www.theonion.com Open in urlscan Pro
151.101.194.166 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://onion.com/
Effective URL:
https://www.theonion.com/
Submission: On May 12 via manual (May 12th 2021, 12:15:02 pm UTC) from GB

Summary HTTP 256 Redirects Links 59 Behaviour Indicators

Summary

This website contacted 59 IPs in 7 countries across 49 domains to perform 256 HTTP transactions. The main IP is 151.101.194.166, located in United States and belongs to FASTLY, US. The main domain is www.theonion.com.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2020 on April 20th 2021. Valid for: a year.

This is the only time www.theonion.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.13 67.199.248.13	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1 47	151.101.194.166 151.101.194.166	54113 (FASTLY) (FASTLY)
5	151.101.66.166 151.101.66.166	54113 (FASTLY) (FASTLY)
9	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
3 13	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.114.217 151.101.114.217	54113 (FASTLY) (FASTLY)
4	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
7	13.224.95.16 13.224.95.16	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	199.232.194.217 199.232.194.217	54113 (FASTLY) (FASTLY)
4	13.224.103.105 13.224.103.105	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:219... 2600:9000:2190:8e00:18:1fcd:34e:d2a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:303... 2606:4700:3039::6815:c076	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::ac43:4686	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 10	151.101.114.137 151.101.114.137	54113 (FASTLY) (FASTLY)
1	34.120.253.250 34.120.253.250	15169 (GOOGLE) (GOOGLE)
1 3	13.224.95.18 13.224.95.18	16509 (AMAZON-02) (AMAZON-02)
1	65.9.66.94 65.9.66.94	16509 (AMAZON-02) (AMAZON-02)
1	52.30.148.233 52.30.148.233	16509 (AMAZON-02) (AMAZON-02)
1 2	88.214.207.207 88.214.207.207	46636 (NATCOWEB) (NATCOWEB)
2	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
3 6	35.211.168.6 35.211.168.6	19527 (GOOGLE-2) (GOOGLE-2)
2	213.19.162.61 213.19.162.61	3356 (LEVEL3) (LEVEL3)
2	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	18.156.195.47 18.156.195.47	16509 (AMAZON-02) (AMAZON-02)
3 6	185.33.221.50 185.33.221.50	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	52.86.237.87 52.86.237.87	14618 (AMAZON-AES) (AMAZON-AES)
1	3.212.71.107 3.212.71.107	14618 (AMAZON-AES) (AMAZON-AES)
2	3.233.246.167 3.233.246.167	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
1	35.201.100.179 35.201.100.179	15169 (GOOGLE) (GOOGLE)
2	34.98.72.95 34.98.72.95	15169 (GOOGLE) (GOOGLE)
3	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
1	34.120.133.55 34.120.133.55	15169 (GOOGLE) (GOOGLE)
1	34.237.40.131 34.237.40.131	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
8	3.18.8.90 3.18.8.90	16509 (AMAZON-02) (AMAZON-02)
1 7	52.95.124.165 52.95.124.165	16509 (AMAZON-02) (AMAZON-02)
1	35.227.229.34 35.227.229.34	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:4000:0:70b1:7080:93a1	16509 (AMAZON-02) (AMAZON-02)
2	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	3.124.65.205 3.124.65.205	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	72.21.206.140 72.21.206.140	16509 (AMAZON-02) (AMAZON-02)
8 13	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	185.183.112.155 185.183.112.155	60350 (VP) (VP)
27	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
4 8	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
17	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	185.29.133.199 185.29.133.199	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
4	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2 3	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2 2	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
4	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	88.214.193.99 88.214.193.99	46636 (NATCOWEB) (NATCOWEB)
1	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
256	59

1 67.199.248.13 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: cname.bitly.com

onion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 151.101.194.166 (United States) 1 redirects

ASN54113 (FASTLY, US)

theonion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.theonion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kinja.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.kinja-img.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.kinja-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.66.166 (United States)

ASN54113 (FASTLY, US)

f.kinja-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.speedcurve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.224.95.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-16.zrh50.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.194.217 (United States)

ASN54113 (FASTLY, US)

static.scroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.103.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-103-105.zrh50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:8e00:18:1fcd:34e:d2a1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3039::6815:c076 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

kinja-com.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4686 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.114.137 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.95.18 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-18.zrh50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.94 (United States)

ASN16509 (AMAZON-02, US)

cdn.britepool.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.148.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-148-233.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.214.207.207 (United Kingdom) 1 redirects

ASN46636 (NATCOWEB, US)

colossusssp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.211.168.6 (North Charleston, United States) 3 redirects

ASN19527 (GOOGLE-2, US)
PTR: 6.168.211.35.bc.googleusercontent.com

sofia.trustx.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.162.61 (United Kingdom)

ASN3356 (LEVEL3, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.33.221.50 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.86.237.87 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-237-87.compute-1.amazonaws.com

px.britepool.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.212.71.107 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-71-107.compute-1.amazonaws.com

thrtle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.233.246.167 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-233-246-167.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.100.179 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 179.100.201.35.bc.googleusercontent.com

connect.scroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.72.95 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.242.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.237.40.131 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-40-131.compute-1.amazonaws.com

idx.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.18.8.90 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-18-8-90.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.95.124.165 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.229.34 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 34.229.227.35.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:4000:0:70b1:7080:93a1 (United States)

ASN16509 (AMAZON-02, US)

sync-amz.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.230.142 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.65.205 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-65-205.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.21.206.140 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: 206-140.amazon.com

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.217.16.130 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.183.112.155 (Paris, France) 1 redirects

ASN60350 (VP, FR)

sync.adotmob.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 69.173.144.139 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.133.199 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.30 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-30.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.214.193.99 (United Kingdom)

ASN46636 (NATCOWEB, US)

sync.colossusssp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	googlesyndication.com 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com ade.googlesyndication.com	163 KB
27	2mdn.net s0.2mdn.net	483 KB
27	doubleclick.net 8 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	193 KB
21	kinja-static.com f.kinja-static.com x.kinja-static.com	541 KB
18	connatix.com 1 redirects cd.connatix.com cds.connatix.com capi.connatix.com vid.connatix.com img.connatix.com	359 KB
18	theonion.com 1 redirects theonion.com www.theonion.com	265 KB
14	casalemedia.com 3 redirects htlb.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com	15 KB
12	rubiconproject.com 4 redirects fastlane.rubiconproject.com eus.rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com token.rubiconproject.com	18 KB
12	amazon-adsystem.com 1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com s.amazon-adsystem.com	41 KB
12	kinja-img.com i.kinja-img.com	459 KB
9	media.net hbx.media.net prebid.media.net cs.media.net	140 KB
7	adlightning.com tagan.adlightning.com	143 KB
6	adnxs.com 3 redirects ib.adnxs.com secure.adnxs.com	6 KB
6	trustx.org 3 redirects sofia.trustx.org	4 KB
5	yahoo.com 1 redirects c2shb.ssp.yahoo.com pr-bh.ybp.yahoo.com	4 KB
4	googleapis.com imasdk.googleapis.com	677 KB
4	adsrvr.org insight.adsrvr.org match.adsrvr.org	1 KB
4	bounceexchange.com tag.bounceexchange.com assets.bounceexchange.com api.bounceexchange.com	122 KB
3	openx.net 2 redirects us-u.openx.net	829 B
3	googletagservices.com www.googletagservices.com	98 KB
3	criteo.com bidder.criteo.com gum.criteo.com	618 B
3	colossusssp.com 1 redirects colossusssp.com sync.colossusssp.com	1008 B
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	3 KB
3	google.com ampcid.google.com www.google.com adservice.google.com	809 B
3	google-analytics.com www.google-analytics.com	19 KB
2	creativecdn.com 2 redirects creativecdn.com	701 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	630 B
2	criteo.net static.criteo.net	53 KB
2	3lift.com 2 redirects eb2.3lift.com	744 B
2	rlcdn.com api.rlcdn.com id.rlcdn.com	288 B
2	chartbeat.net ping.chartbeat.net	337 B
2	google.de ampcid.google.de www.google.de	573 B
2	britepool.com 1 redirects cdn.britepool.com px.britepool.com api.britepool.com Failed	43 KB
2	scroll.com static.scroll.com connect.scroll.com	19 KB
1	mathtag.com 1 redirects sync.mathtag.com	611 B
1	adotmob.com 1 redirects sync.adotmob.com	682 B
1	rfihub.com 1 redirects p.rfihub.com	777 B
1	turn.com 1 redirects ad.turn.com	425 B
1	yieldmo.com sync-amz.ads.yieldmo.com	481 B
1	google.ch adservice.google.ch	799 B
1	liadm.com idx.liadm.com	688 B
1	thrtle.com thrtle.com
1	btloader.com btloader.com	5 KB
1	videoplayerhub.com 1 redirects kinja-com.videoplayerhub.com	529 B
1	chartbeat.com static.chartbeat.com	14 KB
1	kinja.com kinja.com	1 KB
1	speedcurve.com cdn.speedcurve.com	7 KB
1	indexww.com js-sec.indexww.com	16 KB
1	onion.com 1 redirects onion.com	576 B
256	49

	Domain	Requested by
27	s0.2mdn.net	imasdk.googleapis.com tagan.adlightning.com s0.2mdn.net www.theonion.com
17	pagead2.googlesyndication.com	srcdoc 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com tagan.adlightning.com tpc.googlesyndication.com www.theonion.com www.googletagservices.com x.kinja-static.com
17	www.theonion.com	www.theonion.com x.kinja-static.com
16	x.kinja-static.com	www.theonion.com
13	cm.g.doubleclick.net	8 redirects eus.rubiconproject.com googleads.g.doubleclick.net
12	i.kinja-img.com	www.theonion.com
11	tpc.googlesyndication.com	tagan.adlightning.com 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
10	dsum-sec.casalemedia.com	3 redirects ssum-sec.casalemedia.com googleads.g.doubleclick.net
8	capi.connatix.com	x.kinja-static.com
7	aax-eu.amazon-adsystem.com	1 redirects tagan.adlightning.com aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com eus.rubiconproject.com
7	tagan.adlightning.com	www.theonion.com tagan.adlightning.com 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
6	img.connatix.com	www.theonion.com
6	sofia.trustx.org	3 redirects www.theonion.com
5	ib.adnxs.com	2 redirects x.kinja-static.com googleads.g.doubleclick.net
5	hbx.media.net	www.theonion.com hbx.media.net
5	f.kinja-static.com	www.theonion.com
4	ade.googlesyndication.com	www.theonion.com
4	googleads4.g.doubleclick.net	www.theonion.com
4	googleads.g.doubleclick.net	269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com tagan.adlightning.com
4	pixel.rubiconproject.com	eus.rubiconproject.com
4	imasdk.googleapis.com	tagan.adlightning.com
4	c2shb.ssp.yahoo.com	x.kinja-static.com
4	c.amazon-adsystem.com	www.theonion.com x.kinja-static.com
4	securepubads.g.doubleclick.net	www.theonion.com tagan.adlightning.com x.kinja-static.com
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	token.rubiconproject.com	3 redirects
3	www.googletagservices.com	securepubads.g.doubleclick.net 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
3	269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com	tagan.adlightning.com
3	match.adsrvr.org	x.kinja-static.com ssum-sec.casalemedia.com eus.rubiconproject.com
3	prebid.media.net	x.kinja-static.com
3	sb.scorecardresearch.com	1 redirects tagan.adlightning.com www.theonion.com
3	www.google-analytics.com	www.theonion.com www.google-analytics.com
2	creativecdn.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	static.criteo.net	www.theonion.com x.kinja-static.com
2	eb2.3lift.com	2 redirects
2	eus.rubiconproject.com	aax-eu.amazon-adsystem.com eus.rubiconproject.com
2	ssum-sec.casalemedia.com	aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com
2	assets.bounceexchange.com	tagan.adlightning.com
2	stats.g.doubleclick.net	x.kinja-static.com
2	ping.chartbeat.net	www.theonion.com
2	bidder.criteo.com	x.kinja-static.com
2	fastlane.rubiconproject.com	x.kinja-static.com
2	htlb.casalemedia.com	x.kinja-static.com
2	colossusssp.com	1 redirects x.kinja-static.com
2	cds.connatix.com	www.theonion.com tagan.adlightning.com
1	gum.criteo.com	tagan.adlightning.com
1	sync.colossusssp.com
1	cs.media.net	www.theonion.com
1	sync.mathtag.com	1 redirects
1	id.rlcdn.com	eus.rubiconproject.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	pixel-eu.rubiconproject.com	1 redirects
1	secure.adnxs.com	1 redirects
1	sync.adotmob.com	1 redirects
1	p.rfihub.com	1 redirects
1	ad.turn.com	1 redirects
1	s.amazon-adsystem.com	ssum-sec.casalemedia.com
1	vid.connatix.com	x.kinja-static.com
1	sync-amz.ads.yieldmo.com	aax-eu.amazon-adsystem.com
1	adservice.google.com	tagan.adlightning.com
1	adservice.google.ch	tagan.adlightning.com
1	api.bounceexchange.com	tagan.adlightning.com
1	www.google.de	www.theonion.com
1	www.google.com	www.theonion.com
1	idx.liadm.com	x.kinja-static.com
1	api.rlcdn.com	x.kinja-static.com
1	connect.scroll.com	x.kinja-static.com
1	thrtle.com	www.theonion.com
1	px.britepool.com	1 redirects
1	ampcid.google.de	www.google-analytics.com
1	insight.adsrvr.org	www.theonion.com
1	cdn.britepool.com	tagan.adlightning.com
1	tag.bounceexchange.com	tagan.adlightning.com
1	cd.connatix.com	1 redirects
1	btloader.com	www.theonion.com
1	kinja-com.videoplayerhub.com	1 redirects
1	static.chartbeat.com	tagan.adlightning.com
1	static.scroll.com	tagan.adlightning.com
1	ampcid.google.com	www.google-analytics.com
1	kinja.com	www.theonion.com
1	cdn.speedcurve.com	www.theonion.com
1	js-sec.indexww.com	www.theonion.com
1	theonion.com	1 redirects
1	onion.com	1 redirects
0	api.britepool.com Failed	x.kinja-static.com
256	86

This site contains links to these domains. Also see Links.

