLiVR5bl0blX16LyewOo"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shopping.ba.com
origin-agent-cluster: ?1
access-control-allow-credentials: true
x-amz-cf-id: 01PaD-by9HVtnn8cuuFFiNa2r4elFbQ1DZGaAk7MGYbvGgLD-5QcYQ==

GET
DATA 200
OK truncated
/ 47 KB
47 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1850e11c44f3c937db26bb2418c928e3d10aa96ce17ae48f280fff94b2f2fa2c

Request headers

Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
H2 200 favicon.ico
shopping.ba.com/shopping/themes/baec/favicons/ 15 KB
4 KB 153ms
153ms Other
image/x-icon 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/themes/baec/favicons/favicon.ico?v=yyQJ28R2D2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e8a340f8dc90f0e6b592af930d8d70f359c132c85c43f1924de82ca1dda91453

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:36 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 9
content-length: 1311
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:03:22 GMT
cross-origin-opener-policy: same-origin
etag: W/"3aee-19073c1d810"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: image/x-icon
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 6QHucEWI0wEkBV8GQMFbZNqweMAr_lFZvgkLhO-xVn4jHK3oPdqo0g==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 image
shopping.ba.com/_next/ 538 B
2 KB 308ms
308ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=%2Fimages%2Fflags%2Fgb.png&w=32&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9e2acb4802425ae02a385f998549ffb4e2d59bebf0f590b12717966e39e59d28

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:36 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 237
content-disposition: inline; filename="gb.webp"
content-length: 538
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: nirLSAJCWuAqOF+ZhUn-tOLVm+vw9ZCxJxeWbjnlnSg=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: ARfrUuklV6oUDseX1smxz8cTJsO-Ft0Dt6buHzdvtzkqJ5sB5N-_Lg==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 image
shopping.ba.com/_next/ 228 B
1 KB 400ms
400ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=%2Fimages%2Fflags%2Fus.png&w=32&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4442bc83d97e66a356dc036930bf3eb6b1ef914ccfacc554c1c3170515d65b22

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:36 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 259
content-disposition: inline; filename="us.webp"
content-length: 228
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: REK8g9l+ZqNW3ANpML8+trHvkUzPrMVUwcMXBRXWWyI=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: IBq07LGPFeSnpqCkElL_5ZeQt6OJeDkJbF-Nht1cQTJcOKRL31_v8A==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 modules.e4b2dc39f985f11fb1e4.js Show response
script.hotjar.com/ 223 KB
56 KB 113ms
31ms Script
application/javascript 13.227.219.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1111164.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-71.ams54.r.cloudfront.net

Software

Resource Hash

619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Jul 2024 08:11:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 23776effa8a63b2e2dccd702e73b0c86.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 364049
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56291
last-modified: Mon, 01 Jul 2024 08:10:34 GMT
etag: "ca025d2d8ae4b3dc51e058b782590501"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: JR2Ks9cxnchnaRYDCCZQSII0f9mshHCS18cQKINyTxFu_trCm94pSw==

GET
H2 200 gb.svg
images.ctfassets.net/ce6fenbq6w53/6Y2mZtkIu7x8d5QexxzsTO/b3b866d58ba3790de4a1bdfe8a0544b0/ 1 KB
988 B 126ms
30ms Image
image/svg+xml 2600:9000:238d:c400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ce6fenbq6w53/6Y2mZtkIu7x8d5QexxzsTO/b3b866d58ba3790de4a1bdfe8a0544b0/gb.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:238d:c400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 7151413e6d661d90906712ee08bdca7818c44dcb2ca768f23a5a9b12c6265448

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jul 2024 12:20:35 GMT
content-encoding: gzip
via: 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront)
last-modified: Wed, 31 May 2023 13:37:03 GMT
server: Contentful Images API
x-amz-cf-pop: AMS1-P1
age: 27032
etag: W/"3053427baef9a2ef6e5e40c19d7448c2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: YH2uKYKAezflI_YN2gLpbGHfHIA6JnNcqF89yZaltgnWlpTW58cuoQ==

GET
H2 200 Avios_smaller_file.svg
images.ctfassets.net/ce6fenbq6w53/1vmGMmO5MEdcmLgQjdg6Sh/34928cfbd785af3e6e78a83b30431341/ 26 KB
19 KB 131ms
35ms Image
image/svg+xml 2600:9000:238d:c400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ce6fenbq6w53/1vmGMmO5MEdcmLgQjdg6Sh/34928cfbd785af3e6e78a83b30431341/Avios_smaller_file.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:238d:c400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: fbda6f23df51fc02fa94a930f7aa678fadc15023bd08b949be18370a90f6330a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jul 2024 12:18:22 GMT
content-encoding: gzip
via: 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront)
last-modified: Thu, 09 Nov 2023 15:59:11 GMT
server: Contentful Images API
x-amz-cf-pop: AMS1-P1
age: 32613
etag: W/"272d403a3b684d4522e619ad968b8148"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: DXOveu5GQIKzCHT3fokUFJ_iLChXwC5EtizE2GoFDxn8bZoVjAwiTg==

GET
H2 200 header Show response
channel.iagloyalty.com/api/contentful/ 3 KB
4 KB 30ms
30ms Fetch
application/json 18.239.69.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://channel.iagloyalty.com/api/contentful/header?opco=BAEC&mode=collect&locale=en-GB

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.239.69.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-239-69-128.ams58.r.cloudfront.net

Software

Resource Hash

fdf0cfbfa6eb64fecbac2c882ec8c9423bc052a51773f8babe3ff9fe0429ec2b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:12:40 GMT
via: 1.1 5869d8337913ed7453262c3cf9c9a9e6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: AMS58-P4
age: 428
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
cross-origin-resource-policy: same-origin
content-length: 3110
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: W/"c26-xHVeMo8ie4jOCv41HjqGMIxX7zo"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shopping.ba.com
origin-agent-cluster: ?1
access-control-allow-credentials: true
x-amz-cf-id: epxZ1Cl3vFpE9uwpdXWv2-0pufa17on0jv68MdQ-QjYtBqPfabaj3Q==

GET
DATA 200
OK truncated
/ 47 KB
47 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8223dece80fe22178463a74d5925b3b0129a97b25716eb3863cbc6c0307b0e1e

Request headers

Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
H2 200 653-40b32347a651c9bd.js
shopping.ba.com/shopping/_next/static/chunks/ 0
39 KB 92ms
91ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/653-40b32347a651c9bd.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:36 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 17
content-length: 37774
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"1e6c3-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: XR4SDi974Zh5VkHBwj-dWFqy64LmVzqzpNKWY4enugbBoYd45rmYaQ==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 help-centre-022602be6985553c.js
shopping.ba.com/shopping/_next/static/chunks/pages/ 0
4 KB 86ms
86ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/help-centre-022602be6985553c.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:36 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 11
content-length: 2238
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16d2-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: ZE0TQymXlpFqo_pDNEjQ7xxxHYJ5sahMI0bMNBxu4vM72pbGHQhQug==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 privacy-36bc0576ab200502.js
shopping.ba.com/shopping/_next/static/chunks/pages/ 0
4 KB 244ms
243ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/privacy-36bc0576ab200502.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:36 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 160
content-length: 2240
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16ce-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: JChvGxdYSEqojxArmnj_qWWHkH84l4nNszqD7J8XV34Q3xwFPV4K5g==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 terms-2dc332d641869d71.js
shopping.ba.com/shopping/_next/static/chunks/pages/ 0
4 KB 87ms
87ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/terms-2dc332d641869d71.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:36 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 16
content-length: 2238
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16cc-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: OxxK_-FcjEfcGP7Ej8dM1hnhZxdNhK-LLzoQqzXriP7jjNKQJpfwvQ==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 cookies-55eafc151961dd13.js
shopping.ba.com/shopping/_next/static/chunks/pages/ 0
4 KB 107ms
105ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/cookies-55eafc151961dd13.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 9
content-length: 2238
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16ce-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: ezcKT5Qyw-9j35TQ9htcQty8nWbyXTIqMwcD31zy9GlxyvqJ7Jb1Ng==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 accessibility-68e0ca44cb73d2cf.js
shopping.ba.com/shopping/_next/static/chunks/pages/ 0
4 KB 152ms
152ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/accessibility-68e0ca44cb73d2cf.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 81
content-length: 2238
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16d4-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 7A3VOWc9EXpQkSPfPCvf98OgMglv4Vdp7RIS9MUQGT5gvc93IRLpBA==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 Logo_BA_Col.svg
images.ctfassets.net/ce6fenbq6w53/1bnXatODGryYfVC0fWbwmk/5649dd047ddcb9d36739ced3b1117261/ 40 KB
24 KB 119ms
60ms Image
image/svg+xml 2600:9000:238d:c400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ce6fenbq6w53/1bnXatODGryYfVC0fWbwmk/5649dd047ddcb9d36739ced3b1117261/Logo_BA_Col.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:238d:c400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 8be98532c8285c76019b0028370e0dbcbab3df9fad0af33a7dbf6bb0e4754ea8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jul 2024 07:53:07 GMT
content-encoding: gzip
via: 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront)
last-modified: Thu, 09 Nov 2023 15:20:05 GMT
server: Contentful Images API
x-amz-cf-pop: AMS1-P1
age: 19530
etag: W/"e15ee4e630cf4be93bbbb498f373632d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: l_yKmtSXhoRs2x2DJbk9FPEQPWz-3sZiK4oqR82VPUHLNFN96TXgjw==

GET
DATA 200
OK truncated
/ 33 KB
33 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb89e6fe848b107c0553a4862e178a41467674d2299772b5020b19f7d32e7fbe