Domain
theonion.com
avclub.com
deadspin.com
gizmodo.com
jalopnik.com
jezebel.com
kotaku.com
lifehacker.com
theroot.com
thetakeout.com
theinventory.com
store.theonion.com
politics.theonion.com
sports.theonion.com
local.theonion.com
entertainment.theonion.com
ogn.theonion.com

Subject Issuer	Validity	Valid
*.avclub.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-20` - `2022-05-22`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.speedcurve.com GlobalSign Atlas R3 DV TLS CA 2020	`2020-12-09` - `2022-01-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.adlightning.com Amazon	`2020-07-22` - `2021-08-22`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.scroll.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2020-06-01` - `2021-06-02`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-06` - `2021-10-06`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2020-09-29` - `2021-10-19`	a year	crt.sh
tag.bounceexchange.com R3	`2021-03-28` - `2021-06-26`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
cdn.britepool.com Amazon	`2021-04-15` - `2022-05-14`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.colossusssp.com Go Daddy Secure Certificate Authority - G2	`2020-10-06` - `2021-11-07`	a year	crt.sh
sofia.trustx.org Sectigo RSA Domain Validation Secure Server CA	`2020-12-15` - `2021-12-29`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-18` - `2021-09-08`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.thrtle.com Go Daddy Secure Certificate Authority - G2	`2020-03-22` - `2021-05-21`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.liadm.com Amazon	`2020-11-30` - `2021-12-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
api.bounceexchange.com GTS CA 1D4	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.google.ch GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.ads.yieldmo.com Amazon	`2021-01-18` - `2022-02-15`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh

This page contains 26 frames:

Primary Page: https://www.theonion.com/
Frame ID: E06E782519952D9A0344BAFDA9057B63
Requests: 147 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: 204FECBAD2023276394F8D1DC299A52D
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Frame ID: 29552DDE7BBD0B74CF688BA7E8E6FBAF
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Frame ID: 3E46114599DB0F57950B4B51A161005E
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Frame ID: BFF71F457004648371C78265A48E7E4A
Requests: 10 HTTP requests in this frame

Frame: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Frame ID: FABE10206678095BAB3D73DB6B752EB1
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Frame ID: D67D2ABDC6F0FCAE0C04CAE50CFDC1B6
Requests: 11 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=3676790845161630885&ex=appnexus.com
Frame ID: CD36462A2C0217D228CE9F565EC65A57
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=13903419558157282127
Frame ID: 684F83DFFCCBAB1FD3E8EA251BC08539
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.457.0_en.html
Frame ID: 93A24FFDB3BD3CF10AA73100C72F3D94
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.457.0_en.html
Frame ID: 6AAC62A9E3236290370B55845D0A9E18
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.457.0_en.html
Frame ID: 07CAF2B8720324C81B64C8951E6BFAAE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: D362DCD32B8D44512C55E7871ECB9D07
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 09041B410355E199D16953559FB891E8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 3F6E99E40AF3EE05989EB0D3C1F30856
Requests: 1 HTTP requests in this frame

Frame: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4769A2DB2CE58D74A635C3963C71B1DD
Requests: 17 HTTP requests in this frame

Frame: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C8B6FD91504AF91C0F43F5E15CD07E6F
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNXw5ghdA8jCbxkUcslVOvgmbrBheK7rhvlNCTpo7LatPK6ECCKaFYHihYh4xWHatRiP935Gn17xi4CNXAN_Mq34rb0teA
Frame ID: C773796928A70B555D30E1A577939969
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNXXhG72VJLtGsiaysx5SmrJJJIQ7_VECfLBN7nmpIdhR4ayHvhLhuvKunaC_vH_6oc0_VTigNMcBcOn3N_IU1JvxujQ9w
Frame ID: B759D508D77DC59D42D5F4825AC5272F
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/9506911/1605078249191/index.html
Frame ID: FFF82EE40EA693CC8D20268E52F3A58C
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: ACD0C724007670D12F4C3E87B54BC687
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/9506911/1604308179092/index.html
Frame ID: A6D84D5CCDA994F93B4CE503D90C8395
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8A53E5D8BBB0B0EC2FDDAAE4945EC311
Requests: 3 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUL2TG3D&prvid=3%2C23%2C29%2C51%2C56%2C77%2C79%2C80%2C82%2C96%2C97%2C106%2C109%2C122%2C126%2C132%2C145%2C147%2C148%2C157%2C159%2C171%2C172%2C175%2C182%2C184%2C186%2C188%2C201%2C203%2C208%2C215%2C220%2C221%2C222%2C225%2C228%2C236%2C238%2C239%2C246%2C251%2C273%2C2033%2C3014%2C3015%2C3018&itype=HB&rtime=13843&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Frame ID: A9B85AB35D3E666F42E6E9E2FA5CBAFC
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.theonion.com
Frame ID: CDCBCD8BE84F41A660B8C05157313A50
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: E8F270E24ABFC3F67038276DABAD073B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://onion.com/ HTTP 301
http://theonion.com/ HTTP 307
https://theonion.com/ HTTP 301
https://www.theonion.com/ Page URL

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Page Statistics

256
Requests

99 %
HTTPS

30 %
IPv6

49
Domains

86
Subdomains

59
IPs

7
Countries

3903 kB
Transfer

11995 kB
Size

5
Cookies

59 Outgoing links

These are links going to different origins than the main page.

URL: https://theonion.com/
Title: The Onion

Search URL Search Domain Scan URL

URL: https://avclub.com/
Title: The A.V. Club

Search URL Search Domain Scan URL

URL: https://deadspin.com/
Title: Deadspin

Search URL Search Domain Scan URL

URL: https://gizmodo.com/
Title: Gizmodo

Search URL Search Domain Scan URL

URL: https://jalopnik.com/
Title: Jalopnik

Search URL Search Domain Scan URL

URL: https://jezebel.com/
Title: Jezebel

Search URL Search Domain Scan URL

URL: https://kotaku.com/
Title: Kotaku

Search URL Search Domain Scan URL

URL: https://lifehacker.com/
Title: Lifehacker

Search URL Search Domain Scan URL

URL: https://theroot.com/
Title: The Root

Search URL Search Domain Scan URL

URL: https://thetakeout.com/
Title: The Takeout

Search URL Search Domain Scan URL

URL: https://theinventory.com/
Title: The Inventory

Search URL Search Domain Scan URL

URL: https://store.theonion.com/
Title: Shop

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/
Title: Politics

Search URL Search Domain Scan URL

URL: https://sports.theonion.com/
Title: Sports

Search URL Search Domain Scan URL

URL: https://local.theonion.com/
Title: Local

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/
Title: Entertainment

Search URL Search Domain Scan URL

URL: https://ogn.theonion.com/
Title: OGN

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/take-a-virtual-tour-of-the-met-with-the-onion-1846838822

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/japan-ambassador-rahm-emanuel-asks-new-hosts-for-best-b-1846871546

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/c/news-in-brief
Title: News in Brief

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/famous-authors-describe-their-biggest-rejections-1846848968

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/c/slideshow
Title: Slideshow

Search URL Search Domain Scan URL

URL: https://local.theonion.com/woman-suddenly-realizes-she-same-age-parents-were-when-1846849593

Search URL Search Domain Scan URL

URL: https://local.theonion.com/c/news-in-brief
Title: News in Brief

Search URL Search Domain Scan URL

URL: https://ogn.theonion.com/a-moral-quandary-the-government-has-developed-a-serum-1846863840

Search URL Search Domain Scan URL

URL: https://ogn.theonion.com/c/news
Title: News

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/conservatives-criticize-local-preschool-for-silencing-r-1846849604

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/biden-s-child-care-plan-to-allow-all-american-parents-t-1846781784

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/anyone-see-ted-lasso-biden-asks-world-leaders-try-1846742418

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/florida-gop-introduces-ballotless-voting-in-disenfranch-1846356214

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/congressional-moderates-call-for-smaller-numbers-1846811499

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/republicans-argue-d-c-statehood-slippery-slope-to-dist-1846742751

Search URL Search Domain Scan URL

URL: https://local.theonion.com/minimalist-learning-to-appreciate-stripped-down-simple-1846828789

Search URL Search Domain Scan URL

URL: https://local.theonion.com/mom-casing-grocery-store-ahead-of-big-sale-1846790477

Search URL Search Domain Scan URL

URL: https://local.theonion.com/easygoing-man-able-to-take-whatever-sandwich-throws-his-1846811538

Search URL Search Domain Scan URL

URL: https://local.theonion.com/sweat-drenched-woman-types-frantically-as-countdown-thr-1846702792

Search URL Search Domain Scan URL

URL: https://ogn.theonion.com/biggest-games-of-spring-2021-1846554499

Search URL Search Domain Scan URL

URL: https://ogn.theonion.com/c/slideshow
Title: Slideshow

Search URL Search Domain Scan URL

URL: https://ogn.theonion.com/ogn-sf-ea-games-teases-new-project-with-cryptic-new-f-1846677374

Search URL Search Domain Scan URL

URL: https://ogn.theonion.com/relief-monster-hunter-rise-includes-a-dossier-of-eac-1846630981

Search URL Search Domain Scan URL

URL: https://ogn.theonion.com/small-kindnesses-gamer-shields-ailing-grandmother-from-1846694967

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/biggest-oscar-snubs-2021-1846720725
Title: Biggest Oscar Snubs 2021

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/artist-profile-ariana-grande-1846796219
Title:

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/5-things-to-know-about-liz-cheney-1846828229
Title:

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/5-things-to-know-about-the-underground-railroad-1846870573
Title:

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/c/video
Title: Video

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/arena-dj-overwhelmed-by-godlike-power-after-getting-fan-1846831973

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/c/news-in-brief
Title: News in Brief

Search URL Search Domain Scan URL

URL: https://sports.theonion.com/the-legend-grows-onion-sports-coverage-of-tim-tebow-1846862716

Search URL Search Domain Scan URL

URL: https://sports.theonion.com/c/slideshow
Title: Slideshow

Search URL Search Domain Scan URL

URL: https://sports.theonion.com/gasping-out-of-shape-olympians-beg-ioc-to-postpone-gam-1846840654

Search URL Search Domain Scan URL

URL: https://sports.theonion.com/c/news-in-brief
Title: News in Brief

Search URL Search Domain Scan URL

URL: https://sports.theonion.com/plan-to-propose-at-tigers-game-scuttled-by-13-1-loss-1846838726

Search URL Search Domain Scan URL

URL: https://sports.theonion.com/c/sports-news-in-brief
Title: Sports News In Brief

Search URL Search Domain Scan URL

URL: https://sports.theonion.com/it-s-him-or-me-says-unhinged-aaron-rodgers-demanding-1846829102

Search URL Search Domain Scan URL

URL: https://politics.theonion.com/japan-ambassador-rahm-emanuel-asks-new-hosts-for-best-b-1846871546?traffic_source=Connatix
Title: Read More

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/5-things-to-know-about-the-underground-railroad-1846870573?traffic_source=Connatix
Title: Read More

Search URL Search Domain Scan URL

URL: https://ogn.theonion.com/a-moral-quandary-the-government-has-developed-a-serum-1846863840?traffic_source=Connatix
Title: Read More

Search URL Search Domain Scan URL

URL: https://entertainment.theonion.com/famous-authors-describe-their-biggest-rejections-1846848968?traffic_source=Connatix
Title: Read More

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://onion.com/ HTTP 301
http://theonion.com/ HTTP 307
https://theonion.com/ HTTP 301
https://www.theonion.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://kinja-com.videoplayerhub.com/gallery.js HTTP 301
https://btloader.com/tag?h=kinja-com&upapi=true

Request Chain 63

https://cd.connatix.com/connatix.playspace.js HTTP 302
https://cds.connatix.com/p/116348/connatix.playspace.dc.js

Request Chain 78

https://sofia.trustx.org/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=5f8b1138c0d336&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000 HTTP 302
https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=5f8b1138c0d336&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000

Request Chain 91

https://sofia.trustx.org/hb?pt=net&auids=9634&sizes=300x250&r=28b57bc50731a69&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000 HTTP 302
https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9634&sizes=300x250&r=28b57bc50731a69&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000

Request Chain 93

https://px.britepool.com/new?partner_id=t HTTP 302
https://thrtle.com/insync?vxii_pid=10054&vxii_pdid=eb17aa97-c5d7-43b9-a416-f599df77883d

Request Chain 94

https://sb.scorecardresearch.com/b?c1=2&c2=6770184&ns__t=1620821672282&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1620821672282&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=

Request Chain 112

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t

Request Chain 124

https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?id=3676790845161630885&ex=appnexus.com

Request Chain 125

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=13903419558157282127

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJvGqMorAktYwzz_BHpVOwAABHEAAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YJvGqMorAktYwzz_BHpVOwAABHEAAAIB&gdpr_consent=&us_privacy=&gdpr=&google_tc= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEKTMGvKCGrr3vpxHaGrMYtw&google_cver=1

Request Chain 143

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YJvGqMorAktYwzz-BHpVOwAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1

Request Chain 144

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8506371035693427673

Request Chain 145

https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1870471595053401794

Request Chain 146

https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0638220400d33da89142788f&expiration=[EXPIRATION] HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0638220400d33da89142788f&expiration=[EXPIRATION]&C=1

Request Chain 147

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3676790845161630885

Request Chain 153

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KOLFDIHB-1V-3KR1&ex=d-rubiconproject.com&status=ok

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELgT5jt2On5fSeVUjgREJkA&google_cver=1

Request Chain 162

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/5mogXsqekcdmQWoetxsw2Mn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5801336479216645073

Request Chain 164

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=0c58609b-c6a9-4e00-9595-b895755a36f1

Request Chain 166

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjRhNzI0OGUwNjY4YTM1NzIyMThiMDNjODM4ZmE4NjIyYjE5MGNiZA

Request Chain 167

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YJvGqgAAz-1PmQBg HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YJvGqgAAz-1PmQBg&_test=YJvGqgAAz-1PmQBg

Request Chain 168

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09MRkRJSEItMVYtM0tSMQ==

Request Chain 185

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1

Request Chain 186

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJvGqMorAktYwzz-BHpVOwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1

Request Chain 196

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPovPVMOPcabqahSoyQApGU&google_cver=1

Request Chain 197

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY3Njc5MDg0NTE2MTYzMDg4NQ%3D%3D

Request Chain 198

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOVdkHCGCH-ZoaLcTOROzYA&google_cver=1

Request Chain 199

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NzRkMmZhMTUtZjY0Yi0yMzRlLWMwM2EtOWUwOWM1NjQ0ODli

Request Chain 240

https://sofia.trustx.org/push_sync HTTP 302
https://creativecdn.com/cm-notify?pi=trustx HTTP 302
https://creativecdn.com/cm-notify?pi=trustx&tc=1 HTTP 302
https://sofia.trustx.org/sync?tp_id=22&tp_uid=QkCkyYuLozRpaX4Rkf64&pi=trustx&tc=1

Request Chain 246

https://colossusssp.com/?c=o&m=cookie HTTP 302
https://sync.colossusssp.com/hms.gif?puid=af324f41dac367e8b00c19c25547f789595f1339

256 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.theonion.com/
Redirect Chain

http://onion.com/
http://theonion.com/
https://theonion.com/
https://www.theonion.com/

442 KB
54 KB

25ms
23ms

Document
text/html

151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/ Express

Resource Hash

e6875ff569b25bca34b2b7865b07326ddcc91b960cf0006b586bf3caf84d7fcd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.theonion.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KinjaBucket=e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-powered-by: Express
x-kinja: kinja-magma-kube01-56bf758966-j9rp4 #2696
x-kinja-revision: 5b19dfed27ba03fbb8c2523f3ec366faa36e56db
x-kinja-server: kinja-magma-kube01-56bf758966-j9rp4
x-kinja-build: 2696
cache-control: stale-if-error=86400, stale-while-revalidate=300
content-security-policy: frame-ancestors 'self'; upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-googlenews-bot: false
content-type: text/html; charset=utf-8
etag: W/"6e7a9-UtoWXSXXBBO60v3LDSaZbDhTnBc"
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-cdn-fetch: mantle-default
accept-ranges: bytes
date: Wed, 12 May 2021 12:14:31 GMT
age: 187
x-served-by: cache-bwi5146-BWI, cache-hhn4052-HHN
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1620821671.126832,VS0,VE1
x-ua-device: desktop
set-cookie: geocc=CH;path=/;
vary: Accept-Encoding, X-Feature-Hash, X-Forwarded-Proto, Cookie, X-GoogleNews-Bot, X-Kinja-WelcomeAdLoadedV1, X-Kinja-Req-Origin-US, X-Kinja-SuperHeroLoaded, X-Kinja-GDPR, X-Kinja-CCPA, Authorization
content-length: 52919

Redirect headers

x-powered-by: Express
x-kinja: kinja-magma-kube01-56bf758966-jkfgw #2696
x-kinja-revision: 5b19dfed27ba03fbb8c2523f3ec366faa36e56db
x-kinja-server: kinja-magma-kube01-56bf758966-jkfgw
x-kinja-build: 2696
cache-control: stale-if-error=86400, stale-while-revalidate=300
content-security-policy: frame-ancestors 'self'; upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-googlenews-bot: false
location: https://www.theonion.com/
content-type: text/html; charset=utf-8
via: 1.1 varnish, 1.1 varnish
x-cdn-fetch: mantle-default
accept-ranges: bytes
date: Wed, 12 May 2021 12:14:31 GMT
age: 0
x-served-by: cache-bwi5127-BWI, cache-hhn4052-HHN
x-cache: HIT, MISS
x-cache-hits: 1, 0
x-timer: S1620821671.014133,VS0,VE89
x-ua-device: desktop
set-cookie: geocc=CH;path=/; KinjaBucket=e;path=/;Max-Age=31536000;domain=theonion.com;SameSite=None;Secure; KinjaSetBucket=e|1620821400|4m7yPwwjOBkvs1bIQMzcPpcPdQLEXU/tcKC7EL1+5Uk=;path=/;Max-Age=300;SameSite=None;Secure;
vary: Accept-Encoding, X-Feature-Hash, X-Forwarded-Proto, Cookie, X-GoogleNews-Bot, X-Kinja-WelcomeAdLoadedV1, X-Kinja-Req-Origin-US, X-Kinja-SuperHeroLoaded, X-Kinja-GDPR, X-Kinja-CCPA, Accept, Authorization
content-length: 106

GET
H2 200 proxima_nova_cond_reg-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 27 KB
28 KB 85ms
39ms Font
binary/octet-stream 151.101.66.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_reg-webfont.woff2?08252015

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8fe5f0c4bdaf3e031a6172679193e88d3a24c7deb6e3c7e2b2a477061cc1ad81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 110
x-cache: HIT
content-length: 28044
x-amz-id-2: gjyQ8ad9slGc+5mbNfsFG+JbWPC1frx3DBXMlN1EwJILDJDyvH5IYCldrpx9Axl0gMtH5uldl9w=
x-served-by: cache-hhn4066-HHN
last-modified: Wed, 14 Apr 2021 21:57:53 GMT
server: AmazonS3
x-timer: S1620821671.202742,VS0,VE1
etag: "94cbaf403b2922fd6858c812dae091fb"
x-amz-request-id: M270XBFFZ7GDT0P7
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
H2 200 proxima_nova_cond_reg_it-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 30 KB
30 KB 85ms
39ms Font
binary/octet-stream 151.101.66.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_reg_it-webfont.woff2?08252015

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3d764be1388f0488c90be29ca58c3ad082f9d954ece8448448779bb79e3ca7a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 51
x-cache: HIT
content-length: 30416
x-amz-id-2: W0m2YV/Mx9xFK3xHlpfZvuIe3rgIbqWNF6CVrahnMiXSd7r7M5dirGWQx3Z8ksDYM85B52B4keM=
x-served-by: cache-hhn4066-HHN
last-modified: Wed, 05 May 2021 21:49:31 GMT
server: AmazonS3
x-timer: S1620821671.202699,VS0,VE1
etag: "bea38ea36d2aba1d5da6e8f842425e40"
x-amz-request-id: 4EWX3BKH2MWM3N67
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
H2 200 proxima_nova_cond_sbold-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 27 KB
28 KB 85ms
40ms Font
binary/octet-stream 151.101.66.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_sbold-webfont.woff2?08252015

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

63125723c148b0c5391dea8c827d96958a6706a542f8b45822904aaefe10c4ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 6
x-cache: HIT
content-length: 28136
x-amz-id-2: r4NGbedkOwrfpQqfT3YFqNkocXEurDRIIOeZgrD0QCNBazaTmsuin2EPuURmvahe9GC/BAqpmCw=
x-served-by: cache-hhn4066-HHN
last-modified: Wed, 05 May 2021 21:49:31 GMT
server: AmazonS3
x-timer: S1620821671.202731,VS0,VE1
etag: "7ac1e4b7ab03f256e831e00e3b5618a6"
x-amz-request-id: E9F3YW0NDV4ZPA9Y
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
H2 200 proxima_nova_cond_sbold_it-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 30 KB
30 KB 67ms
21ms Font
binary/octet-stream 151.101.66.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_sbold_it-webfont.woff2?08252015

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8e8d2c867ae480b6b318900eb4168d5645f635420bdb1626976c9c0af71c45eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 78
x-cache: HIT
content-length: 30232
x-amz-id-2: 9C1cdw9kDnJaXDCHhgBny1iRyokOZW+LeV5mbtVjNNgEvrQB5mr1dLSm3OQjb/nIyUqGoaDpKtE=
x-served-by: cache-hhn4066-HHN
last-modified: Wed, 05 May 2021 21:49:31 GMT
server: AmazonS3
x-timer: S1620821671.202713,VS0,VE1
etag: "6d0ce198b25710fd5d0a2c0fb863b22c"
x-amz-request-id: QFTYJ4GEGFBPY0TF
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
H2 200 bidexchange.js Show response
hbx.media.net/ 440 KB
126 KB 338ms
281ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d1b63c0e25078c4b8a65b7719683916657f163dcf291f93a9baed43729914ef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Wed, 12 May 2021 12:14:31 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
expires: Wed, 12 May 2021 12:44:31 GMT

GET
H/1.1 200
OK 183957-47751755686051.js Show response
js-sec.indexww.com/ht/p/ 47 KB
16 KB 571ms
500ms Script
text/javascript 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/183957-47751755686051.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 568068711d00d07ac001e1937acdb4621d0d7ea602ff8beb225c1b9f22701d1d

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 12 May 2021 12:14:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 May 2021 12:10:18 GMT
Server: Apache
ETag: "762ed0-bde7-5c220e4de9e2b"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=3579
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 15802
Expires: Wed, 12 May 2021 13:14:10 GMT

GET
H2 200 lux.js Show response
cdn.speedcurve.com/js/ 21 KB
7 KB 67ms
20ms Script
application/javascript 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.speedcurve.com/js/lux.js?id=527761496
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 0e7cec00a56dcc4f9b8bafc9003193ccee8cc269f6990c64fc9302b4aa448e6e

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 vegur, 1.1 varnish
age: 730
x-cache: HIT
x-cache-hits: 7
content-encoding: gzip
content-length: 6933
x-served-by: cache-hhn4026-HHN
last-modified: Wed, 12 May 2021 12:02:21 GMT
server: Apache
x-timer: S1620821671.224109,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 May 2021 12:02:21 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 61 KB
21 KB 76ms
27ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

0bd80ca89aea8cd21814197bd160450d2f508198c8f172afb61674fd5c6614ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "869 / 403 of 1000 / last-modified: 1620817773"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21173
x-xss-protection: 0
expires: Wed, 12 May 2021 12:14:31 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/gomedia/ 40 KB
14 KB 59ms
22ms Script
application/javascript 13.224.95.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/op.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-16.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 04232729bcec24f880f21da3bb7555efd1088ac1a004a9961c8213f738fb73e0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Bq6p_odST4YcmYP97FW7CmHXuaYxc7qZ
content-encoding: gzip
etag: "39f91e8c2fabc118498a9402cd701425"
age: 276
x-cache: Hit from cloudfront
content-length: 14208
x-amz-meta-git_commit: 49c6f47
last-modified: Sat, 08 May 2021 18:07:53 GMT
server: AmazonS3
date: Wed, 12 May 2021 12:09:56 GMT
content-type: application/javascript
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: oev5ejywUctTxybysyUm14-Nc0KOB_R1WR4O6vwuX5moXAxamviwUA==

GET
H2 200 vendors~adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboa~889ce567.d6d0a6b456b6a57ebdb3.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 8 KB
3 KB 23ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboa~889ce567.d6d0a6b456b6a57ebdb3.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

abf419ca6f6d5e3c5c89f26cdf1eae7a4c079c6d3566a55959e3ee222398041a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 596815
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 2614
x-amz-id-2: j5d5LMrhgUTw5W93PQ+GdByPWq65wIP/i9kOEg0AGZjs3MwXrjPGVwS/pisvaCdJ65kXYMMhnYg=
x-served-by: cache-hhn4042-HHN, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.128915,VS0,VE1
etag: "01f9996a7090ff7e61a73ea8fa84860c"
vary: Accept-Encoding, Authorization
x-amz-request-id: MP60HB0PKD8JE0T2
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 vendors~adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboa~7b1b7e0e.83f32bca1266d80c59d1.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 156 KB
43 KB 22ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboa~7b1b7e0e.83f32bca1266d80c59d1.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6c50de5ea5214d5c8bca51d1f4021d3a84781ddaaed9aa8aea8d183b9bba7077

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 596801
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 44014
x-amz-id-2: ZmFEupCweyY5S2gQLxeZiX3slpEKuySXjh4ZNRknwGi2wufiLsF3kHF4Tg4gPINvTO6e36kwwkI=
x-served-by: cache-fra19136-FRA, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.128881,VS0,VE1
etag: "03e894c69ddd117e7363d613e3d167fe"
vary: Accept-Encoding, Authorization
x-amz-request-id: E6Z6AG8PQW935SMJ
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 vendors~adEditor~adManager~ads~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~err~3a83c825.596e208a3d5cb3d5bb16.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 6 KB
2 KB 23ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adEditor~adManager~ads~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~err~3a83c825.596e208a3d5cb3d5bb16.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2ce6ec59c3b4fb4d5b4dd981f15c37b81d46e7390906fb31099b5c5baba78124

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 596796
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 2212
x-amz-id-2: QJnnlC7sNEAu+rmxa69YV7cxRLhGLG+xDk3/th/ps7GQQ7H9QSaRzqhAV+Rf757NLn/IaHD9OBM=
x-served-by: cache-hhn4078-HHN, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.128855,VS0,VE1
etag: "021ad9ad356f359099105cb5b4291d32"
vary: Accept-Encoding, Authorization
x-amz-request-id: H5NR1B84EAGQMC19
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 0, 1

GET
H2 200 vendors~adManager~ads.7598490c003fea9443bf.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 10 KB
3 KB 16ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adManager~ads.7598490c003fea9443bf.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2a9a71312cdfc062f7d8dd7d322a2017cbc8e0834eaf76f42a9ecc6ad7174d3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 596815
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 2800
x-amz-id-2: I0Vffo/OVU046wgEsHr+axYKBHR9gN9b1MYNQ+cuiLeiQyqibQFXUuT6ybS9v8wfDjIW8KRHdMs=
x-served-by: cache-fra19164-FRA, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.128830,VS0,VE1
etag: "8b751f3abcbb23899c6b8f5751313a87"
vary: Accept-Encoding, Authorization
x-amz-request-id: MP6FQWJAS46Z1866
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~error~6e1f78b6.04bfaee73f7aebdf2b40.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 61 KB
14 KB 16ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~error~6e1f78b6.04bfaee73f7aebdf2b40.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0dc00b92269a44e4fe71813c9cc16fcc27d1d97c83db255a09cec62bc91aaaca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77796
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 13479
x-amz-id-2: SDNXjZMv6jvN//c3ODkypaWF7YPpgqdi2pU+pXAa56Tg1eGvFsKpBQ6difTcmRt28Zt61GN9iaE=
x-served-by: cache-hhn4080-HHN, cache-hhn4052-HHN
last-modified: Tue, 11 May 2021 14:33:59 GMT
server: AmazonS3
x-timer: S1620821671.128819,VS0,VE1
etag: "799957082daac5c34e2cc663e7ed392d"
vary: Accept-Encoding, Authorization
x-amz-request-id: EANHEAS8VPWTF7D7
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 3, 1

GET
H2 200 adEditor~adManager~ads~categoryPage~channelSectionPage~commerceDashboard~errorPage~experiments~featu~804b1df3.699b3dfde4970cb6d7f0.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 47 KB
9 KB 22ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adEditor~adManager~ads~categoryPage~channelSectionPage~commerceDashboard~errorPage~experiments~featu~804b1df3.699b3dfde4970cb6d7f0.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a0bbea3c8619e7354c243ce2a7a41030f3997c3d3230a89d692ceda9b88a2e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 545094
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 8672
x-amz-id-2: hrqf/6F/IlswSiyxyol9I9Dhjrr2KjzRgZpQEr1BQCzc18TxgCFJH13W73GOsn4EE1FcNRIW6CE=
x-served-by: cache-hhn4032-HHN, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:00 GMT
server: AmazonS3
x-timer: S1620821671.128806,VS0,VE1
etag: "b427a6c9d07dab51e217a534ab82cf46"
vary: Accept-Encoding, Authorization
x-amz-request-id: MP6DBASB25QY92A5
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 adManager~ads~commerceDashboard~errorPage~featureSwitchPage~newsletterPage~profilePage~slideshowPerm~95a337b2.2e89db33ba6e3e68dcc0.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 9 KB
3 KB 21ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adManager~ads~commerceDashboard~errorPage~featureSwitchPage~newsletterPage~profilePage~slideshowPerm~95a337b2.2e89db33ba6e3e68dcc0.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1ab5e8f02049723599890880252a821a1977b08f1f9fb3b0b14575581315eb7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 542684
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 3152
x-amz-id-2: GIm7c+RDQJX3fq5JNCqj0px44abRm8negPY8c977cLEMLqmuSi8P0dwTnoec6LUF9ISQC8HsTwg=
x-served-by: cache-fra19138-FRA, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 15:28:38 GMT
server: AmazonS3
x-timer: S1620821671.128785,VS0,VE1
etag: "d8c70a16dd2c3c1e7c726f2e6a27267b"
vary: Accept-Encoding, Authorization
x-amz-request-id: AMRQ3AY5YKJAHKK2
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 adManager~ads.260fa24aed8f9656088d.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 180 KB
11 KB 13ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adManager~ads.260fa24aed8f9656088d.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