Request headers

Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
H2 200 retailers-ddefa320c33d9acf.js
shopping.ba.com/shopping/_next/static/chunks/pages/ 0
4 KB 86ms
86ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/retailers-ddefa320c33d9acf.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 11
content-length: 1981
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"170e-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: bUIHp_uUx8g5iWB79kMR0QI-a7vU4t5-pbAXUemstfSKjZsDCfv_bA==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 collect-on-card-c5791d183c601c4c.js
shopping.ba.com/shopping/_next/static/chunks/pages/ 0
4 KB 88ms
88ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/collect-on-card-c5791d183c601c4c.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 12
content-length: 2114
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"18d9-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 89W5r_iRtZd8Nf_7OlnoXJbG0zx2msg7wcM2R0B5cRg362QlThQbTA==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 offers-58745a20e0cc358f.js
shopping.ba.com/shopping/_next/static/chunks/pages/ 0
3 KB 104ms
104ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/offers-58745a20e0cc358f.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 31
content-length: 1542
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"13e2-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: MnDQ_LthAYu8upZUubn_L57z5kf_nFW9b_bYDZiqKyaEMzWJbxozxQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 %5B...slug%5D-6da3154e845cc0aa.js
shopping.ba.com/shopping/_next/static/chunks/pages/ 0
3 KB 122ms
121ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/%5B...slug%5D-6da3154e845cc0aa.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
content-length: 1657
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"ff0-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: C3-PfvqQ1e3-0hqBqEk7fGfVzuiGTwMuD44MuB5d_WwK6Xpz6xJnUg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 9-6a33df4cd4fa3cca.js
shopping.ba.com/shopping/_next/static/chunks/ 0
113 KB 118ms
118ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/9-6a33df4cd4fa3cca.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 34
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"63909-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 0P1NMgYIkf0R5wxQFoME_aYixVK77DSqNb0TzoVYn--wDxYCPW-fjw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 missing-avios-150071d382381b09.js
shopping.ba.com/shopping/_next/static/chunks/pages/my-account/ 0
15 KB 121ms
121ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/my-account/missing-avios-150071d382381b09.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 13
content-length: 13327
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"b93f-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 87vrJqT66SGPauWP2OfzFxPJoanBfsH7_4gNb40dP7LNWCBiHE162Q==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 5cdbba71022a5bdd.css Show response
shopping.ba.com/shopping/_next/static/css/ 31 KB
7 KB 236ms
236ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/5cdbba71022a5bdd.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

051c82aa3681985c1316e0b37bb6cb784dedfdfe55b497626bd93937eb032316

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 362248275725354580
x-datadog-trace-id: 7107611925504922894
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:36 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 124
content-length: 5057
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"7c5f-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: aimwQgS0r6Uz_YCpTB0sbv0SyRJGEz3HBbOUoYBelWcW9AC2VPSlsg==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 5ee328ac3c0c3a55.css Show response
shopping.ba.com/shopping/_next/static/css/ 19 KB
5 KB 250ms
250ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/5ee328ac3c0c3a55.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f8e026a3648d3b5fa6449fa9b108701668d3d658a537f3837c5180b84fff2d79

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 5681807773994073873
x-datadog-trace-id: 7837999563206142416
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:36 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 93
content-length: 3056
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"4a96-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: -CDmt7Qu9f446aWX07raL011IqptQJJ2dbySA8cZJCrTAwDfEYikRg==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 MhE0vRtwiY8
www.youtube-nocookie.com/embed/ Frame 2EEF 0
0 208ms
115ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/embed/MhE0vRtwiY8?rel=0&

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/framework-ff7f418116f76b2d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="YOUTUBE_NOCOOKIE_DOMAIN"
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jul 2024 13:18:36 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AsnbWYr3bqK88n/C2BgXPMpBC+msV4jf6vsgnAir+gFnHw3zXZEKmz271E4vhxTja+7SD2q3dr2BxZlHzvj9HA0AAACBeyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUtbm9jb29raWUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"YOUTUBE_NOCOOKIE_DOMAIN","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/YOUTUBE_NOCOOKIE_DOMAIN"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 estore.ttf
shopping.ba.com/shopping/fonts/estore/ 20 KB
12 KB 96ms
95ms Font
font/ttf 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/fonts/estore/estore.ttf

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/fonts/estore/estore.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d70d1094afa47bbf73a532ae830b840859ba68af1698ba36a6ec7f35cc844c7c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:36 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 23
content-length: 10422
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:03:22 GMT
cross-origin-opener-policy: same-origin
etag: W/"50ec-19073c1d810"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: font/ttf
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 1k4C4JRKTSWWszea5oXfMQ8NfF62wtkurvBjvOL4FyV2GjfLdt5ZUg==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 OpenSans-Bold.ttf
shopping.ba.com/shopping/fonts/open-sans/ 128 KB
77 KB 97ms
97ms Font
font/ttf 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/fonts/open-sans/OpenSans-Bold.ttf

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/fonts/open-sans/open-sans.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bc73c45e5810a0971ebeaef4eb6c35dec84607dbe02da6757f9f43d958b6da5f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:36 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 14
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:03:22 GMT
cross-origin-opener-policy: same-origin
etag: W/"1ff2c-19073c1d810"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: font/ttf
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: TVVKHjrgSa4wAyZA1qeHvA1sdzmk271tMFd3YpjuRkxIRyh1wEbQvg==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 Logo_Roam.png
images.ctfassets.net/r7gwdd6qio0j/6O8Smy26lGX1wIMisNDl09/0ec3b65a571899d62c9c16ef61a42b91/ 3 KB
3 KB 30ms
30ms Image
image/png 2600:9000:238d:c400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/r7gwdd6qio0j/6O8Smy26lGX1wIMisNDl09/0ec3b65a571899d62c9c16ef61a42b91/Logo_Roam.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:238d:c400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 889ea64f050b2b9b81a1679330e7388d2d95142b9b850b00c206c93e9ae6bbb1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jul 2024 12:17:59 GMT
via: 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront)
last-modified: Mon, 01 Jul 2024 09:10:40 GMT
server: Contentful Images API
x-amz-cf-pop: AMS1-P1
age: 23303
etag: "33c44ca4d506c8f7308706373a59ac0b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 2858
x-amz-cf-id: 4FEhbYN_f2Q4ChaH40vQZcWvoN5YvRrEkd6KX44ti-0zREv-GgVSXQ==

GET
H2 200 image
shopping.ba.com/_next/ 22 KB
23 KB 95ms
95ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Flibrary%2F508%2Fapple-ba-69617.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

51052db160311dd8fb083e7463c40b3c63e0caf03765d894eec7710812e0de4d

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:36 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 20
content-disposition: inline; filename="apple-ba-69617.webp"
content-length: 22380
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: UQUtsWAxHdj7CD50Y8QLPGPgyvA3ZdiU7sdxCBLg3k0=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: xx1bITUlkg1omDT-wOD9zxnT5jfHTnLsgBDyc7YYNFXb4zjzY-lb5w==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 image
shopping.ba.com/_next/ 890 B
2 KB 77ms
76ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_665.88e7803e62294be8081e3e62850edfffb94b2056.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6b293312658741e3e1ad90749d8f07b373d86fa703ee157687fdceffb7dc55aa

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:36 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 11
content-disposition: inline; filename="merchant_665.webp"
content-length: 890
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: aykzEmWHQePhrZB0nY8Hs3PYb6cD7hV2h-3O-7fcVao=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: ONjC-SB8GfRMDGnecUZZnOaW3hMaygkdf-NbsnCkBLoVSwT4EXWHxg==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 image
shopping.ba.com/_next/ 28 KB
29 KB 138ms
138ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Flibrary%2F508%2Fimport_364_1532x448__2_.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

edc9f193ab3656c80f73c08f171488d6b823cb3cc2fca8c9d2320fdec2b3494f

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:36 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 55
content-disposition: inline; filename="import_364_1532x448__2_.webp"
content-length: 29148
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: 7cnxk6s2VsgPc8CPFxSI1rgjyzzC-KjJ0jIP3sKzSU8=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: _TYH1FWWK8dOYZ0WuL6Yd3MlTgPg_tmiGEvOdJEs6pCZTyBVLsFc5w==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 image
shopping.ba.com/_next/ 2 KB
3 KB 146ms
144ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_100124.26849354358e047628a6598563ff8e4a801eca58.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0a5ef4d49654429c160832b3456a2e6623f4fb01759bdf6484b36ba9024c8c27

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 20
content-disposition: inline; filename="merchant_100124.webp"
content-length: 2244
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: Cl701JZUQpwWCDKzRWouZiP0+wF1m99khLNrqQJMjCc=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: FtFj57FcR8bjP4RKjIyJ9yzY839ipFC24Ku8kvjddGAs6g4hGCZekQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 91 KB
91 KB 111ms
110ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Flibrary%2F508%2Fimport_364_1532x44868935.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8f87ac12cc23a4c59aaa24ed633dfaf63b1e312672f10c2425204c20ed447705

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 16
content-disposition: inline; filename="import_364_1532x44868935.webp"
content-length: 92778
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: j4esEswjpMWaqiTtYz369jseMSZy8QwkJSBMIO1EdwU=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: bh88NgXYNju3z0LdKIl1di3kAHX6jFHZ7W_xdsqyVFHyMJ8vvsLs9g==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 1 KB
2 KB 84ms
84ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_featured_622.1ec99554b3dda4ccb1cc8bbdb36bf88875f73e5a.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