280aa0d6cbff263e9cbea356ed88de741efd7abc1814f5f897bc727edab2c5e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76619
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 10872
x-amz-id-2: Y6NeRCRHKDTNagE5fGLRKh4anNExBkRuBYiWk/krVHjpYUVvtSaQqMI/kw4LtMvwYnbjzZU+kE4=
x-served-by: cache-hhn4073-HHN, cache-hhn4052-HHN
last-modified: Tue, 11 May 2021 14:54:04 GMT
server: AmazonS3
x-timer: S1620821671.128785,VS0,VE1
etag: "769a0c8ec1b5585ff516b2d51ef00164"
vary: Accept-Encoding, Authorization
x-amz-request-id: 1AH2W4AXSW7QPE20
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 vendors~adEditor~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curated~ee56329e.40ffe4204f5be29f50fd.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 3 KB
2 KB 12ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adEditor~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curated~ee56329e.40ffe4204f5be29f50fd.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c2623c377b66546fddb83939116bccb47fc698265387ca1d6b224ef7aaac5cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547303
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 1278
x-amz-id-2: BG89EqjMMUQXQQ4qEX3RdK804djmnjJt2mNmpsfeOQX79DFEZuw1zKqmFtxduPJX8RwJsi7yN+U=
x-served-by: cache-hhn4064-HHN, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 21:38:54 GMT
server: AmazonS3
x-timer: S1620821671.128683,VS0,VE1
etag: "47b6051e35ae6184c7c0d2201ee2501b"
vary: Accept-Encoding, Authorization
x-amz-request-id: GAS3FAAN656BX5GW
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 accountwithtoken Show response
kinja.com/api/profile/ 197 B
1 KB 125ms
114ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://kinja.com/api/profile/accountwithtoken?jsonp=_fasttoken&newFollows=true

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

43e36f6705b5a49d2764947aaa7b019c7e24c3ceab702b7791cbeb4401eaf23b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-cache: MISS, MISS
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
x-ua-device: desktop
x-cdn-fetch: mantle-setcookie
content-length: 195
x-xss-protection: 1; mode=block
x-served-by: cache-bwi5133-BWI, cache-hhn4052-HHN
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-timer: S1620821671.189117,VS0,VE94
x-frame-options: DENY
date: Wed, 12 May 2021 12:14:31 GMT
vary: Accept-Encoding,Origin
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache, no-store, private
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6459
date: Wed, 12 May 2021 10:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Wed, 12 May 2021 12:26:52 GMT

GET
H2 200 26215f6f2c74121da451c74fe1041e3a.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 10 KB
10 KB 33ms
23ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/26215f6f2c74121da451c74fe1041e3a.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c6aab545ef170f4fc6eef7be5bb957994762f03eddea7d481275a3f922563b0d

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish, 1.1 varnish
age: 5228
x-cache: HIT, HIT
fastly-io-info: ifsz=452570 idim=2000x1125 ifmt=jpeg ofsz=9864 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 9864
x-amz-id-2: o37xjxosu4aPXU/vQ5jpFNn5rADOLD4Fzof4ONi/EgmMhob8pAK1D0sjZ+/5dgrwYftNx2c5WO0=
x-served-by: cache-bwi5148-BWI, cache-hhn4052-HHN
server: AmazonS3
x-timer: S1620821671.189216,VS0,VE1
etag: "ZMqx9MlQVFQu1eagsJpnT1aoHqpuKNDz8QEsegrhj+M"
vary: Accept
x-amz-request-id: HYMF96KTS9HAA4JD
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 6118e16d41c21416f061c53159c50249.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 16 KB
16 KB 32ms
22ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/6118e16d41c21416f061c53159c50249.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cb8cac8943d6b7fafc5c7173438c24ff66ea641feb7e4e6ab1572ac696309263

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish, 1.1 varnish
age: 2202
x-cache: HIT, HIT
fastly-io-info: ifsz=362326 idim=2000x1125 ifmt=jpeg ofsz=16326 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 16326
x-amz-id-2: 8zLoPqXdYqU5zcD7Ro8IGce4iPAShz3i1+6EZjCYewkcni/z6mOhI/Ye7pT2kYvYmh0w762awB4=
x-served-by: cache-bwi5124-BWI, cache-hhn4052-HHN
server: AmazonS3
x-timer: S1620821671.189195,VS0,VE1
etag: "iljjoSrDygt56Ay6uY+1ouBBmL3QeWrjoGfNTBxsC6o"
vary: Accept
x-amz-request-id: 5EZT7YQ71RZ814D5
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 abwm6w3prjmdcyvoqfxn.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 12 KB
12 KB 30ms
23ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/abwm6w3prjmdcyvoqfxn.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3116a8232e6dfe2a45e4a2e4a8440f4feb8c003406eaae9d98b569be933d42b5

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cld-original-filename: AmericanVoice_OG_FINAL_2
via: 1.1 varnish, 1.1 varnish
etag: "KN7k1POGoLmoQK0xatDbqUteM7mECi5m1JvLjsvhSE8"
x-amz-meta-cld-interesting: {"eyedea":[[719,0,433,578],[440,57,358,477],[28,96,351,468]]}
age: 1225901
x-amz-meta-cld-version: 1513026540
x-cache: HIT, HIT
fastly-io-info: ifsz=837776 idim=1200x627 ifmt=jpeg ofsz=11990 odim=320x180 ofmt=webp
x-amz-storage-class: STANDARD_IA
x-amz-meta-cld-surrogate-key: 388542581494185918882418185766411367189
fastly-stats: io=1
content-length: 11990
x-amz-id-2: JKhRo4G1aGd0yv2I+IT8lvIarJ8a3/kFwn7emLyatj2G0j6MmF0G+j0UTOSsgIi30koN31By1H0=
x-served-by: cache-bwi5169-BWI, cache-hhn4052-HHN
x-amz-meta-cld-transformation-id: 10000011314925
server: AmazonS3
x-timer: S1620821671.190386,VS0,VE1
date: Wed, 12 May 2021 12:14:31 GMT
vary: Accept
x-amz-request-id: 2G0MHXWHWWKTF136
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-amz-meta-cld-original-extension: jpg
x-cache-hits: 1, 1

GET
H2 200 f2f2b9bb19ed5bd7554ad5e5f14af0fa.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 15 KB
15 KB 28ms
23ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/f2f2b9bb19ed5bd7554ad5e5f14af0fa.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 403c7599ce9433adbea0c263dc96dbfcd0a61f895e2787568c11d47a39be21ed

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish, 1.1 varnish
age: 4106
x-cache: HIT, HIT
fastly-io-info: ifsz=370234 idim=1967x1106 ifmt=jpeg ofsz=15458 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 15458
x-amz-id-2: 7DxWr6oqzAjxz0eKxhzqmuA5CaDRcWFF66QHbMEtD6QgplZoKuGYmBs69kI+tsttJWbkOPNgHxA=
x-served-by: cache-bwi5171-BWI, cache-hhn4052-HHN
server: AmazonS3
x-timer: S1620821671.190373,VS0,VE1
etag: "fkD484UKmYm/6IndPUyWLrf3y6LeKgQy9UepaEi9+Ps"
vary: Accept
x-amz-request-id: 30FS7GDN17BHV6ES
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 7387cb6b479d856a2adda93c5fa53729.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_450,pg_1,q_80,w_800/ 15 KB
16 KB 24ms
24ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_450,pg_1,q_80,w_800/7387cb6b479d856a2adda93c5fa53729.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 202fa7ba876a0bcdc66bc00230ce7c0f140627f469024ea49a0bb118bdb846d7

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish, 1.1 varnish
age: 3685
x-cache: HIT, HIT
fastly-io-info: ifsz=2540275 idim=3218x1810 ifmt=jpeg ofsz=15660 odim=800x450 ofmt=webp
fastly-stats: io=1
content-length: 15660
x-amz-id-2: tSUX0NyjLMPI8WKBwi6TYi/5DpN+iqhQUlOfoEmvsNx8jOIDEphgcpkNzokmjR+whFS3xQOCfps=
x-served-by: cache-bwi5167-BWI, cache-hhn4052-HHN
server: AmazonS3
x-timer: S1620821671.190817,VS0,VE1
etag: "nwLOaiazztwwvLyInkuVaWrVFTmvrAOjyg0tMVqBWpg"
vary: Accept
x-amz-request-id: 2DXER35X78552VKY
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=450&quality=80&width=800
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 fa0670eae605466025f4ed6921ec2d3c.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 10 KB
10 KB 24ms
22ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/fa0670eae605466025f4ed6921ec2d3c.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d36313f89703f3c4a05f122f9ae4ad86a26ef03b218004281fcba2ac9203d24e

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish, 1.1 varnish
age: 3743
x-cache: HIT, HIT
fastly-io-info: ifsz=1072414 idim=2000x1133 ifmt=jpeg ofsz=9782 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 9782
x-amz-id-2: hWtx5+LeDpnO8Po2B5Ds7VYzof7DNVxpP/JGfOhcLPDUZZJp+KJvNpNSjc5ReKB6GosqEWV7xZM=
x-served-by: cache-bwi5163-BWI, cache-hhn4052-HHN
server: AmazonS3
x-timer: S1620821671.215896,VS0,VE1
etag: "owx41bzRpiXt0Ww//ZUJqOxM+X2WER+y1I6w9Aq7gNE"
vary: Accept
x-amz-request-id: 5V7RQJ3F0ZFJHFH8
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 416878c76593c21dae77680c701dd917.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 9 KB
9 KB 28ms
26ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/416878c76593c21dae77680c701dd917.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7767571d4000409145e765742b118281eb854a1685fb846371a1a33febd253a2

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish, 1.1 varnish
age: 4987
x-cache: HIT, HIT
fastly-io-info: ifsz=404289 idim=2000x1125 ifmt=jpeg ofsz=9306 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 9306
x-amz-id-2: KXaKopdJNyDEngondNI7IfhgmqAhkvBq4L4IeZKpRNg0gVJa5VWYSunCGxBEdR29RKp2ixEcgzM=
x-served-by: cache-bwi5160-BWI, cache-hhn4052-HHN
server: AmazonS3
x-timer: S1620821671.216409,VS0,VE1
etag: "4LtxLIfif3wLMLLofx5LsnwXTEsa7DMSRGyak0HkbKU"
vary: Accept
x-amz-request-id: CZD3N8FAGP9VEG34
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 bh3kx1k1j3j3cfx4fa4a.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 12 KB
12 KB 28ms
26ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/bh3kx1k1j3j3cfx4fa4a.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5c9fc196d96d36e202f92c9437be44870861197142f8df87e69e0129b949dc3c

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cld-original-filename: multipartBody2773649450876840978asTemporaryFile
via: 1.1 varnish, 1.1 varnish
etag: "7TREUp4ukTqYMpkIrZgEQu2nTYOSeaqiA3SrfJhSA4I"
age: 293972
x-amz-meta-cld-version: 1576086108
x-cache: HIT, HIT
fastly-io-info: ifsz=439801 idim=2000x1133 ifmt=jpeg ofsz=12162 odim=320x180 ofmt=webp
x-amz-storage-class: STANDARD_IA
x-amz-meta-cld-surrogate-key: 268294058981334498676233735473882863947
fastly-stats: io=1
content-length: 12162
x-amz-id-2: J6MDG924TO3CY7OY1lu+fc68x0bBpgTzNy3WH/NxrPjlk98eJerUxWA7+LhIQ34uGeJA0/7X5/M=
x-served-by: cache-bwi5121-BWI, cache-hhn4052-HHN
x-amz-meta-cld-transformation-id: 10000011314925
server: AmazonS3
x-timer: S1620821671.216364,VS0,VE1
date: Wed, 12 May 2021 12:14:31 GMT
vary: Accept
x-amz-request-id: RHCWTY9S4SG17ZRR
access-control-allow-origin: *
cache-control: public, max-age=31557600
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 641d40ad1161b3fcf9f19340b0671537.png
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 68 KB
69 KB 26ms
25ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/641d40ad1161b3fcf9f19340b0671537.png
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ad101552294640eb09ff94ec6d2ccb497d17b143b4e57aeb974994b8c2da97a

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish, 1.1 varnish
age: 2909
x-cache: HIT, HIT
fastly-io-info: ifsz=2755027 idim=2000x1125 ifmt=png ofsz=69762 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 69762
x-amz-id-2: /tRtbd0ksM9B0xnAYooNh5ORp22JzA6I5CMJIPcmCQKvn6J4POsrtOpm2sM1vkChD6WDkig27jM=
x-served-by: cache-bwi5130-BWI, cache-hhn4052-HHN
server: AmazonS3
x-timer: S1620821671.216522,VS0,VE1
etag: "jYl53y4mLnTtIpx8UZG8TK86Q/yYjhFURfDBQL/wlNw"
vary: Accept
x-amz-request-id: GWC3D9MQDF6HKTBM
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=png&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 pr0gzmhpdd3kmxjd5p1y.png
i.kinja-img.com/gawker-media/image/upload/c_fit,fl_progressive,q_80,w_320/ 15 KB
16 KB 27ms
26ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fit,fl_progressive,q_80,w_320/pr0gzmhpdd3kmxjd5p1y.png
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 92a0bfc0861a802d3fe9c2c70913bebc317707244d8d4d4656927713ecc2a2f5

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cld-original-filename: multipartBody6982375886234284587asTemporaryFile
via: 1.1 varnish, 1.1 varnish
etag: "AStJBY/KomZjy/y2bS+c/xAxoIDJBBaHybh+ni/dPFc"
age: 1225900
x-amz-meta-cld-version: 1587383397
x-cache: HIT, HIT
fastly-io-info: ifsz=28750 idim=235x120 ifmt=png ofsz=15400 odim=320x163 ofmt=webp
x-amz-meta-cld-surrogate-key: 351236110008638766298547047125526252396
fastly-stats: io=1
content-length: 15400
x-amz-id-2: ZRVDNazrGQ+9RcSd/wu3OE54ROFKkSQMTfkkvMUL4slNFG7LLpY5nAwuxmZ+VCODN5Aj3UwU2E4=
x-served-by: cache-bwi5158-BWI, cache-hhn4052-HHN
x-amz-meta-cld-transformation-id: 10000011314925
server: AmazonS3
x-timer: S1620821671.216503,VS0,VE1
date: Wed, 12 May 2021 12:14:31 GMT
vary: Accept
x-amz-request-id: MZ2T8WYD1ZJZDQD2
access-control-allow-origin: *
cache-control: public, max-age=31557600
x-kinja-qs: auto=webp&enable=upscale&format=png&frame=1&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 ruzytt0vx9fahqs1fjge.png
i.kinja-img.com/gawker-media/image/upload/c_fit,fl_progressive,q_80,w_320/ 6 KB
6 KB 23ms
23ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fit,fl_progressive,q_80,w_320/ruzytt0vx9fahqs1fjge.png
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3426fb9ab290b175146bce114372bac9bae5f2f661cd390d5caa75d3b2bc7544

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cld-original-filename: multipartBody3243967384545254353asTemporaryFile
via: 1.1 varnish, 1.1 varnish
etag: "b5S1Sprc+cKTxrLspYEY00aRhyy6iE3r2VAf2vlrWNU"
age: 1225900
x-amz-meta-cld-version: 1556302062
x-cache: HIT, HIT
fastly-io-info: ifsz=32653 idim=1373x418 ifmt=png ofsz=5722 odim=320x97 ofmt=webp
x-amz-meta-cld-surrogate-key: 308379839138913248773917624644144710573
fastly-stats: io=1
content-length: 5722
x-amz-id-2: TgkYKpb+89ZZFvEEWzFUBnewzy8ZNCE82oveZXwowbG78d5/W7C8tebNM7dxLqiKzeSXSeo5JNE=
x-served-by: cache-bwi5167-BWI, cache-hhn4052-HHN
x-amz-meta-cld-transformation-id: 10000011314925
server: AmazonS3
x-timer: S1620821671.241075,VS0,VE1
date: Wed, 12 May 2021 12:14:31 GMT
vary: Accept
x-amz-request-id: MZ2NNMRYYBW379K1
access-control-allow-origin: *
cache-control: public, max-age=31557600
x-kinja-qs: auto=webp&enable=upscale&format=png&frame=1&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 zqwyposgzzjnqbn2fypx.png
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_450,pg_1,q_80,w_800/ 266 KB
267 KB 25ms
24ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_450,pg_1,q_80,w_800/zqwyposgzzjnqbn2fypx.png
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 09f9d527f7ee559eddd55aa8399e14c8cd9531a5e3f0f62f709d4ab6bb858d1a

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cld-original-filename: multipartBody8796913007964213177asTemporaryFile
via: 1.1 varnish, 1.1 varnish
etag: "jgnLpUkEj2BxNlTTNXa9G4NoYHFJq+MzFAM3zAAdC7c"
x-amz-meta-cld-surrogate-reporting: width=1920,height=1080
age: 1225891
x-amz-meta-cld-version: 1618928295
x-cache: HIT, HIT
fastly-io-info: ifsz=2067244 idim=1920x1080 ifmt=png ofsz=272766 odim=800x450 ofmt=webp
x-amz-meta-cld-surrogate-key: 474631479452878046054154704314131886356
fastly-stats: io=1
x-amz-meta-cld-etag: 494ee458dae74f702a2ab1cfc385df75
content-length: 272766
x-amz-id-2: 8pmz3zJc0Xce4XFTcRzgpF9KB+bhJcw7PlNxdSgHtV2h0AdbIFm5bMLRagjMSRQi9XsxML01YCg=
x-served-by: cache-bwi5125-BWI, cache-hhn4052-HHN
x-amz-meta-cld-transformation-id: 10000011314925
server: AmazonS3
x-timer: S1620821671.241036,VS0,VE2
date: Wed, 12 May 2021 12:14:31 GMT
vary: Accept
x-amz-request-id: 4ZGFEYJMGD4BX0H6
access-control-allow-origin: *
cache-control: public, max-age=31557600
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=png&frame=1&height=450&quality=80&width=800
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 libre-baskerville-bold.woff2
f.kinja-static.com/assets/fonts/libre-baskerville/ 18 KB
18 KB 39ms
38ms Font
binary/octet-stream 151.101.66.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/libre-baskerville/libre-baskerville-bold.woff2

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7e81304e7824242c9059d1ba7875b48357656ac82d4e143dccb3d0eb7c77296c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 26
x-cache: HIT
content-length: 17984
x-amz-id-2: pRIIhkys8zj86cPHvHFrflr+LQ1t09EpUXhkj+UmjANHsmDT2I4bU1zqCK0Cj0iWBh1G5vNtJwc=
x-served-by: cache-hhn4066-HHN
last-modified: Thu, 29 Apr 2021 03:56:13 GMT
server: AmazonS3
x-timer: S1620821671.225810,VS0,VE1
etag: "0518781cd45a71291d17ea1febfcc5fe"
x-amz-request-id: 23RHP1N5ZKCVB3BQ
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
H2 200 runtime~adManager.487cb9be5257c437034a.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 3 KB
1 KB 3ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/runtime~adManager.487cb9be5257c437034a.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b6541ccc3e28b7eb3657d8624c3b23a6c955f0a05fdef7a7cfa04a798c3d0f30

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 596815
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 1128
x-amz-id-2: Up0SP1v3oZBH84gthv0xpB0e21nrbE9GwDwpp8X2FSmFHdHUKdkvMA+YuY1rerWRunFeyb2fQTc=
x-served-by: cache-hhn4077-HHN, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:01 GMT
server: AmazonS3
x-timer: S1620821671.128912,VS0,VE1
etag: "ab74f8472757599846af2395a301a02f"
vary: Accept-Encoding, Authorization
x-amz-request-id: MP64M30J55EWCPEC
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 adManager.addfdaedaf2bdf948553.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 667 KB
102 KB 5ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adManager.addfdaedaf2bdf948553.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bd81568ef95ce5d7859859f7e4e48f46bfa0a4a8f404d3f2d56c65bd1c223915

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78115
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 104231
x-amz-id-2: y2gtnCKpyrvcrq2uZckFDLjdgWeFLVgfa0XzR5LGt9Aaf0fyXhTDacJWXku71PyYzS6pX8O+hLU=
x-served-by: cache-hhn4024-HHN, cache-hhn4052-HHN
last-modified: Tue, 11 May 2021 14:28:45 GMT
server: AmazonS3
x-timer: S1620821671.128846,VS0,VE1
etag: "6aacbfed9f041f9e26a92b42af36aef1"
vary: Accept-Encoding, Authorization
x-amz-request-id: F65C62D2BBH0G4J4
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 runtime~trackers.4d23399ce64861a657d3.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 3 KB
1 KB 7ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/runtime~trackers.4d23399ce64861a657d3.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

159f073ca9a9d774b1cad9f7991e48b1f060f297d4fdcb15b14d4e25edf20a48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 596807
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 1121
x-amz-id-2: dvwaeMGwgqPa+KiWlLuRWkRMAhk166iSDPpSOtVTkkU+kAEB8XNjsxoT2y3ZHTLN9jXDmDTQEA8=
x-served-by: cache-hhn4037-HHN, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.128732,VS0,VE1
etag: "56ca77d3308f23ac30d62030e4ea811a"
vary: Accept-Encoding, Authorization
x-amz-request-id: 5DJGCZ1HN47EYD5P
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 0.964ec926522338d43fe6.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 7 KB
3 KB 9ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/0.964ec926522338d43fe6.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6db55e01bed50fd095397a0c2382148aea2865278d05a346499a5a677bc49fcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 596815
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 2238
x-amz-id-2: uCpm42i1jqT3+V1vHHniHBuz4rgEFov1c5a5w0lF0UplSZHJNLTQbfhTCdriJlZett/31u4qoHU=
x-served-by: cache-hhn4073-HHN, cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:23:59 GMT
server: AmazonS3
x-timer: S1620821671.128723,VS0,VE1
etag: "fc24e5eaf48793210ba391bd2ac61a9a"
vary: Accept-Encoding, Authorization
x-amz-request-id: MP63CPS6GYHYHN1G
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 trackers.d33608075ce29f7f30a9.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 44 KB
12 KB 9ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/trackers.d33608075ce29f7f30a9.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

859d5e37e66e811e057fe7751b8b769cba70f3c3073793ca482ffcf2d422c826

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78142
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 11584
x-amz-id-2: r75aaghbDmDUDB7jDXwOrcS11IGZVsaQda7EiYDVKOSQuYsRgkoHHYCW6ZOOIBsMzi/8I+xSAG4=
x-served-by: cache-fra19169-FRA, cache-hhn4052-HHN
last-modified: Tue, 11 May 2021 14:28:47 GMT
server: AmazonS3
x-timer: S1620821671.128701,VS0,VE1
etag: "9da1be9ef4f357d640d6c3bd46445cf2"
vary: Accept-Encoding, Authorization
x-amz-request-id: J4R9C024E9B18MFJ
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 runtime~curatedHomepage.402e56a1882120064144.js Show response
x.kinja-static.com/assets/new-client/ 8 KB
2 KB 35ms
23ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/runtime~curatedHomepage.402e56a1882120064144.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

11da7e6f8cee87e26cc93982fe55c87e6bdf70c215a62d23c72b60e19f4ef993

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70
via: 1.1 varnish
x-cache: HIT
content-length: 2292
x-amz-id-2: QiZPH7IKOu5p4AA0o1oOdtoUhWI7AcJbPCJlEEBWxLHWc+acaDZjBBFzTOpXwjD77e11snLjkpU=
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 11 May 2021 15:15:21 GMT
server: AmazonS3
x-timer: S1620821671.359072,VS0,VE0
etag: "d5bbb1a8b14a437f800320c6aa40cd9b"
vary: Accept-Encoding
x-amz-request-id: X197051ASW11K2DJ
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~50ffb65c.70b9ffbba4d80c316a65.js Show response
x.kinja-static.com/assets/new-client/ 115 KB
32 KB 35ms
23ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~50ffb65c.70b9ffbba4d80c316a65.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a720edff5fac0933dfb339213c8239f78abfa3cb60c27a9c467704fb5c57aae0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71
via: 1.1 varnish
x-cache: HIT
content-length: 32824
x-amz-id-2: gzJ/U38c59RGmcCY0z2pDkjku2KOSHedklm2sgduUegh8N47KJJdimpUGqMOa28UvdRJ/G4GveI=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.359165,VS0,VE0
etag: "fef678a6374a0ed28d669e2f766834fc"
vary: Accept-Encoding
x-amz-request-id: MP6DRWZ743DHQM2Y
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~1ac5354a.1af5d7a7f6b9ca21b73c.js Show response
x.kinja-static.com/assets/new-client/ 4 KB
2 KB 33ms
21ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~1ac5354a.1af5d7a7f6b9ca21b73c.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b0384dc4f44a2d2192eea70893ce43e74d63925434d7cfe10163227ee2791cd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71
via: 1.1 varnish
x-cache: HIT
content-length: 1595
x-amz-id-2: VWXjtoZE38tTJiG0Ng4llMIUndPwwT+IslpQ4vKNIQ6BQHSJ/EMvof/XTalps6itMlzQbNlNTSo=
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 11 May 2021 22:53:54 GMT
server: AmazonS3
x-timer: S1620821671.358879,VS0,VE0
etag: "9b9220c09e2c35036c99ba2b4b294e6a"
vary: Accept-Encoding
x-amz-request-id: 057R91G2ACMTMGQX
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~ab99bc6b.be5427d9ce6fac989a45.js Show response
x.kinja-static.com/assets/new-client/ 7 KB
3 KB 34ms
22ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~ab99bc6b.be5427d9ce6fac989a45.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9f3d63652277cd51fb82f48f9c18480d5a5bd4960cab9e0c8d96f5f03bce7836

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66
via: 1.1 varnish
x-cache: HIT
content-length: 2908
x-amz-id-2: 3lN+NS/bjXff1iFc4bh9alKUAVsfv+swO/BfIpBHBmsl5IHG3fBQ7Cy9JhtIWikMvMPbZOUb25I=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.359073,VS0,VE0
etag: "bd24a93ea9d13ee49b0521fe3f35f0d3"
vary: Accept-Encoding
x-amz-request-id: MP6DX7QWNPW98C0C
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~3441fe34.cc27c62841b3add68c09.js Show response
x.kinja-static.com/assets/new-client/ 118 KB
29 KB 33ms
24ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~3441fe34.cc27c62841b3add68c09.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f0c19455876a23a70e104a436baa4d5cfdbade5685e228c25cd5f1aeadc42c7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66
via: 1.1 varnish
x-cache: HIT
content-length: 29550
x-amz-id-2: GTxCKylv4lH0rxwkG8pIBZAoMdBEZeN0txuPRLgk4HzAWRkg9+2k4ChySrcV+J8CnW02r0Cx0Co=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.360247,VS0,VE0
etag: "5b0db8eed8da26fef6f799eeba64c0fe"
vary: Accept-Encoding
x-amz-request-id: MP60RABK0SJJNKV5
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~c4cf108c.2168a9d8b81e18e60dd7.js Show response
x.kinja-static.com/assets/new-client/ 4 KB
2 KB 28ms
24ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~c4cf108c.2168a9d8b81e18e60dd7.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

30a74a724f831d9b59d6a44c890fe18ff341bd1d68579aed2cb09e682b59f312

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66
via: 1.1 varnish
x-cache: HIT
content-length: 1577
x-amz-id-2: +bOJ6gqTXypT9iJh91IQuthcNZlQjUcfklztwMtpMhI2pc9MZDi7TBQHLornAwxNkaVoX4OSuzU=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.360235,VS0,VE0
etag: "956c04eed47e1b571275446dd2ec3408"
vary: Accept-Encoding
x-amz-request-id: MP62KFGCR02FS1TW
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~adEditor~browser-logs~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~erro~95b460b0.6648ed7b82bdcb5a128b.js Show response
x.kinja-static.com/assets/new-client/ 18 KB
5 KB 31ms
26ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~browser-logs~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~erro~95b460b0.6648ed7b82bdcb5a128b.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bf085c3ec47acdc729ec9929e13405f071ce559d6e4bf8aa0cf91d10f4dff396

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79
via: 1.1 varnish
x-cache: HIT
content-length: 5350
x-amz-id-2: 0BZmAz55RAgJFV4/jUzQ9s0p/qaT0KJ7lokU3m3iF26+/MT3/mnuyDD85IUld50zDLx0bRHJzSM=
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 11 May 2021 22:53:54 GMT
server: AmazonS3
x-timer: S1620821671.389462,VS0,VE0
etag: "1a5aba4c49a2c47dfa399a4935bed66f"
vary: Accept-Encoding
x-amz-request-id: VA9VTM45CMXQNDW5
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~482673d0.36f2d855df04dd9c69a0.js Show response
x.kinja-static.com/assets/new-client/ 19 KB
7 KB 31ms
26ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~482673d0.36f2d855df04dd9c69a0.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

35983cd8f6ef4c7cb9989a29f0e9151b5cd81ace67f614dc88cb0797bb1eea32

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66
via: 1.1 varnish
x-cache: HIT
content-length: 6584
x-amz-id-2: tdRteaQ+dtjPAMgx1WvlHLy0M9ISfOtKLKTWeT2HTC1KW6SNyFiXYwoOqj1tJcK5zvY/dZSEgF0=
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 11 May 2021 22:53:54 GMT
server: AmazonS3
x-timer: S1620821671.389436,VS0,VE0
etag: "48442ef6164453c5499708c1bbcdf605"
vary: Accept-Encoding
x-amz-request-id: S5QW9GA2CXYXW94Q
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js Show response
x.kinja-static.com/assets/new-client/ 44 KB
13 KB 30ms
26ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2a6dc6fb00cde6afb3b582119bf4c8c6ee7f5b4043cf09b789482b85850a48d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79
via: 1.1 varnish
x-cache: HIT
content-length: 13181
x-amz-id-2: 7VcXV4iLIxFuJok6duOuUchb2R8ZF716T1+rq0g/65u32ofgy8Y+qiOJoM2NSbyAaJ+zKYN6Pg4=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.389421,VS0,VE0
etag: "1454ca61f8e339128ad0b2b3f8567d12"
vary: Accept-Encoding
x-amz-request-id: MP6E2E8XXFQFJPG3
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 1.3a63154824145ee4e028.js Show response
x.kinja-static.com/assets/new-client/ 460 KB
103 KB 28ms
27ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/1.3a63154824145ee4e028.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bc7167a426fb45825902fddef4a2d12b790bb470ff9e8656fdaadf293b676f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33
via: 1.1 varnish
x-cache: HIT
content-length: 104892
x-amz-id-2: Kr+M/PUvq3OrYBccA45PYEB1hAa14Yii8gGwMKkul0WES/XK/HaWAFjaTRb14xf40ZEx6xSbF/U=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 12 May 2021 10:30:56 GMT
server: AmazonS3
x-timer: S1620821671.389397,VS0,VE0
etag: "2d8a83a136207801ee74ac34a3f8e87a"
vary: Accept-Encoding
x-amz-request-id: VSXQFKWQ6N4FK1YB
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~YMALModule~carousel~category-stream~commentsIframe~curatedHomepage~homepage-edit~impact-head~833e4f08.01dc0d78b2de2f1ae4fe.js Show response
x.kinja-static.com/assets/new-client/ 5 KB
2 KB 27ms
27ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~YMALModule~carousel~category-stream~commentsIframe~curatedHomepage~homepage-edit~impact-head~833e4f08.01dc0d78b2de2f1ae4fe.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8f4ea46ad7e421dbf383dff81c4e8169ba515c49c72151c020d364aaa7c7bf27