912981ed3d3e5c8a8f481e5e642d07251af5bfdebd77382ba979e91c55d0d901

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:36 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 11
content-disposition: inline; filename="merchant_featured_622.webp"
content-length: 1466
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: kSmB7T0+XIqPSB5eZC0HJRr1v969dzgrqXnpHFXQ2QE=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: _8P4bRb4OOPhhUpxUnFcLd4qFjpZRqVtQuy8IvRoeFRINsI8thUqxw==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 image
shopping.ba.com/_next/ 10 KB
10 KB 141ms
140ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Flibrary%2F508%2Fimport_364_Affiliate_Banner_-_1532x448_-_WW.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1894471bed3b35618e03752cb34beee3ced9dccf5b1d5335f89931ce8fcebc12

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 50
content-disposition: inline; filename="import_364_Affiliate_Banner_-_1532x448_-_WW.webp"
content-length: 9864
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: GJRHG+07NWGOA3Uss0vu487Z3M9bHVM1+Jkxzo-OvBI=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: z2H1U4UGnS2pDE384rPmPiavRw_StxjIrtk0uQBmUwDlWt1-rpUWDQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 1 KB
2 KB 89ms
88ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_featured_64994.724a42c5c9ac52ba5711650aab01d6a7e3182def4eb7d4610ba9fbe38234f38d.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b56e3e65fecdffd2a712323e22172bca1ee2c76de6f8da1a77d07a642d935dc1

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 23
content-disposition: inline; filename="merchant_featured_64994.webp"
content-length: 1500
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: tW4+Zf7N-9KnEjI+Ihcryh7ix23m+Noad9B6ZC2TXcE=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: EQpGfJI1e6S6JI-l0fgPr9FOKTkDA93VE_WWWhMJfocy-Pela8UqXw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 65 KB
66 KB 122ms
121ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Flibrary%2F508%2Fimport_364_Heals_Anais_1532x448.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

754c68f09c55502f6f877c7c9ae63dadd1db0035165862286c8f3d604fc684d0

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 45
content-disposition: inline; filename="import_364_Heals_Anais_1532x448.webp"
content-length: 66498
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: dUxo8JxVUC9vh3x8muY9rdHbADUWWGIobI89YE-GhNA=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: 4IKfgO_jmqACSHYjIBz7eoTD7nhD-CAHPHn47sdJpSvIEYXTQKqTmg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 968 B
2 KB 85ms
84ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_1362.5806c5603e92b02cce29a99975b30699d0cf3d72.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b0871e5c9a693e79acc4a255f46e5676aa1a25ce9ce4806ba0e26031089a9638

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 13
content-disposition: inline; filename="merchant_1362.webp"
content-length: 968
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: sIceXJppPnmsxKJV9G5WdqoaJc6c5IBroOJgMQialjg=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: SyqcgjYZAnuiN_VOPA7QOiYIceiLvFBrkNGG2nQb1Z4XdB9h0JuyRw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 37 KB
38 KB 96ms
95ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Flibrary%2F508%2F2024_Reviving_Rosemary_1532x448.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a96dcabacf5d5ab5c9b5897522d08b7f19b10c72594af82b499ca1add3afd8b1

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 16
content-disposition: inline; filename="2024_Reviving_Rosemary_1532x448.webp"
content-length: 38102
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: qW3Kus9dWrXJtYl1ItCLfxmxDHJZSvgrSZyhrdOv2LE=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: OhdQcfCEzQv-dn_JExt01ZssxwxHTuZE6ZgcydsvuVqFXbG0iG7-CA==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 3 KB
4 KB 123ms
123ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_57174.2c2059d6b42acaad59e20db0fec219f7cbe327c9.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

274b6d3086ad9d185ca741b2e33ba3c80e2b15fc245afb932a6d68b99913beb9

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 33
content-disposition: inline; filename="merchant_57174.webp"
content-length: 2932
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: J0ttMIatnRhcp0Gy4zujyA4rFfwkWvuTKm1ouZkTvrk=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: xSd7Jccx4alBGutMgK4-phznTAKkHbjSQ6-saLux6QP44w3-rBFA_A==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 61 KB
62 KB 97ms
96ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Flibrary%2F508%2Fimport_364_sd__1532x44864019.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

735927c34c45dae962e866b47403cd2ee878bb3b5729f5aa68dd070cf3905afd

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 11
content-disposition: inline; filename="import_364_sd__1532x44864019.webp"
content-length: 62228
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: c1knw0xF2uli6Ga0dAPNLuh4uztXKfWqaN0HDPOQWv0=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: B46ONpGgrJiCk7bfEUjfbXNrDgFbE2tPj_t9aD7nse6T5w0JTaTiDg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 5 KB
5 KB 115ms
115ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_featured_143.1e6f39a9ad66d07e7a3ae0f1555488d3c60be413.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cf2bc781a1b40efc98d67738788ad70c26cbbf32ea25aa76b5632e8ab0881b96

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 29
content-disposition: inline; filename="merchant_featured_143.webp"
content-length: 4786
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: zyvHgaG0DvyY1nc4eIrXDCbLvzLqJap2tWMuirCIG5Y=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: YBK3oS7BXI8jrmcgYfv1VCf-XDAkgPWasODCZdrdtTXR4YR8FL6_Xw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 26 KB
27 KB 127ms
126ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F7pjJzEp3UuH1Vfth5YVEDN%2F669598015cb0e5dcba19e603221a5f4b%2Fcurrys_uk_web_1jul24.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

74fc88ea9d73a4e73f47e28db8644a5ddff67de13322faa6d4b4b68e9eb3c933

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 12
content-disposition: inline; filename="currys_uk_web_1jul24.webp"
content-length: 26712
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: dPyI6p1zpOc-R+KNuGRKXd-2feEzIvqm1LS2jp6zyTM=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: OvWhvI5z0SQ65Cq78LGYjELtEbYIlu3xW7CEDM_1ejSLRb_M_c9DDg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 2 KB
3 KB 93ms
92ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_featured_1451.0414d0f165f59809259064df9aa0c7ba99c9da7b.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5a78de71ff8b26f94107123f414380c6401841a9a6dac360c7013553778596b6

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 11
content-disposition: inline; filename="merchant_featured_1451.webp"
content-length: 2040
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: Wnjecf+LJvlBBxI-QUOAxkAYQamm2sNgxwE1U3eFlrY=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: CUsaqC_vPQHVr9EdEVz8ZJSwVLsRuAEEB5zc71Z3RhZkfwy7sa5nPg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 41 KB
42 KB 246ms
246ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F5Z6sEkSqNCvGNTzprUS4S2%2F490dfc038f227eb8ee3fd5941de78bfd%2Ftk-maxx-uk-web-1jul24.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

50c3cd00a15bf2ba8f988be07a8220b426ab599cff81d333a121b2f6f72e6b6a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 59
content-disposition: inline; filename="tk-maxx-uk-web-1jul24.webp"
content-length: 42350
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: UMPNAKFb8rqPmIvgeoIgtCarWZz-gdMzoSGy9vcua2o=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: OvDpFmX49dQoZQZMPQQvksr8PHs-7Q3Q-LkvLC2Qj1p1dbDlNY0wxw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 3 KB
3 KB 82ms
81ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_121668.fa3988be0a37ef7c636b49e31fd37dd1e3b0ec7d.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d6ebb18f496bc9f7523c2a6117413e11ea663fe7d77ed7867435484fa6a7a361

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 15
content-disposition: inline; filename="merchant_121668.webp"
content-length: 2590
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: 1uuxj0lryfdSPCphF0E+EepmP+fXfteGdDVIT6ano2E=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: rpkC9TnWsGO9qE6S1lOX1WlTnnS21N9-A4fsjbFdK1R-FxRdEIXdiw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 7 KB
8 KB 99ms
98ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F5JEbTUhlbDA6mutpCDT2iG%2F86b0935caacf790884cc70ef433dbfef%2Fmulberry_uk_web_1jul24.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8f82098c4c539caa92cce56116ab3a67e2f1ff3a62ba639dd233fcf44605c154

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 21
content-disposition: inline; filename="mulberry_uk_web_1jul24.webp"
content-length: 7616
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: j4IJjExTnKqSzOVhFqs6Z+Lx-zpiumOd0jP89EYFwVQ=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: QfPpBV9_ErYN6dv9tID89yeGrgzKrgNA-Dnt64pBnn4fQz10EHAcwQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 2 KB
3 KB 100ms
99ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_329465.0fedbd40e9f6afd13058549a82704c2925e79764.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e28d49cf810f424b500311d3d9bf6dbbe432411e16ecbcfc7c274f2fa26e666c

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 19
content-disposition: inline; filename="merchant_329465.webp"
content-length: 1838
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: 4o1Jz4EPQktQAxHT2b9tu+QyQR4W7Lz8fCdPL6JuZmw=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: XNfjGcwH6F3D7PndjAc2DH_K093dM46vumVrl_tv_fqmnENSWveXZg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 57 KB
58 KB 143ms
143ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F2UlXC2ECCx3vOSOJi8jnIl%2F2e76b74b4bf6a6e4514d6853f9682ff5%2Fharvey_nichols_uk_web_1jul24.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9d2c6e64c396d61d39d8e0f066abb6123c7fe3247168411153ca3761549073bf

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 29
content-disposition: inline; filename="harvey_nichols_uk_web_1jul24.webp"
content-length: 58448
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: nSxuZMOW1h052ODwZqu2Ejx-4yRxaEERU8o3YVSQc78=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: QpKahPoUYLLWcqTir7fiWiPP95I60FBvTnL_V4xLMhc9nnQQHPiSiw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 2 KB
3 KB 103ms
103ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_100124.26849354358e047628a6598563ff8e4a801eca58.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0a5ef4d49654429c160832b3456a2e6623f4fb01759bdf6484b36ba9024c8c27