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19
via: 1.1 varnish
x-cache: HIT
content-length: 1857
x-amz-id-2: TMJ+N60zYEdAFe1uSupG1fHlApeyXMoSgg7H0nAWUu1zmRbRvLcsbbpH/2j9d0crahMadbfPiuM=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.389384,VS0,VE0
etag: "1bb7566f3cedc96f88f37d81cf71a38f"
vary: Accept-Encoding
x-amz-request-id: HSPT53VB1D9PRJ49
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~channelSectionPage~commerceDashboardClient~curatedHomepage~customHeader~header~login~notific~da1c7d2b.37367c878de2452f00da.js Show response
x.kinja-static.com/assets/new-client/ 16 KB
4 KB 27ms
27ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~channelSectionPage~commerceDashboardClient~curatedHomepage~customHeader~header~login~notific~da1c7d2b.37367c878de2452f00da.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bab52415ad1528e0e14bedfabdd748d62572a27dcd2ff1991d8cd9bdb0b0609a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83
via: 1.1 varnish
x-cache: HIT
content-length: 4110
x-amz-id-2: BkdnYwek7aGy3IkBCARRbyh/oHoXZrdbe007MO14s+1df1QIwJvzuK385Pqu46mFu/CMgCJRcnY=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.389374,VS0,VE0
etag: "32d386827751a53b5a9ede24089b312c"
vary: Accept-Encoding
x-amz-request-id: HSPMDPWEJW64JP04
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~categoryPage~curatedHomepage~featuredPermalinkPage~frontPage~permalinkPage~searchPage~slides~a3dad056.7f0a898dd527abb1ffa7.js Show response
x.kinja-static.com/assets/new-client/ 16 KB
5 KB 24ms
22ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~categoryPage~curatedHomepage~featuredPermalinkPage~frontPage~permalinkPage~searchPage~slides~a3dad056.7f0a898dd527abb1ffa7.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3ed4dce1bfb07c181da64095e302461a5b744ee60299ca8cdff598633d745bf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40
via: 1.1 varnish
x-cache: HIT
content-length: 5264
x-amz-id-2: tFSghASEi7vZPQJIr+iDCj0a+K3ZLb0i0FWDDV6KOJonHi3VL/QOQKtZVjHfo3K4hyRuaVMFlU0=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.420080,VS0,VE0
etag: "9a0575f06bd61bc32bd69c39e48a8326"
vary: Accept-Encoding
x-amz-request-id: MP6A3SE3N0CX3R4Z
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~YMALModule~curatedHomepage~homepage-edit.0c7bfdba950254ddc6a3.js Show response
x.kinja-static.com/assets/new-client/ 7 KB
3 KB 24ms
22ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~YMALModule~curatedHomepage~homepage-edit.0c7bfdba950254ddc6a3.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

dfb8689a3cbf4f504d5e8523c5b74e684d32766e37521bd00943d6e3c96da80e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70
via: 1.1 varnish
x-cache: HIT
content-length: 2495
x-amz-id-2: gZgR5y5k8GgZDjWl/X6z6mGhC7qXZkSxN0PTkQQR8urnKPoIHz4zekmZeMYJlunUqlJmh7szlK4=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:24:02 GMT
server: AmazonS3
x-timer: S1620821671.420063,VS0,VE0
etag: "3598adf061d5c69aeda9f652a55a06c2"
vary: Accept-Encoding
x-amz-request-id: KAP12RX9VEQ18A7G
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 vendors~curatedHomepage.d5dab888663c0e5b3f0f.js Show response
x.kinja-static.com/assets/new-client/ 8 KB
2 KB 25ms
23ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~curatedHomepage.d5dab888663c0e5b3f0f.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bf7055642f98c8e3f7717323c7df5ac421d68f48a30a94c74d11691d2ab25888

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11
via: 1.1 varnish
x-cache: HIT
content-length: 2235
x-amz-id-2: IdazFermPhIpjEp+YaOLku8Cx1DXpQeXYgdq0pArrueHcPVeJ7M4Uj1Pbn9KnWC+gCTTwAPw/kk=
x-served-by: cache-hhn4052-HHN
last-modified: Wed, 05 May 2021 14:44:06 GMT
server: AmazonS3
x-timer: S1620821671.420398,VS0,VE0
etag: "3de05db5e37ff13e0942ddf0044f33e5"
vary: Accept-Encoding
x-amz-request-id: G5SE948G5G210N38
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 curatedHomepage.953508ca465bf52d1b08.js Show response
x.kinja-static.com/assets/new-client/ 1 MB
193 KB 26ms
23ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/curatedHomepage.953508ca465bf52d1b08.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

90ec56a70a898b1c9fd2b114ccb5145e4294cd9098597004f15e86c9b0f3814c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70
via: 1.1 varnish
x-cache: HIT
content-length: 197349
x-amz-id-2: 4fBEfc81lqmaQ5qdeoEoJYT2Ri0S2Q+sOs3lCFKHdV8iyEh4Qh6R9sxMy2geeQ0tFebwwsYiVC0=
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 11 May 2021 15:15:20 GMT
server: AmazonS3
x-timer: S1620821671.426029,VS0,VE0
etag: "1178c61e895aabf37f0a423632c0d71a"
vary: Accept-Encoding
x-amz-request-id: X191DBMB29DS2D5K
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 b-49c6f47-cbbfc745.js Show response
tagan.adlightning.com/gomedia/ 69 KB
23 KB 23ms
21ms Script
application/javascript 13.224.95.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-16.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d77beb93df130b7b138f3affbdb35abba9e51ca3437ba86c7216bd2746dcc1a3

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 19:31:35 GMT
content-encoding: gzip
age: 3170577
x-cache: Hit from cloudfront
content-length: 23076
x-amz-meta-git_commit: 49c6f47
last-modified: Mon, 05 Apr 2021 19:30:30 GMT
server: AmazonS3
etag: "0a7d5a16c55eb7e7e99bbede6a4cfde6"
x-amz-version-id: YXUvlAlX4KlnH3M.eaMo._kk8.YeX82I
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: h3gUDsiCo9blQbpP50MNxHIXKtAYOM4WMutl7ex_4G6QoERjyH9vPA==

GET
H2 200 bl-165eba0-79d4efd1.js Show response
tagan.adlightning.com/gomedia/ 65 KB
20 KB 23ms
21ms Script
application/javascript 13.224.95.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/bl-165eba0-79d4efd1.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-16.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2252d99057cd26061913d9d6b86bc2f958b51fcaf62bea99f1f03f6e47a57f64

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 08 May 2021 18:09:11 GMT
content-encoding: gzip
age: 324320
x-cache: Hit from cloudfront
content-length: 19806
x-amz-meta-git_commit: 165eba0
last-modified: Sat, 08 May 2021 18:07:03 GMT
server: AmazonS3
etag: "fe871ac503a303479370b96bb0ebc6df"
x-amz-version-id: THtQbjWQSdsLfy7PezD3R_qntNpuNpmb
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: nVNKLaqWEks_XePvvNKHYOf1qLTJmRexPqm2UAVJc-oAhiY3S0JRkw==

GET
H3-29 200 pubads_impl_2021050601.js Show response
securepubads.g.doubleclick.net/gpt/ 303 KB
107 KB 59ms
28ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050601.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

9eb83620a305b5cfbd47a770dd1f649d9ae99d34becf19308f9cc75106d1b5b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 08:40:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109330
x-xss-protection: 0
expires: Wed, 12 May 2021 12:14:31 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
537 B 37ms
16ms XHR
application/json 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.theonion.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 scroll.js Show response
static.scroll.com/js/ 17 KB
18 KB 81ms
27ms Script
application/javascript 199.232.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.scroll.com/js/scroll.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 01522e70e4807e89bf3303d4f2e01fb141b4ce91dba4023d23794e255028ed9e

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 varnish
x-guploader-response-body-transformations: gunzipped
age: 72485
x-guploader-uploadid: ABg5-UzDn4HViVtDYMx0LxJFFJlJP1Vz5wrigqc--DyYYhhSwMVmRMtaG6ZwrRuWYETy9wRdT0ELNUrWXe2mNQi0nLck5Tz0HA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 17845
x-served-by: cache-hhn4034-HHN
last-modified: Thu, 25 Feb 2021 20:29:37 GMT
server: UploadServer
x-timer: S1620821672.642968,VS0,VE0
etag: W/"334dd94887922f13e29acca6ed203eb7"
vary: Origin
x-goog-hash: crc32c=kcQgZA==, md5=M03ZSIeSLxPimsym7SA+tw==
x-goog-generation: 1614284976930081
expires: Tue, 27 Apr 2021 16:41:24 GMT
cache-control: public, max-age=0, s-maxage=86400
access-control-allow-credentials: true
x-goog-stored-content-length: 6459
accept-ranges: bytes
content-type: application/javascript
warning: 214 UploadServer gunzipped
x-scrolljs: 3
x-cache-hits: 17143

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 126 KB
33 KB 57ms
22ms Script
application/javascript 13.224.103.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/x-kinja-static/assets/new-client/trackers.d33608075ce29f7f30a9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.103.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-103-105.zrh50.r.cloudfront.net
Software: Server /
Resource Hash: 05b1936a5e4229dc34d8e5fcfc22ce024634ea618687f37e31857402b27c4dba

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 05:09:09 GMT
content-encoding: gzip
server: Server
age: 25521
etag: 8975e8311e479cf7d71d71133ee2dff8
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: RvFob.r3TH_ft5dtWL2SCNMCpiQphReE
x-amz-cf-id: ENi8BjslgioayKGh8MZ52N727BMImb8y-vzFt7i8WHshla6DfxaBZw==

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 53ms
13ms Script
application/x-javascript 2600:9000:2190:8e00:18:1fcd:34e:d2a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:8e00:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ec93813683cccb74a7896a34a2ed1b2163288620f6959ae06de3ded30cf518b9

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 15:20:22 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 00:04:46 GMT
server: nginx
age: 75249
etag: W/"60665f9e-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 a2037d86ccb1a548f20827ebd95a65f3.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: v_bF1E5xtgeO_3FLdatRICFa8-SAEs18cJ1aXcTBAtEQcm_J0DeuxQ==
expires: Wed, 12 May 2021 15:20:22 GMT

GET
H2

200

tag Show response
btloader.com/
Redirect Chain

https://kinja-com.videoplayerhub.com/gallery.js
https://btloader.com/tag?h=kinja-com&upapi=true

10 KB
5 KB

56ms
20ms

Script
application/javascript

2606:4700:20::ac43:4686
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?h=kinja-com&upapi=true
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4686 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b5473db0e51abf3da61b7537df9dcb6a8758d37438aa247d0aad4bfd51f2b56

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2625
content-encoding: br
cf-request-id: 0a021917250000c29a2c9c1000000001
server: cloudflare
etag: W/"3aaddb6f472770a516deffa11ea5c602"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PSDCEd4beHPxWGH7Uhj%2FUFOm1toGi0xcS8vK4u6CkeIsfTMEThTY%2Fe56D%2Fox74pVe7cUNKIEgCtWlY1RDPQ2jSa%2BJjyGfbkZNaUjoDOI4FscLAemV9YOA5E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
cf-ray: 64e391383c3dc29a-FRA

Redirect headers

date: Wed, 12 May 2021 12:14:31 GMT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5FYpTx0x%2FRGxF4Q%2FToHH9WgpPuPTOv8xLjJG8FAa1JY%2F%2FRShjonDNwaAmUWaRCMjXiazVVRiubCGsNAVw%2FTa7QyqlumcQpCSLBHlwrx1BfckJTdZgKMRRUuvfP4TZ8Pp9wXOjH%2Fj6S3D"}],"group":"cf-nel","max_age":604800}
location: https://btloader.com/tag?h=kinja-com&upapi=true
cache-control: max-age=3600
cf-ray: 64e391378bc34abd-FRA
cf-request-id: 0a021916b400004abd2b82f000000001
expires: Wed, 12 May 2021 13:14:31 GMT

GET
H2

200

connatix.playspace.dc.js Show response
cds.connatix.com/p/116348/
Redirect Chain

https://cd.connatix.com/connatix.playspace.js
https://cds.connatix.com/p/116348/connatix.playspace.dc.js

1 MB
232 KB

24ms
21ms

Script
application/javascript

151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/116348/connatix.playspace.dc.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ebb5281c0b2743cffb8ee8bece7103473b30cf8636848661aa53571d81cad3ed

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: br
last-modified: Mon, 10 May 2021 05:19:14 GMT
age: 197605
etag: "2db620a0bc10b6774fcce879a9475622"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 236885

Redirect headers

location: https://cds.connatix.com/p/116348/connatix.playspace.dc.js
date: Wed, 12 May 2021 12:14:31 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
age: 0
accept-ranges: bytes
content-length: 0
retry-after: 0

GET
H2 200 i.js Show response
tag.bounceexchange.com/3645/ 16 KB
8 KB 165ms
126ms Script
text/plain 34.120.253.250
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.bounceexchange.com/3645/i.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: fasthttp /
Resource Hash: 1972670f356d064fac8d1be0a1c2cc92ef6bf3acd6c0ad8d934981ce601b3b0f

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:09 GMT
content-encoding: gzip
server: fasthttp
age: 22
etag: 6599c11049e58f
content-type: text/plain; charset=utf-8
via: 1.1 google
cache-control: public, max-age=60
x-region: us-central1
timing-allow-origin: *
alt-svc: clear
content-length: 7608

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
2 KB 58ms
19ms Script
application/javascript 13.224.95.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-18.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:06:45 GMT
via: 1.1 c07945b00aad28e34fbfebb3d3907061.cloudfront.net (CloudFront)
etag: "1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 467
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 1469
x-amz-cf-id: vzZmUyO4bpYWtq_m6dK2aN9QTEDrlX8KkQVI92quQQWrF3XZfxC6sg==

GET
H2 200 publisher_kit.js Show response
cdn.britepool.com/ 133 KB
43 KB 80ms
25ms Script
text/javascript 65.9.66.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.britepool.com/publisher_kit.js?api_key=6e9e2b90-3709-4afb-a9f8-3586da6c7fb3
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61ccb8c3252e27a327becaf9318517719a131160e0bc05659b0d2493dc6e9245

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 10:37:43 GMT
content-encoding: gzip
last-modified: Wed, 06 Jan 2021 10:34:46 GMT
server: AmazonS3
age: 5810
etag: W/"84e9f71335e9b47a7fe8e0e75dd289da"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 e39402e2cf62b31f7774452c905f38f3.cloudfront.net (CloudFront)
cache-control: max-age=14400, public, immutable
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: spxaj2PNZiqVCjI4Fl2W0HGAXAm-iOYHVZq_upFub0y802kukMBIjA==

GET
H2 200 /
insight.adsrvr.org/track/evnt/ 70 B
261 B 139ms
47ms Image
image/gif 52.30.148.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/evnt/?adv=5zq9nmk&ct=0:ngtk7da&fmt=3
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.148.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-148-233.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:31 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
466 B 59ms
14ms XHR
application/json 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 May 2021 12:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.theonion.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 14ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=14494557&t=pageview&_s=1&dl=https%3A%2F%2Fwww.theonion.com%2F&ul=en-us&de=UTF-8&dt=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEABFAQCAC~&jid=1028745996&gjid=1510952654&cid=464347664.1620821672&tid=UA-223393-1&_gid=902532476.1620821672&_r=1&_slc=1&cd34=none&cd35=none&cd36=none&cd38=computer&cd39=none&cd40=-2&cd42=none&cd43=none&cd48=none&cd50=other&cd51=none&cd52=none&cd53=none&cd58=adblock%20off&cd60=production%3Amagma&cd70=&cd75=Logged%20out&cd76=none&cd78=standard&cd80=none&cd82=none&cd83=frontpage&cd94=none&cd97=none&cd99=none&cd101=theonion&cd103=&cd105=The%20Onion&cd108=adblock%20off&cd109=website&cd110=1364%2B&cd111=0&cd115=none&cd117=none&cd123=none&cd124=none&cd126=adblock%20off&cd130=none&cd131=frontpage&z=189800876

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 14ms
14ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=14494557&t=pageview&_s=1&dl=https%3A%2F%2Fwww.theonion.com%2F&ul=en-us&de=UTF-8&dt=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEABFAQCAC~&jid=492303485&gjid=1158699863&cid=464347664.1620821672&tid=UA-142218-33&_gid=902532476.1620821672&_r=1&_slc=1&cd34=none&cd35=none&cd36=none&cd38=computer&cd39=none&cd40=-2&cd42=none&cd43=none&cd48=none&cd50=other&cd51=none&cd52=none&cd53=none&cd58=adblock%20off&cd60=production%3Amagma&cd70=&cd75=Logged%20out&cd76=none&cd78=standard&cd80=none&cd82=none&cd83=frontpage&cd94=none&cd97=none&cd99=none&cd101=theonion&cd103=&cd105=The%20Onion&cd108=adblock%20off&cd109=website&cd110=1364%2B&cd111=0&cd115=none&cd117=none&cd123=none&cd124=none&cd126=adblock%20off&cd130=none&cd131=frontpage&z=300415734

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 event.js
www.theonion.com/api/kala/t/ 159 B
431 B 123ms
122ms Ping
application/json 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/api/kala/t/event.js?e=eyJibG9nSWQiOiIxNjM2MDc5NTEwIiwiY29udGV4dElkIjoiMTYzNjA3OTUxMCIsInRhcmdldElkIjoiMTYzNjA3OTUxMCIsImNvbnRleHRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRUeXBlIjoiRlJPTlRQQUdFX1ZJRVciLCJ0YXJnZXRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRBdHRyaWJ1dGVzIjp7ImJsb2dOYW1lIjoid3d3LnRoZW9uaW9uLmNvbSIsImlzTG9nZ2VkSW4iOjB9LCJldmVudEF0dHJpYnV0ZXNFeHRlbmRlZCI6eyJyZXNwb25zaXZlVmVyc2lvbiI6IjEzNjQrIiwiZGV2aWNlQ2F0ZWdvcnkiOiJkZXNrdG9wIiwiYWRCbG9jayI6ImFkYmxvY2sgb2ZmIiwidGltZW91dCI6ZmFsc2UsInBvc3RzSW5TdHJlYW0iOlsiMTg0NjgwMTYyMiIsIjE4NDY4Mzg4MjIiLCIxODQ2ODcxODUxIiwiMTg0Njg0NTMwNCIsIjE4NDY4NzE1NDYiLCIxODQ2ODQ4OTY4IiwiMTg0Njg2MDQ1NCIsIjE4NDY4Njk2NTAiLCIxODQ2ODYwNTE1IiwiMTg0Njg0OTU5MyIsIjE4NDY4Mzg1OTQiLCIxODQ2ODYzODQwIiwiMTg0Njg0MTEzMSIsIjE4NDY4NDk2MDQiLCIxODQ2Nzk0ODU0IiwiMTg0Njc5MTQ2MyIsIjE4NDY3ODE3ODQiLCIxODQ2NzQyNDE4IiwiMTg0NjM1NjIxNCIsIjE4NDY4MTE0OTkiLCIxODQ2NzQyNzUxIiwiMTg0NjIwNDIzMyIsIjE4NDYxOTYxNDMiLCIxODQ2MTg3Nzk1IiwiMTg0NjgyODc4OSIsIjE4NDY3OTA0NzciLCIxODQ2NzkwNDc3IiwiMTg0NjgxMTUzOCIsIjE4NDY3MDI3OTIiLCIxODQ2Njk1NDM1IiwiMTg0NjQ2NzYyOCIsIjE4NDY2NDU0NzMiLCIxODQ2NTkzMjU2IiwiMTg0NjU1NDQ5OSIsIjE4NDY2NzczNzQiLCIxODQ2NjMwOTgxIiwiMTg0NjY5NDk2NyIsIjE4NDY4NzA1NzMiLCIxODQ2ODQ4OTY4IiwiMTg0NjgzODgyMiIsIjE4NDY4MzE5NzMiLCIxODQ2ODYyNzE2IiwiMTg0Njg0MDY1NCIsIjE4NDY4Mzg3MjYiLCIxODQ2ODI5MTAyIiwiMTg0Njg3MTg4NiIsIjE4NDY4NzE4NTEiLCIxODQ2ODYxNzg3IiwiMTg0Njg2MTc1OCJdLCJzb3J0aW5nVmlldyI6ImRlZmF1bHQiLCJwYWdlSW5kZXgiOjB9fQ==&cb=190

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/curatedHomepage.953508ca465bf52d1b08.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e7fcd15fc0e26e922fb8d0e2ad5b6dbd141bdd20915188c8c6ffda7be062f8f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
origin: https://www.theonion.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: KinjaBucket=e; geocc=CH; lux_uid=162082167146666480; pageDepth=1; AMP_TOKEN=%24NOT_FOUND; _ga=GA1.2.464347664.1620821672; _gid=GA1.2.902532476.1620821672; _gat_unique=1; _gat=1; dd_rum_test=test; _dd_r=0
content-length: 0
:path: /api/kala/t/event.js?e=eyJibG9nSWQiOiIxNjM2MDc5NTEwIiwiY29udGV4dElkIjoiMTYzNjA3OTUxMCIsInRhcmdldElkIjoiMTYzNjA3OTUxMCIsImNvbnRleHRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRUeXBlIjoiRlJPTlRQQUdFX1ZJRVciLCJ0YXJnZXRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRBdHRyaWJ1dGVzIjp7ImJsb2dOYW1lIjoid3d3LnRoZW9uaW9uLmNvbSIsImlzTG9nZ2VkSW4iOjB9LCJldmVudEF0dHJpYnV0ZXNFeHRlbmRlZCI6eyJyZXNwb25zaXZlVmVyc2lvbiI6IjEzNjQrIiwiZGV2aWNlQ2F0ZWdvcnkiOiJkZXNrdG9wIiwiYWRCbG9jayI6ImFkYmxvY2sgb2ZmIiwidGltZW91dCI6ZmFsc2UsInBvc3RzSW5TdHJlYW0iOlsiMTg0NjgwMTYyMiIsIjE4NDY4Mzg4MjIiLCIxODQ2ODcxODUxIiwiMTg0Njg0NTMwNCIsIjE4NDY4NzE1NDYiLCIxODQ2ODQ4OTY4IiwiMTg0Njg2MDQ1NCIsIjE4NDY4Njk2NTAiLCIxODQ2ODYwNTE1IiwiMTg0Njg0OTU5MyIsIjE4NDY4Mzg1OTQiLCIxODQ2ODYzODQwIiwiMTg0Njg0MTEzMSIsIjE4NDY4NDk2MDQiLCIxODQ2Nzk0ODU0IiwiMTg0Njc5MTQ2MyIsIjE4NDY3ODE3ODQiLCIxODQ2NzQyNDE4IiwiMTg0NjM1NjIxNCIsIjE4NDY4MTE0OTkiLCIxODQ2NzQyNzUxIiwiMTg0NjIwNDIzMyIsIjE4NDYxOTYxNDMiLCIxODQ2MTg3Nzk1IiwiMTg0NjgyODc4OSIsIjE4NDY3OTA0NzciLCIxODQ2NzkwNDc3IiwiMTg0NjgxMTUzOCIsIjE4NDY3MDI3OTIiLCIxODQ2Njk1NDM1IiwiMTg0NjQ2NzYyOCIsIjE4NDY2NDU0NzMiLCIxODQ2NTkzMjU2IiwiMTg0NjU1NDQ5OSIsIjE4NDY2NzczNzQiLCIxODQ2NjMwOTgxIiwiMTg0NjY5NDk2NyIsIjE4NDY4NzA1NzMiLCIxODQ2ODQ4OTY4IiwiMTg0NjgzODgyMiIsIjE4NDY4MzE5NzMiLCIxODQ2ODYyNzE2IiwiMTg0Njg0MDY1NCIsIjE4NDY4Mzg3MjYiLCIxODQ2ODI5MTAyIiwiMTg0Njg3MTg4NiIsIjE4NDY4NzE4NTEiLCIxODQ2ODYxNzg3IiwiMTg0Njg2MTc1OCJdLCJzb3J0aW5nVmlldyI6ImRlZmF1bHQiLCJwYWdlSW5kZXgiOjB9fQ==&cb=190
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: www.theonion.com
referer: https://www.theonion.com/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-ua-device: desktop
x-kinja: kinja-kala-kube01-5d5469547c-9q9dv #55
x-cdn-fetch: mantle-setcookie
content-length: 153
x-xss-protection: 1; mode=block
x-served-by: cache-bwi5126-BWI, cache-hhn4052-HHN
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-timer: S1620821672.106947,VS0,VE101
x-frame-options: DENY
date: Wed, 12 May 2021 12:14:32 GMT
vary: Accept-Encoding,Origin
content-type: application/json
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, private
access-control-allow-credentials: true
set-cookie: ka=7285c2c5-9c8d-4d03-8359-0870489d62b4|e760adaa-4253-4014-8de3-90cb370600f1|1620821672162; Max-Age=31536000; Expires=Thu, 12 May 2022 12:14:32 GMT; Path=/; HTTPOnly
accept-ranges: bytes
x-robots-tag: noindex
x-cache-hits: 0, 0

POST
H2 200 event.js
www.theonion.com/api/kala/t/ 159 B
813 B 116ms
116ms Ping
application/json 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/api/kala/t/event.js?e=eyJibG9nSWQiOiIxNjM2MDc5NTEwIiwiY29udGV4dElkIjoiMTYzNjA3OTUxMCIsInRhcmdldElkIjoiMTYzNjA3OTUxMCIsImNvbnRleHRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRUeXBlIjoiU1RSRUFNX1ZJRVciLCJ0YXJnZXRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRBdHRyaWJ1dGVzIjp7ImJsb2dOYW1lIjoid3d3LnRoZW9uaW9uLmNvbSIsImlzTG9nZ2VkSW4iOjB9LCJldmVudEF0dHJpYnV0ZXNFeHRlbmRlZCI6eyJyZXNwb25zaXZlVmVyc2lvbiI6IjEzNjQrIiwiZGV2aWNlQ2F0ZWdvcnkiOiJkZXNrdG9wIiwiYWRCbG9jayI6ImFkYmxvY2sgb2ZmIiwidGltZW91dCI6ZmFsc2UsInBvc3RzSW5TdHJlYW0iOlsiMTg0NjgwMTYyMiIsIjE4NDY4Mzg4MjIiLCIxODQ2ODcxODUxIiwiMTg0Njg0NTMwNCIsIjE4NDY4NzE1NDYiLCIxODQ2ODQ4OTY4IiwiMTg0Njg2MDQ1NCIsIjE4NDY4Njk2NTAiLCIxODQ2ODYwNTE1IiwiMTg0Njg0OTU5MyIsIjE4NDY4Mzg1OTQiLCIxODQ2ODYzODQwIiwiMTg0Njg0MTEzMSIsIjE4NDY4NDk2MDQiLCIxODQ2Nzk0ODU0IiwiMTg0Njc5MTQ2MyIsIjE4NDY3ODE3ODQiLCIxODQ2NzQyNDE4IiwiMTg0NjM1NjIxNCIsIjE4NDY4MTE0OTkiLCIxODQ2NzQyNzUxIiwiMTg0NjIwNDIzMyIsIjE4NDYxOTYxNDMiLCIxODQ2MTg3Nzk1IiwiMTg0NjgyODc4OSIsIjE4NDY3OTA0NzciLCIxODQ2NzkwNDc3IiwiMTg0NjgxMTUzOCIsIjE4NDY3MDI3OTIiLCIxODQ2Njk1NDM1IiwiMTg0NjQ2NzYyOCIsIjE4NDY2NDU0NzMiLCIxODQ2NTkzMjU2IiwiMTg0NjU1NDQ5OSIsIjE4NDY2NzczNzQiLCIxODQ2NjMwOTgxIiwiMTg0NjY5NDk2NyIsIjE4NDY4NzA1NzMiLCIxODQ2ODQ4OTY4IiwiMTg0NjgzODgyMiIsIjE4NDY4MzE5NzMiLCIxODQ2ODYyNzE2IiwiMTg0Njg0MDY1NCIsIjE4NDY4Mzg3MjYiLCIxODQ2ODI5MTAyIiwiMTg0Njg3MTg4NiIsIjE4NDY4NzE4NTEiLCIxODQ2ODYxNzg3IiwiMTg0Njg2MTc1OCJdLCJzb3J0aW5nVmlldyI6ImRlZmF1bHQiLCJwYWdlSW5kZXgiOjB9fQ==&cb=92