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 20
content-disposition: inline; filename="merchant_100124.webp"
content-length: 2244
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: Cl701JZUQpwWCDKzRWouZiP0+wF1m99khLNrqQJMjCc=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: dcu85-kTxhx1kxf7wX_DWeciY14kzc4LyU-oRkpej1X7D6oCXQv2uA==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 890 B
2 KB 107ms
106ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_665.88e7803e62294be8081e3e62850edfffb94b2056.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6b293312658741e3e1ad90749d8f07b373d86fa703ee157687fdceffb7dc55aa

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 15
content-disposition: inline; filename="merchant_665.webp"
content-length: 890
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: aykzEmWHQePhrZB0nY8Hs3PYb6cD7hV2h-3O-7fcVao=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: xIU0671fOu8Uucp1btjp08OlhesNWzIfab_CAxOZSHb3X1HrnrOg3Q==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 2 KB
3 KB 133ms
111ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_100124.26849354358e047628a6598563ff8e4a801eca58.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0a5ef4d49654429c160832b3456a2e6623f4fb01759bdf6484b36ba9024c8c27

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 32
content-disposition: inline; filename="merchant_100124.webp"
content-length: 2244
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: Cl701JZUQpwWCDKzRWouZiP0+wF1m99khLNrqQJMjCc=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: BkhENr-smjeyNPQVz9SU44L8L-NayK2R92b0-3oFTFI5KWpDlTAT9Q==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 34 KB
35 KB 86ms
86ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F3lOToI6N8ebBxx9PVlp2CK%2F68434a4f49bd435a5903a5f104a54dd9%2Fba_classic_1920x1216_editable__1_.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

04f613aea3719a25daf04a48bdb35f457b26fb0e78a9763e1bad0dcc2cdd98ba

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:36 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 16
content-disposition: inline; filename="ba_classic_1920x1216_editable__1_.webp"
content-length: 35322
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: BPYTrqNxmiXa8EpIvbNfRXsm+w54qXY+G60NzCzdmLo=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: o0YprQayHfuMzc6RmDXv7lnaT5Ny7XbsnTnJBG8OBZG-2QuXiatn1g==
expires: Fri, 05 Jul 2024 13:18:36 GMT

GET
H2 200 image
shopping.ba.com/_next/ 14 KB
15 KB 78ms
78ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F4N33MFRn4gx1lao3LmfOgC%2Fb70919e0098a6e308e84b34fe5b3d7a8%2FAviosMobile_652x368px.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

83fab85b2114b88de09d794243b1e944d958ede1733af53b86aa279882cfd5c4

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 12
content-disposition: inline; filename="AviosMobile_652x368px.webp"
content-length: 14438
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: g-q4WyEUuI3gnXlCQ7HpRNlY7eFzOvU7hqonmILP1cQ=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: IbrG_MHyE04xYGE_wA_-miQqJ-DPAuqHWpWgU2ltvA4mawQ_9D7NLg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 57 KB
58 KB 94ms
94ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F5m958aRkbJDAuZd4DazPzi%2F2a98364503af3e80891d1a66b7fb0472%2Fivy-uk-web-27may24.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6e3ee14d39cc804dae490a837580e2a1cae985e9abea07b48a1ea68bf2094cf9

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 12
content-disposition: inline; filename="ivy-uk-web-27may24.webp"
content-length: 58116
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: bj7hTTnMgE2uSQqDdYDiocrphemr6ge0ih6mi-IJTPk=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: 0uCt_jccICeUYpEslErOOBAcWRKWu8DOWF77tahNBJWLYrQ92xHaog==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 279 KB
280 KB 197ms
197ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F4a0w1vtyTTKCqQavtyuGQQ%2F8352cd8740ab67a12f3eeefbf9833387%2FEC00039_Bonus_Avios_Banner.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7ab0a749d062251222eff4d91395243fcbcdcbc063667cfa668f6a3be45f8d7d

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 31
content-disposition: inline; filename="EC00039_Bonus_Avios_Banner.webp"
content-length: 285596
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: erCnSdBiJRIi7-TZE5UkP8vNy8BjZnz6Zo9qO+RfjX0=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: 9RjEf337tSCkflb1xmqbRTEDiR_RvKFxkC1dYBN6-PZFpCccMOTwBA==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 59 KB
60 KB 88ms
87ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F1NrxMLTFxpTwuvqXyjEsuy%2Fe2049dcc0bb8ebb30ffffc16dbdec5ee%2Fmicrosoft-edge-z51MPaW5VfM-unsplash.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

960762657b44d2ec70e0f90b4b313ea4c74bdf9617ef013ae9eec3bbbe1a4294

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 10
content-disposition: inline; filename="microsoft-edge-z51MPaW5VfM-unsplash.webp"
content-length: 60676
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: lgdiZXtE0uxw4PkLSzE+pMdL35YX7wE66e7Du74aQpQ=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: 1hl0ON7WE-udg9-5UI2w5Zz8u5GGuEXFUIGN6BH-3MjaGumNl79BFQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 64 KB
65 KB 90ms
89ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F2mwGruyC2QvS9cfIykv3mi%2F2891b173fca1563279d0d6801cb5a488%2Fba-uk-shop-in-store.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

44c1148143aaa9d8adf4522a8ff4ec14729cc467f55581113cfffadd05b07810

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 12
content-disposition: inline; filename="ba-uk-shop-in-store.webp"
content-length: 65786
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: RMEUgUOqqdit9FIqj-TsFHKcxGf1VYERPP-63QWweBA=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: 88DSi3F5gmtTOXXpQNz0mksefSiA8q9vbUXHPhSVaFpABye5G_Vqkw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 64 KB
65 KB 96ms
96ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F6Jtlh1hENUVCjZOD6Zhoqb%2F4e3467f464a347fed0dbb235863ab986%2Ffreestocks-zMdOBBNPB5o-unsplash.jpg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ef48bfc8913a7bc1d9e0e81ac2e418ea5276fe85aefd27eed1687410112894ad

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 13
content-disposition: inline; filename="freestocks-zMdOBBNPB5o-unsplash.webp"
content-length: 65570
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: 70i-yJE6e8HZ4OgawuQY6lJ2-oWu-Sfu0Wh0EBEolK0=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: KK7gfqsu0Ol3qabjWq0Ct15pasZE0f3JBMUcO2NOfVaiNP2RFWmGfg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 image
shopping.ba.com/_next/ 10 KB
11 KB 109ms
109ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fr7gwdd6qio0j%2F6pTaSESW04MjOFebb5FUuR%2F80cfa78d8603b7b71a8795af457b4ebd%2Fcar-hire-holiday.jpeg&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

da7419f057fdd628177d1b27f6b2e9025dd15fb7f7921fc418d3bdf989516e6f

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:37 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 24
content-disposition: inline; filename="car-hire-holiday.webp"
content-length: 10030
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: 2nQZ8Ff91igXfRsn9rLpAl3RX7f3kh-EGNO9+YlRbm8=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: 1KjUhQHffxzux_8H9CqyaIFgYUQvw9o8qcVBoK_2uryBVjnulbgL6w==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 408-356489f224974f67.js
shopping.ba.com/shopping/_next/static/chunks/ 0
31 KB 106ms
106ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/408-356489f224974f67.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 51
content-length: 29608
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"14fb9-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: eIB2vDoTDNOuRFtvE2f0F0KLgfEwpdQ_lCLD3ybaLUrNqIFBJmvFQQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 %5Bslug%5D-f4b4aa4fee8ec986.js
shopping.ba.com/shopping/_next/static/chunks/pages/retailers/ 0
10 KB 57ms
56ms Other
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/retailers/%5Bslug%5D-f4b4aa4fee8ec986.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:38 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 54
content-length: 8572
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"6a5c-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: rwHjkA_x1cdgcGKHO2O7-oj03wB5vtjh_KHLPndmDTjIV_sWtsPrOw==
expires: Fri, 05 Jul 2024 13:18:38 GMT

GET
H2 204 1111164 Show response
vc.hotjar.io/sessions/ 0
233 B 125ms
47ms XHR
text/plain 18.239.36.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/1111164?s=0.25&r=0.20688044576354603
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-114.ams58.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 05 Jul 2024 13:18:36 GMT
cache-control: no-store
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: bLCgFMWSe3tRgf7MqjyuBeLZm0JLqIYS0WVgDCmcY_GZoGAZhLCBzg==
x-cache: Miss from cloudfront

POST
H2 200 / Show response
content.hotjar.io/ 56 B
171 B 603ms
215ms XHR
application/json 63.32.33.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=1111164&gzip=1
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 63.32.33.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-33-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: bf7b0720aa6d2dc3981a55f5a2a98b12f9f8a0a0a2b862423c12c582f5fc325c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 05 Jul 2024 13:18:37 GMT
content-length: 56
access-control-max-age: 86400
content-type: application/json

POST
H3 202 rum Show response
rum.browser-intake-datadoghq.eu/api/v2/ 53 B
71 B 99ms
93ms Fetch
application/json 34.149.169.145
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.eu/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ashopping%2Cversion%3Av1.27.0.5813&dd-api-key=pub70a15a57839c8b61fce987fd4662a196&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=3c9ae5d8-ffa2-49b2-9fda-b1cfebf20c9e&batch_time=1720185516981

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.169.145 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

145.169.149.34.bc.googleusercontent.com

Software

Resource Hash

285319c49ebe6ac8bf7e04214a39c4b3233f71dea057a86ed2b8145f71e4b2f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 05 Jul 2024 13:18:37 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53
dd-request-id: 3c9ae5d8-ffa2-49b2-9fda-b1cfebf20c9e

POST
H2 200 pixel_a16b4e3 Show response
shopping.ba.com/akam/13/ 0
639 B 32ms
31ms XHR
text/html 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://shopping.ba.com/akam/13/pixel_a16b4e3
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Content-Type: application/x-www-form-urlencoded
Referer
x-datadog-parent-id: 8834403778294329054
x-datadog-trace-id: 241773091309629115
sec-ch-ua-platform: "Win32"

Response headers

expires: Fri, 05 Jul 2024 13:18:37 GMT
pragma: no-cache
date: Fri, 05 Jul 2024 13:18:37 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
content-type: text/html

GET
H2 200 653-40b32347a651c9bd.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 122 KB
39 KB 117ms
117ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/653-40b32347a651c9bd.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ae77cdfae697013d1f4abba2fe5afeb8fec4e9d7d9f854c62f3f6896a78fd4e5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 36
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"1e6c3-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: U2LMKiYZsLhhTu33vnlpkybsab11MnPcW7jpgnR19nJ81PeDaGaClQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 help-centre-022602be6985553c.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 6 KB
4 KB 115ms
115ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/help-centre-022602be6985553c.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

550fcaf58ed33e434a8ecaed9ce33acbd1fd2bc1e79df1781a1950fe07b0ef78

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 37
content-length: 2238
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16d2-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 9Sqym2zDB7mQDTRPU3vctI65hy8Fnd46p9G0mcVu552R56-JbvwHOg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 0d8495548d130d96.css Show response
shopping.ba.com/shopping/_next/static/css/ 3 KB
3 KB 109ms
108ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/0d8495548d130d96.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

64647e3f427be63bb89e5d46470fe5a36f5e52da73b86d2fd271598d1f6982fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 2347444798984870824
x-datadog-trace-id: 2299297714555028081
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 11
content-length: 820
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"c1d-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 1HuCoYvUdzzPKVj7c2mCjV45vzIvrjrildeyOVHiGg9ICZKjeGVcVg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 408-356489f224974f67.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 84 KB
31 KB 239ms
238ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/408-356489f224974f67.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

57254db79680cecfe073f2b0acbdd7e2abcf54161a49df186d82c62511f92203

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 51
content-length: 29608
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"14fb9-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: jgJyiX1I3ziodiigBhc6RdZVGfzCqW4iG4GZczn6HQPwFRWH-gyyYA==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 %5Bslug%5D-f4b4aa4fee8ec986.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/retailers/ 27 KB
10 KB 154ms
154ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/retailers/%5Bslug%5D-f4b4aa4fee8ec986.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ce197dea1c40061679c283f41ade8625ce89ff914e548cfdea12633426baccf3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 54
content-length: 8572
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"6a5c-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 3g1VepWN8ivVdcuPv9FML3MkWmYqzK8oKHu4pHumBaBS6yODvB2PMQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 61f28dde83c0f6e9.css Show response
shopping.ba.com/shopping/_next/static/css/ 19 KB
5 KB 100ms
100ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/61f28dde83c0f6e9.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

809adb73d06d484afaf7e984be1989c2bf4c1ddcd33a515bd24ca52adc2e94b9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 6402815913327373398
x-datadog-trace-id: 6042592974293614644
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 21
content-length: 3457
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"4aeb-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: VpADYM8Oe57WjSWL1EBTA3AnILlb9FbZ_hzVd7p_1S0jUbVkT4Ik-Q==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 terms-2dc332d641869d71.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 6 KB
4 KB 190ms
190ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/terms-2dc332d641869d71.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b58976509e4c387fe09c46adee9c5cc65bf2b25788d199d8f5298b4bb9e76de2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 14
content-length: 2238
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16cc-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: td_cLbGhfaRKcxJ3zubZR3CKyMtbaI157MCWDW7sekSVUgMX2RPu8w==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 privacy-36bc0576ab200502.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 6 KB
4 KB 89ms
89ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/privacy-36bc0576ab200502.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5d7a773567a2c9371f5c71b0b360e42618ad87c089cb3daeef96501d96854142

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
content-length: 2240
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16ce-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: ziVn8lNUbQvb6m-mE7SKYxVUEmPwsP7Q1sUXPrfmhNvpnmKJsEY5YQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

POST
H3 202 rum Show response
rum.browser-intake-datadoghq.eu/api/v2/ 53 B
71 B 85ms
83ms Fetch
application/json 34.149.169.145
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.eu/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ashopping%2Cversion%3Av1.27.0.5813&dd-api-key=pub70a15a57839c8b61fce987fd4662a196&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=315a8b7e-42c3-4a0f-ada0-5c654a6ea088&batch_time=1720185517057

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.169.145 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

145.169.149.34.bc.googleusercontent.com

Software

Resource Hash

c2a499a42a6d4eed70468b60311d7338f4ed72970272276c9b7bf55e5322861d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 05 Jul 2024 13:18:37 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53
dd-request-id: 315a8b7e-42c3-4a0f-ada0-5c654a6ea088

POST
H3 202 rum Show response
rum.browser-intake-datadoghq.eu/api/v2/ 53 B
71 B 92ms
90ms Fetch
application/json 34.149.169.145
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.eu/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ashopping%2Cversion%3Av1.27.0.5813&dd-api-key=pub70a15a57839c8b61fce987fd4662a196&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=43b38136-9f48-4efe-b905-30b8302af105&batch_time=1720185517388

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.169.145 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

145.169.149.34.bc.googleusercontent.com

Software

Resource Hash

d9c05dfe8a12a1c5ccb3cc2b8a3be798dcb40936f316378a66e2be2445843f03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 05 Jul 2024 13:18:37 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53
dd-request-id: 43b38136-9f48-4efe-b905-30b8302af105

POST
H3 202 rum Show response
rum.browser-intake-datadoghq.eu/api/v2/ 53 B
71 B 81ms
79ms Fetch
application/json 34.149.169.145
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.eu/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ashopping%2Cversion%3Av1.27.0.5813&dd-api-key=pub70a15a57839c8b61fce987fd4662a196&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=261fe4a3-b91a-4778-9061-3975dba14c19&batch_time=1720185517669

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.169.145 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

145.169.149.34.bc.googleusercontent.com

Software

Resource Hash

03ef5ae35a512c941f7083a06c18673412f95f3f99f92961b440c35c515f77e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 05 Jul 2024 13:18:37 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53
dd-request-id: 261fe4a3-b91a-4778-9061-3975dba14c19

GET
H2 200 cookies-55eafc151961dd13.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 6 KB
4 KB 121ms
120ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/cookies-55eafc151961dd13.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6fca206ca6b3acb71ad27e6bea60060462703d2364d7ba940a2a5fcd281afb37

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 9
content-length: 2238
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16ce-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: xGNv0BRfyh1csk6ol5rdtszfFwkZNqnsN1gDD9toVwUHTkjAHFmFYw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 retailers-ddefa320c33d9acf.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 6 KB
4 KB 106ms
106ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/retailers-ddefa320c33d9acf.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0982532092075e5b9f4ca6b3890134d576d6784b9510fef7d5dd97001638d0e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 11
content-length: 1981
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"170e-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: EqjwlJLEzVD8sfqlEl8RQiwbkVv2wxqoHA2c3Vy3O-yFrPBWStfzsQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 9a65bb1a65c025c8.css Show response
shopping.ba.com/shopping/_next/static/css/ 14 KB
4 KB 80ms
79ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/9a65bb1a65c025c8.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f6d9d7aab6b3c7e9c0fd84bc07ed02d0433effc4a537df4b4462115161ab7d48

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 6016607821572290662
x-datadog-trace-id: 4613774818295548961
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
content-length: 2525
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"3712-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 319GOudJYCOBy9pZQHkkEPaZY1gV6cLlNUjAYcssyL2uDRSz_HhNjg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 accessibility-68e0ca44cb73d2cf.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 6 KB
4 KB 73ms
73ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/accessibility-68e0ca44cb73d2cf.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

77d87309f5a6b568ed5f4489cf3a500b749650549e8b35a02c4fc0fe2cbe9b56

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 81
content-length: 2238
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"16d4-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: RvX4mUtdW6TnOzGGrtdp5mS-53HDEOVPlH0-Y18PtkZr4sQeHhm9rg==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 collect-on-card-c5791d183c601c4c.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 6 KB
4 KB 90ms
90ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/collect-on-card-c5791d183c601c4c.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d1fa5c98fe83c4d1d54d76741b2fc5add4516083354778bb142a0b8948cd6d5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 12
content-length: 2114
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"18d9-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 0BWGVUzoyo-JXVV5fJjT2Q8380ZcaoxssIbu00PNn1lJUIG75pw9Rw==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 09af1445a5205ed2.css Show response
shopping.ba.com/shopping/_next/static/css/ 2 KB
2 KB 176ms
176ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/09af1445a5205ed2.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

113cc04837f86ddd2c0cf8a7df0a6ef9dd70054f2f246c6ed8fb8b82c89196ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 2583845595882531420
x-datadog-trace-id: 9092195577889913068
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 44
content-length: 600
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"732-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 0IjyVLsmyA_1_tOje6ZxaYviL6Gwsoz7aSLHdBBArLhDyvU2Hlwd7Q==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 offers-58745a20e0cc358f.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 5 KB
3 KB 57ms
57ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/offers-58745a20e0cc358f.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c7f9ec112329ef45359f373b55fd7e356fd1463671efd2886063b8c008c0719d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:38 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 31
content-length: 1542
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"13e2-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: YlzPTPiEI83UHqmaVgMYwylrE-zR1-uT3j3KkdxdbZK_vo8g28_c2g==
expires: Fri, 05 Jul 2024 13:18:38 GMT

GET
H2 200 0b63dd22c32c2284.css Show response
shopping.ba.com/shopping/_next/static/css/ 14 KB
4 KB 139ms
139ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/0b63dd22c32c2284.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

61e8267524be3fe67d7a262e5a1e5fdcf5d21ca35cf750ec77bef9ab23e1a81f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 923355834714339630
x-datadog-trace-id: 4227707661270952149
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:37 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 41
content-length: 2528
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"3712-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: r8naojBwfLt2C2GXAfzlMeMLCPEW-WPMYdB_2acO0WF7lAYG4zS-uQ==
expires: Fri, 05 Jul 2024 13:18:37 GMT

GET
H2 200 %5B...slug%5D-6da3154e845cc0aa.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/ 4 KB
3 KB 96ms
96ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/%5B...slug%5D-6da3154e845cc0aa.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d5ee091794cdfdbd454702e58d9b789a94abd7190cf8d8e706ac65d3622c6a4e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:38 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
content-length: 1657
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"ff0-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: Ab03pdfAZwtRRoZIPdqnEAw1O9XAz8Hzpuwt0Ep0gpMS1NfQw2A5kA==
expires: Fri, 05 Jul 2024 13:18:38 GMT

GET
H2 200 78a8383469c69539.css Show response
shopping.ba.com/shopping/_next/static/css/ 348 B
2 KB 177ms
177ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/78a8383469c69539.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bed49fae63c13cb9065eabbe75345f4dd5b3ede606f3822463b4c03f96a45af4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 869560864834374508
x-datadog-trace-id: 7251395413146595263
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:38 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 93
content-length: 348
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"15c-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: M9fxhyTCHw1PMGvLQptVcpUwfI-92VJjZfJwpj8vc4fXja9h1kV8jw==
expires: Fri, 05 Jul 2024 13:18:38 GMT

GET
H2 200 9-6a33df4cd4fa3cca.js Show response
shopping.ba.com/shopping/_next/static/chunks/ 398 KB
113 KB 71ms
71ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/9-6a33df4cd4fa3cca.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2d983a0d0c8730a1ab5df08864bdb50243c6fc472e192feea6691e133d02e24e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:38 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 34
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"63909-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 2lO6tOFTrxcYLUoDaAbYEJC4qqAvhe_NsWKL1Lx_QYuH_VLslf3fuA==
expires: Fri, 05 Jul 2024 13:18:38 GMT

GET
H2 200 missing-avios-150071d382381b09.js Show response
shopping.ba.com/shopping/_next/static/chunks/pages/my-account/ 46 KB
15 KB 58ms
58ms Script
application/javascript 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/chunks/pages/my-account/missing-avios-150071d382381b09.js

Requested by

Host: shopping.ba.com
URL: https://shopping.ba.com/shopping/_next/static/chunks/main-d7ac5cd9b4f926b6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

96925c26eb1013f95cefa496b684de0bc6672aee2109a045ead35e0d0b0862c2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:38 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 13
content-length: 13327
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"b93f-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: OghXeJQG7Umc6GinYqIK9aCl9KMBa8aUixrpt4U-BPJtQgrnVN2pVA==
expires: Fri, 05 Jul 2024 13:18:38 GMT

GET
H2 200 5022c6ca0ff4b9d0.css Show response
shopping.ba.com/shopping/_next/static/css/ 21 KB
5 KB 163ms
162ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/5022c6ca0ff4b9d0.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f347304619f25a0be66686fd6af3124890f0c31147e4a71b54c9b28448b04eb7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 5379542824667003804
x-datadog-trace-id: 5715513162446831620
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:38 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 62
content-length: 3067
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"5351-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: HCnwukdgSUtWCeelDCiOMrYuGDChet20Fl4GkbCHmk99eVF2hKyI7g==
expires: Fri, 05 Jul 2024 13:18:38 GMT

GET
H2 200 52ac2e10e0ed3194.css Show response
shopping.ba.com/shopping/_next/static/css/ 20 KB
5 KB 206ms
206ms Fetch
text/css 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://shopping.ba.com/shopping/_next/static/css/52ac2e10e0ed3194.css

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e120b6c32d10e81a24ab36fa8220a1a806946bcbfc66ca4ad8b2764891002277

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-datadog-sampling-priority: 1
Referer
x-datadog-parent-id: 1934807072461068018
x-datadog-trace-id: 1165848972660352293
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com *.google.com www.gstatic.com *.google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' *.fls.doubleclick.net *.krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk *.typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src * data:;media-src *;font-src * data:;connect-src *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
date: Fri, 05 Jul 2024 13:18:38 GMT
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 103
content-length: 3384
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
last-modified: Tue, 02 Jul 2024 14:06:10 GMT
cross-origin-opener-policy: same-origin
etag: W/"5153-19073c46850"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: IppJ5dnfXvH7nR7crWMMy0kHcriCIKSTcNoMOVp-KyRdsYNsOJL29Q==
expires: Fri, 05 Jul 2024 13:18:38 GMT

POST
H3 202 rum Show response
rum.browser-intake-datadoghq.eu/api/v2/ 53 B
71 B 118ms
114ms Fetch
application/json 34.149.169.145
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.eu/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ashopping%2Cversion%3Av1.27.0.5813&dd-api-key=pub70a15a57839c8b61fce987fd4662a196&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=128ee989-89f4-4597-b276-f5474cdc4027&batch_time=1720185517969

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.169.145 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

145.169.149.34.bc.googleusercontent.com

Software

Resource Hash

81f6fbba1f26e6d35120ee6efc3915b5a41de461a7d3ca835f2445a665e62ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 05 Jul 2024 13:18:38 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53
dd-request-id: 128ee989-89f4-4597-b276-f5474cdc4027

POST
H2 204 collect Show response
region1.google-analytics.com/g/ 0
54 B 34ms
34ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FWMPLLY660&gtm=45je4730v894685627za200zb891140445&_p=1720185515308&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1862316499.1720185516&ul=de-ch&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EEA&_s=2&sid=1720185515&sct=1&seg=0&dl=https%3A%2F%2Fshopping.ba.com%2F&dt=Shop%20through%20British%20Airways&en=scroll&epn.percent_scrolled=90&_et=7&tfd=5957&_z=fetch
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Jul 2024 13:18:39 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://shopping.ba.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 image
shopping.ba.com/_next/ 1 KB
2 KB 86ms
85ms Image
image/webp 2a02:26f0:480:d::210:f153
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopping.ba.com/_next/image?url=https%3A%2F%2Fcdn.rewardengine.com%2Fupload%2Fmerchant_featured_622.1ec99554b3dda4ccb1cc8bbdb36bf88875f73e5a.png&w=1920&q=75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

912981ed3d3e5c8a8f481e5e642d07251af5bfdebd77382ba979e91c55d0d901

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin: https://shopping.ba.com
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 05 Jul 2024 13:18:42 GMT
x-permitted-cross-domain-policies: none
x-amz-cf-pop: LHR50-P4
x-dns-prefetch-control: off
x-nextjs-cache: HIT
x-envoy-upstream-service-time: 9
content-disposition: inline; filename="merchant_featured_622.webp"
content-length: 1466
x-xss-protection: 0
pragma: no-cache
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: kSmB7T0+XIqPSB5eZC0HJRr1v969dzgrqXnpHFXQ2QE=
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/webp
origin-agent-cluster: ?1
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: g8a_m4pHIKntnlpalQBIohC6iD4DCl-NFPg_UhCTqjNkVDbHsV0lKQ==
expires: Fri, 05 Jul 2024 13:18:42 GMT

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
shopping.ba.com/	1970-01-20 21:49:47	Name: RUNTIME_FLAVOR Value: vanilla
shopping.ba.com/	1970-01-21 06:35:21	Name: NEXT_LOCALE Value: en-GB
shopping.ba.com/	1970-01-20 22:32:57	Name: FIRST_TIME_USER Value: YES
shopping.ba.com/	1970-01-20 21:49:45	Name: HAS_DONE_SILENT_LOGIN_V2 Value: true
shopping.ba.com/	1969-12-31 23:59:59	Name: auth_verification Value: %7B%22nonce%22%3A%22emrxf_gEXVTlZkFuzveLlvoI0g-BPAFv-VzCo7H0oek%22%2C%22state%22%3A%22eyJyZXR1cm5UbyI6Imh0dHBzOi8vc2hvcHBpbmcuYmEuY29tLyJ9%22%2C%22code_verifier%22%3A%22eb_2AxZuUVv4XN4nfplTXiYZ5WhmKSZL1cBu6ydp920%22%7D.aY3tZ3Y0Gmjw7cxU6AdPlE4TbNIKroKr4O0C7AZ_-Fs
accounts.britishairways.com/	1969-12-31 23:59:59	Name: did Value: s%3Av0%3A6c99f907-3433-4ce3-b830-d15db70be0d5.nTNVidWGk1Jjmy%2BiUZsuzLXpoJCYTOBNa5WaP5bco30
accounts.britishairways.com/	1969-12-31 23:59:59	Name: did_compat Value: s%3Av0%3A6c99f907-3433-4ce3-b830-d15db70be0d5.nTNVidWGk1Jjmy%2BiUZsuzLXpoJCYTOBNa5WaP5bco30
.ba.com/	1970-01-20 21:49:52	Name: bm_mi Value: 5A4863BA3304AE9EFDDC2C6D5F594130~YAAQE/AQAiSsb1WQAQAAiewLgxjORBWye5R0MIdhY0yfTVvTC3jKhL1HkvgEmDJyBe4PhYSxAmBtPMNyNqvY+pCl3tt0GcQ7B93u1UTJHad2VtLqmEC9g+l8XdlA58CxltbCS++onhJvYQxdqJy3OcBVTO1q16B4RT02WlZW4yaIWLFY4Yz4h9zSD3UciVQHBZNHTe6cEL4N7id1lkn4vRGBZ7PNSi9n1H25M6No9J4pfAJ+BeQzVVSsBB36MKyrwUvJtWvyl5ZO4bUOyJxIeJ1qpds9sp18O1QhTgZGhvBbP2sMnElc0w==~1
.ba.com/	1970-01-20 21:49:52	Name: bm_sv Value: 5B27E5B8288DE824A7B7561CC7599382~YAAQE/AQAiWsb1WQAQAAiewLgxgFs3FkJOwPZxKuksAYyM4ofwin4NKKMEIzfyVZHv7shuAhHPeDsWKtXStgDOXiJ5Vp+zON5LODDLA7ZjEcH/L2ih2mc/8OAn3h9XtMLbtPGGlrMdQSNUuOjc55HDnkWahO1aY3b0djS+tjJb0dzZWPEHAXqzi2pAq0iGAZt+fM59O8rPYviRKjSaM1ZAYVjpgUavHBY0lB+mEZK9sTUaJTut6cN4N5tO0=~1
.shopping.ba.com/	1970-01-21 06:35:21	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Jul+05+2024+15%3A18%3A35+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202402.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fshopping.ba.com%2F&groups=C0001%3A1%2CC0004%3A0%2CC0002%3A0%2CC0003%3A0
.ba.com/	1970-01-21 07:25:45	Name: _ga Value: GA1.1.1862316499.1720185516
.ba.com/	1970-01-21 06:35:21	Name: _hjSessionUser_1111164 Value: eyJpZCI6IjFkNDRiMGRiLTIzZTctNTc4My05Zjg3LWRhOWM5Nzc4NjUyYiIsImNyZWF0ZWQiOjE3MjAxODU1MTY4MzEsImV4aXN0aW5nIjp0cnVlfQ==
.ba.com/	1970-01-20 21:49:47	Name: _hjSession_1111164 Value: eyJpZCI6IjUyNDMyMTg2LWNjODItNGVjMC1iMzM5LTE3M2Q4ZDFlYTk0MiIsImMiOjE3MjAxODU1MTY4MzEsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.ba.com/	1970-01-20 21:49:52	Name: ak_bmsc Value: 6A7AAFA948104278A8A077AA37ED4B27~000000000000000000000000000000~YAAQE/AQAmusb1WQAQAAy/MLgxjyDcOPmhZloMVx4Qc+iHoQ3LxFViGIwqaQUvRP6gXAMwQCJtparxpQtgEBMUN9bf6z3rwHCrCnbpB3g5udzC4MYJVEHYmEsniZmNVCBrvW9qCFLoDc+dbBjgKY1NrX1x3e1behQYPRM7lb97iqpAFdmzOBiaiRmh/YcV4AYPhco8RfLijUjc+sNrm29g7cT4XVD9vJ5uINZoYBxVftLXHd4jfSos0urZ//jWNMwljoAwnUeuMn25zrDcxTi0TkwGgVjXAOM125f6euuYyucmaCrBV/NkfyRVl793E9+E6Nuy9SOTo+V5f590t1HwJIj3hqiQiJm6JZG9WSya0WmmPvYpF7q36nxdN2e+MCqAXmv8V+7f/c2AgwRSPRnIOT04ohJA5KS47nKVrtQpLJiuRAL4mdx5AGrJcjM4fIpVOvCIRpzxDtZokjn2z7zmCKBPRS/pu6FCT3x9Li8UfAjfU=
.ba.com/	1970-01-21 07:25:45	Name: _ga_FWMPLLY660 Value: GS1.1.1720185515.1.0.1720185519.0.0.0
shopping.ba.com/	1970-01-20 21:49:46	Name: _dd_s Value: rum=2&id=0e5e91db-3104-44b2-aa5d-0205258cce1a&created=1720185515303&expire=1720186415303

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://shopping.ba.com/ Message: The Content-Security-Policy directive 'script-src-attr' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js(Line 6) Message: The Content-Security-Policy directive 'script-src-attr' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js(Line 6) Message: The Content-Security-Policy directive 'script-src-attr' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js(Line 6) Message: The Content-Security-Policy directive 'script-src-attr' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js(Line 6) Message: The Content-Security-Policy directive 'script-src-attr' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://shopping.ba.com/shopping/_next/static/chunks/framework-ff7f418116f76b2d.js(Line 8) Message: The Content-Security-Policy directive 'script-src-attr' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js(Line 1) Message: The Content-Security-Policy directive 'script-src-attr' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js(Line 1) Message: The Content-Security-Policy directive 'script-src-attr' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'nonce-fc4d48240710bf93ca48ce35576be9bd' 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;script-src-elem 'unsafe-inline' shopping.ba.com apigw.collectcom.dev.iagl.digital apigw.collectcom.stg.iagl.digital apigw.collectcom.tst.iagl.digital apigw.collectcom.iagl.digital www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com .google.com www.gstatic.com .google-analytics.com www.google-analytics.com ssl.google-analytics.com cdn-ukwest.onetrust.com www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu resources.fidel.uk https://www.youtube.com .hotjar.com .hotjar.io wss://ws.hotjar.com cdn.cookielaw.org;frame-src 'self' .fls.doubleclick.net .krxd.net connect.facebook.net fast.avios.demdex.net avios.demdex.net vars.hotjar.com www.google.com resources.fidel.uk .typeform.com www.facebook.com https://www.youtube-nocookie.com;img-src data:;media-src ;font-src data:;connect-src https://shopping.ba.com/akam/13/ *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'nonce-fc4d48240710bf93ca48ce35576be9bd' 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.britishairways.com
cdn.cookielaw.org
channel.iagloyalty.com
content.hotjar.io
images.ctfassets.net
region1.google-analytics.com
rum.browser-intake-datadoghq.eu
script.hotjar.com
shopping.ba.com
static.hotjar.com
vc.hotjar.io
www.datadoghq-browser-agent.com
www.googletagmanager.com
www.shopping.ba.com
www.youtube-nocookie.com
108.138.190.144
13.227.219.71
18.172.112.41
18.239.36.114
18.239.69.128
18.239.94.113
2001:4860:4802:34::36
2600:1901:0:7047::
2600:9000:238d:c400:12:94b3:c380:93a1
2606:4700::6813:b234
2a00:1450:4001:827::2008
2a00:1450:4001:82b::200e
2a02:26f0:480:d::210:f153
34.149.169.145
63.32.33.232
022e2f39deba7f332eabe69b27b31d98d4d5f2535116745957a691d1b1ec4cc5
03ef5ae35a512c941f7083a06c18673412f95f3f99f92961b440c35c515f77e3
04f613aea3719a25daf04a48bdb35f457b26fb0e78a9763e1bad0dcc2cdd98ba
051c82aa3681985c1316e0b37bb6cb784dedfdfe55b497626bd93937eb032316
0982532092075e5b9f4ca6b3890134d576d6784b9510fef7d5dd97001638d0e7
0a5ef4d49654429c160832b3456a2e6623f4fb01759bdf6484b36ba9024c8c27
0af45f4cdefe7c0a20dfadd1a93af5c9a0c05bbf62c3276f91a29d8b4015aae3
113cc04837f86ddd2c0cf8a7df0a6ef9dd70054f2f246c6ed8fb8b82c89196ed
1850e11c44f3c937db26bb2418c928e3d10aa96ce17ae48f280fff94b2f2fa2c
1894471bed3b35618e03752cb34beee3ced9dccf5b1d5335f89931ce8fcebc12
22e40d6ed5176b9983cc290c782e8b8075ffe2c4793bd16d1054957966442955
274b6d3086ad9d185ca741b2e33ba3c80e2b15fc245afb932a6d68b99913beb9
285319c49ebe6ac8bf7e04214a39c4b3233f71dea057a86ed2b8145f71e4b2f8
2d25aca6592a2f118e63b368a7ddf74b1cf8cefc742561979950a9949e6164c4
2d983a0d0c8730a1ab5df08864bdb50243c6fc472e192feea6691e133d02e24e
2e789e43937c7abc5959eba06825459f4e08e050ff9ea43ab8ec5a041a3e7558
352a01213045e62776ce296d5f4b6728ae0b4a5172043a774b379f1c3b560baf
35aff929a0a656bb6223cd664f112cd0c695c47629edebedb5e9e798e00c31a5
4442bc83d97e66a356dc036930bf3eb6b1ef914ccfacc554c1c3170515d65b22
44c1148143aaa9d8adf4522a8ff4ec14729cc467f55581113cfffadd05b07810
45309b48c75f48a98ee19175f8b5a3e800c874d20c20192cbb2dafc276036d77
4c48569227386fd0214bc4c9e370b98714db0e3a30a6ea47673b60f3bdad4a74
50c3cd00a15bf2ba8f988be07a8220b426ab599cff81d333a121b2f6f72e6b6a
51052db160311dd8fb083e7463c40b3c63e0caf03765d894eec7710812e0de4d
550fcaf58ed33e434a8ecaed9ce33acbd1fd2bc1e79df1781a1950fe07b0ef78
57254db79680cecfe073f2b0acbdd7e2abcf54161a49df186d82c62511f92203
5a78de71ff8b26f94107123f414380c6401841a9a6dac360c7013553778596b6
5c97025d1fbfb3227752d6af76d71ecea2eeaac3940f9728ac63c6de5dbdfe49
5d7a773567a2c9371f5c71b0b360e42618ad87c089cb3daeef96501d96854142
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0
61e8267524be3fe67d7a262e5a1e5fdcf5d21ca35cf750ec77bef9ab23e1a81f
636100419f26cf6cbb753bb1a5ff72c5bd1054caddbf1657e35e22e40e3d8029
64647e3f427be63bb89e5d46470fe5a36f5e52da73b86d2fd271598d1f6982fb
64747106044e74dffa4c71ba734390a21ca1f6ece6cfd874a5bf9eb0b8cba324
6530480277da62efde047eb26e78a7e532d1cfaeec91603e68d63876b9669f0d
675fcc02a100da4b767e40f85507be80b153e16cfd03f1b1e041b249cdb063ed
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6b293312658741e3e1ad90749d8f07b373d86fa703ee157687fdceffb7dc55aa
6e3ee14d39cc804dae490a837580e2a1cae985e9abea07b48a1ea68bf2094cf9
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
6fca206ca6b3acb71ad27e6bea60060462703d2364d7ba940a2a5fcd281afb37
7151413e6d661d90906712ee08bdca7818c44dcb2ca768f23a5a9b12c6265448
71e25adb9a844628a45a429b626e44c4be3b49be2f0d8a0d4531082894eb7bb5
735927c34c45dae962e866b47403cd2ee878bb3b5729f5aa68dd070cf3905afd
7429ba59299387d5b2445949464b6b58111c47c8363459c1dfe16a541ff0c397
74fc88ea9d73a4e73f47e28db8644a5ddff67de13322faa6d4b4b68e9eb3c933
754c68f09c55502f6f877c7c9ae63dadd1db0035165862286c8f3d604fc684d0
764ebb6c8fa06632267e0320eb99620fd65023176589cb7c28256e05371fe850
776acbdc6b61d516d9182ab5c54f5eeb61de07703701613d0b9c20113d5df5da
77d87309f5a6b568ed5f4489cf3a500b749650549e8b35a02c4fc0fe2cbe9b56
7ab0a749d062251222eff4d91395243fcbcdcbc063667cfa668f6a3be45f8d7d
809adb73d06d484afaf7e984be1989c2bf4c1ddcd33a515bd24ca52adc2e94b9
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
81f6fbba1f26e6d35120ee6efc3915b5a41de461a7d3ca835f2445a665e62ecf
8223dece80fe22178463a74d5925b3b0129a97b25716eb3863cbc6c0307b0e1e
83fab85b2114b88de09d794243b1e944d958ede1733af53b86aa279882cfd5c4
889ea64f050b2b9b81a1679330e7388d2d95142b9b850b00c206c93e9ae6bbb1
8be98532c8285c76019b0028370e0dbcbab3df9fad0af33a7dbf6bb0e4754ea8
8dbb69371fb0a43c8c5abf8ee3b8f669d5abf44fd27916302acc5d5d5fbc4f89
8f82098c4c539caa92cce56116ab3a67e2f1ff3a62ba639dd233fcf44605c154
8f87ac12cc23a4c59aaa24ed633dfaf63b1e312672f10c2425204c20ed447705
912981ed3d3e5c8a8f481e5e642d07251af5bfdebd77382ba979e91c55d0d901
960762657b44d2ec70e0f90b4b313ea4c74bdf9617ef013ae9eec3bbbe1a4294
96925c26eb1013f95cefa496b684de0bc6672aee2109a045ead35e0d0b0862c2
988fda87602253060006219d2a2b02c3222483cb9c76980f3210614aa27d195a
9d2c6e64c396d61d39d8e0f066abb6123c7fe3247168411153ca3761549073bf
9e2acb4802425ae02a385f998549ffb4e2d59bebf0f590b12717966e39e59d28
a04f86a098e1f43e3141a7cd030984aaa18d4f3b34f7e0a5a6e159f6ef9f52d4
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a96dcabacf5d5ab5c9b5897522d08b7f19b10c72594af82b499ca1add3afd8b1
ae77cdfae697013d1f4abba2fe5afeb8fec4e9d7d9f854c62f3f6896a78fd4e5
af26391e69ce7ed901ec3b05eaaeca7be9a40140aff9c861c9d37f735dd84201
b000bcdc92d9db11f44e951591b4eefeff19452d9e3824c78bb44dffc70c0803
b0777bcefa881f893a593f018308467e8e7ab19167c0f622dcc1b74116a037ff
b0871e5c9a693e79acc4a255f46e5676aa1a25ce9ce4806ba0e26031089a9638
b1705f56b85897cd30486041b23985977ccb85447c0bfb28b268589d96f1dc42
b254b91f72ff9628fff4f3a942ddca6bd7fb0a3fc0bf36b30473995e94b015f0
b56e3e65fecdffd2a712323e22172bca1ee2c76de6f8da1a77d07a642d935dc1
b58976509e4c387fe09c46adee9c5cc65bf2b25788d199d8f5298b4bb9e76de2
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
bc73c45e5810a0971ebeaef4eb6c35dec84607dbe02da6757f9f43d958b6da5f
bed49fae63c13cb9065eabbe75345f4dd5b3ede606f3822463b4c03f96a45af4
bf7b0720aa6d2dc3981a55f5a2a98b12f9f8a0a0a2b862423c12c582f5fc325c
c2a499a42a6d4eed70468b60311d7338f4ed72970272276c9b7bf55e5322861d
c7f9ec112329ef45359f373b55fd7e356fd1463671efd2886063b8c008c0719d
cc05f84d25aac11feb381002f1ea8a00a6c4c7ddf6acc2d91ce2a2c6268df887
cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a
ce197dea1c40061679c283f41ade8625ce89ff914e548cfdea12633426baccf3
cf2bc781a1b40efc98d67738788ad70c26cbbf32ea25aa76b5632e8ab0881b96
d1fa5c98fe83c4d1d54d76741b2fc5add4516083354778bb142a0b8948cd6d5b
d2f44cdb5134098de00b53a2415acb05a72fc7701684384e464f4abe3811a6d2
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2
d5ee091794cdfdbd454702e58d9b789a94abd7190cf8d8e706ac65d3622c6a4e
d612ca56c2d0926b1c1ebd7e3a6feefd83c106d3b3e1a89bea520050e06f2baa
d6ebb18f496bc9f7523c2a6117413e11ea663fe7d77ed7867435484fa6a7a361
d70d1094afa47bbf73a532ae830b840859ba68af1698ba36a6ec7f35cc844c7c
d9c05dfe8a12a1c5ccb3cc2b8a3be798dcb40936f316378a66e2be2445843f03
d9ce019e89e40578ac493a6357dec78d900da37dcf3d23108325f757f804b601
da7419f057fdd628177d1b27f6b2e9025dd15fb7f7921fc418d3bdf989516e6f
e120b6c32d10e81a24ab36fa8220a1a806946bcbfc66ca4ad8b2764891002277
e28d49cf810f424b500311d3d9bf6dbbe432411e16ecbcfc7c274f2fa26e666c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f84d5c77517c8730a07c0feacd4e898a442bface97c85f1c3c535f4b65173d
e603135cc3b1200c7260b34f37f9cb1f2178a42b363037e26a1e18276ab78bf0
e8a340f8dc90f0e6b592af930d8d70f359c132c85c43f1924de82ca1dda91453
eb89e6fe848b107c0553a4862e178a41467674d2299772b5020b19f7d32e7fbe
edc9f193ab3656c80f73c08f171488d6b823cb3cc2fca8c9d2320fdec2b3494f
ef072b9ae1b3c29f94781c86bcdfdb71c1e06bbc7a2f05bc65dcfa2eefdde02c
ef48bfc8913a7bc1d9e0e81ac2e418ea5276fe85aefd27eed1687410112894ad
f0f91c441f9d25df791ba546949d8fb34ce681e937d3d902affe51b3cbf27585
f347304619f25a0be66686fd6af3124890f0c31147e4a71b54c9b28448b04eb7
f40f57620246d052ea666f8f9d25dc6fcd93a7bbd6314077a2eb7213e98a4b5a
f6d9d7aab6b3c7e9c0fd84bc07ed02d0433effc4a537df4b4462115161ab7d48
f717a7701dc3f61b403ac8657014b0a63d5e9011702ad3069d5fd8cd46f4199f
f8e026a3648d3b5fa6449fa9b108701668d3d658a537f3837c5180b84fff2d79
fb567dc24b3d3f8b38fac537c2f87e7630bc662cc0a01d448ade6e21464f1248
fbda6f23df51fc02fa94a930f7aa678fadc15023bd08b949be18370a90f6330a
fdf0cfbfa6eb64fecbac2c882ec8c9423bc052a51773f8babe3ff9fe0429ec2b

shopping.ba.com Open in urlscan Pro 2a02:26f0:480:d::210:f153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

139 Requests

100 %HTTPS

47 %IPv6

12 Domains

15 Subdomains

15 IPs

3 Countries

4603 kBTransfer

10862 kBSize

16 Cookies

19 Outgoing links

Page URL History

Redirected requests

139 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

shopping.ba.com Open in urlscan Pro
2a02:26f0:480:d::210:f153 Public Scan

Screenshot
Live screenshot

Full Image

139
Requests

100 %
HTTPS

47 %
IPv6

12
Domains

15
Subdomains

15
IPs

3
Countries

4603 kB
Transfer

10862 kB
Size

16
Cookies

139 HTTP transactions
6 data transactions