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/curatedHomepage.953508ca465bf52d1b08.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5d4c614600b11972eb2858a5a87c76c8acb7feef0066f4df89a47cfa5727bfe9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
origin: https://www.theonion.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: KinjaBucket=e; geocc=CH; lux_uid=162082167146666480; pageDepth=1; AMP_TOKEN=%24NOT_FOUND; _ga=GA1.2.464347664.1620821672; _gid=GA1.2.902532476.1620821672; _gat_unique=1; _gat=1; dd_rum_test=test; _dd_r=0
content-length: 0
:path: /api/kala/t/event.js?e=eyJibG9nSWQiOiIxNjM2MDc5NTEwIiwiY29udGV4dElkIjoiMTYzNjA3OTUxMCIsInRhcmdldElkIjoiMTYzNjA3OTUxMCIsImNvbnRleHRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRUeXBlIjoiU1RSRUFNX1ZJRVciLCJ0YXJnZXRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRBdHRyaWJ1dGVzIjp7ImJsb2dOYW1lIjoid3d3LnRoZW9uaW9uLmNvbSIsImlzTG9nZ2VkSW4iOjB9LCJldmVudEF0dHJpYnV0ZXNFeHRlbmRlZCI6eyJyZXNwb25zaXZlVmVyc2lvbiI6IjEzNjQrIiwiZGV2aWNlQ2F0ZWdvcnkiOiJkZXNrdG9wIiwiYWRCbG9jayI6ImFkYmxvY2sgb2ZmIiwidGltZW91dCI6ZmFsc2UsInBvc3RzSW5TdHJlYW0iOlsiMTg0NjgwMTYyMiIsIjE4NDY4Mzg4MjIiLCIxODQ2ODcxODUxIiwiMTg0Njg0NTMwNCIsIjE4NDY4NzE1NDYiLCIxODQ2ODQ4OTY4IiwiMTg0Njg2MDQ1NCIsIjE4NDY4Njk2NTAiLCIxODQ2ODYwNTE1IiwiMTg0Njg0OTU5MyIsIjE4NDY4Mzg1OTQiLCIxODQ2ODYzODQwIiwiMTg0Njg0MTEzMSIsIjE4NDY4NDk2MDQiLCIxODQ2Nzk0ODU0IiwiMTg0Njc5MTQ2MyIsIjE4NDY3ODE3ODQiLCIxODQ2NzQyNDE4IiwiMTg0NjM1NjIxNCIsIjE4NDY4MTE0OTkiLCIxODQ2NzQyNzUxIiwiMTg0NjIwNDIzMyIsIjE4NDYxOTYxNDMiLCIxODQ2MTg3Nzk1IiwiMTg0NjgyODc4OSIsIjE4NDY3OTA0NzciLCIxODQ2NzkwNDc3IiwiMTg0NjgxMTUzOCIsIjE4NDY3MDI3OTIiLCIxODQ2Njk1NDM1IiwiMTg0NjQ2NzYyOCIsIjE4NDY2NDU0NzMiLCIxODQ2NTkzMjU2IiwiMTg0NjU1NDQ5OSIsIjE4NDY2NzczNzQiLCIxODQ2NjMwOTgxIiwiMTg0NjY5NDk2NyIsIjE4NDY4NzA1NzMiLCIxODQ2ODQ4OTY4IiwiMTg0NjgzODgyMiIsIjE4NDY4MzE5NzMiLCIxODQ2ODYyNzE2IiwiMTg0Njg0MDY1NCIsIjE4NDY4Mzg3MjYiLCIxODQ2ODI5MTAyIiwiMTg0Njg3MTg4NiIsIjE4NDY4NzE4NTEiLCIxODQ2ODYxNzg3IiwiMTg0Njg2MTc1OCJdLCJzb3J0aW5nVmlldyI6ImRlZmF1bHQiLCJwYWdlSW5kZXgiOjB9fQ==&cb=92
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: www.theonion.com
referer: https://www.theonion.com/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-ua-device: desktop
x-kinja: kinja-kala-kube03-7cd7c5cdff-g2dwr #55
x-cdn-fetch: mantle-setcookie
content-length: 154
x-xss-protection: 1; mode=block
x-served-by: cache-bwi5122-BWI, cache-hhn4052-HHN
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-timer: S1620821672.107848,VS0,VE94
x-frame-options: DENY
date: Wed, 12 May 2021 12:14:32 GMT
vary: Accept-Encoding,Origin
content-type: application/json
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, private
access-control-allow-credentials: true
set-cookie: ka=d011e6e4-8e47-46b3-be8e-87389cf9d385|39edee3d-0fac-4c3d-8271-6436a1c44ed3|1620821672154; Max-Age=31536000; Expires=Thu, 12 May 2022 12:14:32 GMT; Path=/; HTTPOnly
accept-ranges: bytes
x-robots-tag: noindex
x-cache-hits: 0, 0

GET
H2 200 rtbsmpubs.php Show response
hbx.media.net/ 58 KB
3 KB 201ms
200ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&cid=8CUL2TG3D&region=eu&ptrid=8PRL4E7N3&requestString=223272391*23%7C300x250%7C1722916%7C18816326%7C%7C%7C1%40223272391*29%7C300x250%7C12156%7C317160_1626478_15%7C%7C%7C1%40223272391*51%7C300x250%7C1703006%7C18682188%7C0.43%7C%7C1%40223272391*97%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C0.55%7C%7C1%40223272391*106%7C300x250%7C541006788%7C541006803%7C%7C%7C1%40223272391*145%7C300x250%7C100600%7C18682188%7C0.41%7C%7C1%40223272391*172%7C300x250%7C8CUL2TG3D%7C18764471%7C0.33%7C%7C1%40223272391*175%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C0.44%7C%7C1%40223272391*201%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C0.37%7C%7C1%40223272391*222%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C0.37%7C%7C1%40223272391*228%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C%7C%7C1%40223272391*246%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C%7C%7C1%40223272391*251%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C%7C%7C1%40283886783*23%7C970x90~728x90~970x250%7C1722916%7C18816313~18816313~18816313%7C%7C%7C1%40283886783*29%7C970x250~728x90~970x90%7C12156%7C317160_1626430_45~317160_1626430_2~317160_1626430_57%7C%7C%7C1%40283886783*51%7C728x90~970x90~970x250%7C1703006%7C18682195~18682195~18682195%7C0.43%7C%7C1%40283886783*97%7C970x250~970x90~728x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.55%7C%7C1%40283886783*106%7C970x90~728x90~970x250%7C541006788%7C541006797~541006797~541006797%7C%7C%7C1%40283886783*145%7C728x90~970x90~970x250%7C100600%7C499199~499199~499199%7C0.41%7C%7C1%40283886783*172%7C728x90~970x90~970x250%7C8CUL2TG3D%7C18685548~18685548~18685548%7C0.33%7C%7C1%40283886783*175%7C970x250~970x90~728x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.44%7C%7C1%40283886783*201%7C728x90~970x90~970x250%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.37%7C%7C1%40283886783*203%7C970x250~970x90~728x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.28%7C%7C1%40283886783*222%7C970x250~728x90~970x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.37%7C%7C1%40283886783*228%7C728x90~970x90~970x250%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C%7C%7C1%40283886783*236%7C970x90~728x90~970x250%7C159463%7C2927740_715385~2927740_715385~2927740_715385%7C0.33%7C%7C1%40283886783*246%7C728x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D%7C%7C%7C1%40283886783*251%7C970x250~970x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C%7C%7C1%40395631964*23%7C300x250%7C1722916%7C18816310%7C%7C%7C1%40395631964*29%7C300x250%7C12156%7C317160_1626416_15%7C%7C%7C1%40395631964*51%7C300x250%7C1703006%7C18682192%7C0.43%7C%7C1%40395631964*97%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.55%7C%7C1%40395631964*106%7C300x250%7C541006788%7C541006794%7C%7C%7C1%40395631964*145%7C300x250%7C100600%7C499196%7C0.41%7C%7C1%40395631964*172%7C300x250%7C8CUL2TG3D%7C18685545%7C0.33%7C%7C1%40395631964*175%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.44%7C%7C1%40395631964*201%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.37%7C%7C1%40395631964*203%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.28%7C%7C1%40395631964*222%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.37%7C%7C1%40395631964*228%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C%7C%7C1%40395631964*236%7C300x250%7C159463%7C2927740_715385%7C0.33%7C%7C1%40395631964*246%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C%7C%7C1%40395631964*251%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C%7C%7C1%40737331266*23%7C300x250~300x600%7C1722916%7C18816316~18816316%7C%7C%7C1%40737331266*29%7C300x600~300x250%7C12156%7C317160_1626436_10~317160_1626436_15%7C%7C%7C1%40737331266*51%7C300x250~300x600%7C1703006%7C18682197~18682197%7C0.43%7C%7C1%40737331266*97%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.55%7C%7C1%40737331266*106%7C300x250~300x600%7C541006788%7C541006800~541006800%7C%7C%7C1%40737331266*145%7C300x600~300x250%7C100600%7C499201~499201%7C0.41%7C%7C1%40737331266*172%7C300x250~300x600%7C8CUL2TG3D%7C18685610~18685610%7C0.33%7C%7C1&crid=223272391%2C283886783%2C395631964%2C737331266&sd=-1&requrl=https%3A%2F%2Fwww.theonion.com%2F&bl=1&rt=5&dn=https://www.theonion.com&https=1&act=headerBid&prvReqId=306693341655177641620821672181&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.2727970396955075&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A6227%7D&itype=HB&cc=CH&rc=ZH&ct=ZURICH&sid=7656&tmt=200&prid=8PRVCXX19&ssa=1&gcp=1&switch=1&callback=window.advBidxc.rtbsheaderBid1S0

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

18f0d90879772af94b6517a86fdccebbfe13c895208dd7943324e9f6aa9f2b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Wed, 12 May 2021 12:14:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 2670
x-mnet-hl2: E
expires: Wed, 12 May 2021 12:14:32 GMT

POST
H/1.1 200
OK / Show response
colossusssp.com/ 2 B
243 B 476ms
154ms XHR
application/json 88.214.207.207
NATCOWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://colossusssp.com/?c=o&m=multi
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 88.214.207.207 , United Kingdom, ASN46636 (NATCOWEB, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.theonion.com
Date: Wed, 12 May 2021 12:14:36 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 2
Content-Type: application/json

GET
H2 200 rtbsmpubs.php Show response
hbx.media.net/ 10 KB
1 KB 61ms
61ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&cid=8CUL2TG3D&region=eu&ptrid=8PRL4E7N3&requestString=737331266*175%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.44%7C%7C1%40737331266*201%7C300x600~300x250%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.37%7C%7C1%40737331266*203%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.28%7C%7C1%40737331266*222%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.37%7C%7C1%40737331266*228%7C300x600~300x250%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C%7C%7C1%40737331266*236%7C300x250~300x600%7C159463%7C2927740_715385~2927740_715385%7C0.33%7C%7C1%40737331266*246%7C300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D%7C%7C%7C1%40737331266*251%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C%7C%7C1&crid=737331266&sd=-1&requrl=https%3A%2F%2Fwww.theonion.com%2F&bl=1&rt=5&dn=https://www.theonion.com&https=1&act=headerBid&prvReqId=234990647062814551620821672191&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.26773785544044304&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A6227%7D&itype=HB&cc=CH&rc=ZH&ct=ZURICH&sid=7656&tmt=200&prid=8PRVCXX19&ssa=1&gcp=1&callback=window.advBidxc.rtbsheaderBid1S1

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

3917bbc98bcd38c813bbe6857e24b5d82a03d8116a296d34e1a631c5a1956ec2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Wed, 12 May 2021 12:14:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 1194
x-mnet-hl2: E
expires: Wed, 12 May 2021 12:14:32 GMT

GET
H2 200 config Show response
prebid.media.net/rtb/prebid/analytics/ 44 B
222 B 99ms
37ms XHR
application/json 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid/analytics/config?cid=8CU74RYRS&dn=www.theonion.com
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6123ac967d1ab79ef7093374f3156aa4143f4b0ea081a5e0356fbf55fcb40cb4

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 May 2021 12:14:32 GMT
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.theonion.com
cache-control: max-age=558
access-control-allow-credentials: true
content-length: 44
expires: Wed, 12 May 2021 12:23:50 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
688 B 136ms
92ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=223310&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221a913e2ba6bd7c%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.theonion.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A1%2C%22msi%22%3A1%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2222784d93d86607%22%2C%22ext%22%3A%7B%22siteID%22%3A%22223310%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22327eacd52fb632%22%2C%22ext%22%3A%7B%22siteID%22%3A%22223309%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%224195d58326698c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22223311%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2222784d93d86607%22%2C%22ext%22%3A%7B%22siteID%22%3A%22223310%22%2C%22sid%22%3A%22970x251%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A251%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94d647beae028fa58c0290080f2ca6cd0ec88b5fdc51a401864ec1cd433a8af2

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:32 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.156.175.107], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.theonion.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 44
x-ak-client-geo: 12
expires: Wed, 12 May 2021 12:14:32 GMT

GET
H/1.1

200
OK

hb Show response
sofia.trustx.org/ul_cb/
Redirect Chain

https://sofia.trustx.org/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=5f8b1138c0d336&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=5f8b1138c0d336&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeo...

2 B
825 B

134ms
134ms

XHR
application/json

35.211.168.6
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=5f8b1138c0d336&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.211.168.6 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 6.168.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 12 May 2021 12:14:32 GMT
Server: nginx
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Content-Length: 2

Redirect headers

Date: Wed, 12 May 2021 12:14:32 GMT
Server: nginx
Access-Control-Allow-Origin: https://www.theonion.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=5f8b1138c0d336&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 290ms
148ms XHR
application/json 213.19.162.61
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12156&site_id=243700&zone_id=1361938&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rf=https%3A%2F%2Fwww.theonion.com%2F&tk_flint=pbjs_lite_v4.17.0&x_source.tid=dc6b2c4a-4ad6-4535-ada3-69a75ce2d79d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3764101629651042
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.61 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 392d86a7939819e2c66e6119fd2619c362f950d7f56b5a7ec80333c949871ccb

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:32 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
146 B 143ms
48ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.17.0&cb=39069413965
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.theonion.com
date: Wed, 12 May 2021 12:14:32 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
748 B 95ms
50ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96945a017373a17480a71120f0035f&pos=d-atf-top-728x90_970x250_970x90_2&cmd=bid&secure=1
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: e51bf05139b07aadb61ae64ba50759e715fb306003e97489a3e7865098e4ab88

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 12 May 2021 12:14:32 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
748 B 96ms
52ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96945a017373a17480a71120f0035f&pos=top_banner_728x90&cmd=bid&secure=1
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: 4615e6cc9388c895f8d0abe74b485076270e2bb13b311866e27bf4680342e1ca

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 12 May 2021 12:14:32 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
748 B 152ms
105ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96945a017373a17480a71120f0035f&pos=d-atf-top-728x90_970x250_970x90_3&cmd=bid&secure=1
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: 9000f4bba14a2516df65d76529948e70a55cc7dbf73f74407409fe2ea74b7a73

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 12 May 2021 12:14:32 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
748 B 114ms
65ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96945a017373a17480a71120f0035f&pos=d-atf-top-728x90_970x250_970x90_1&cmd=bid&secure=1
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: 0b77092feebb9e3f84d07e5b471826b60eb77ea623f65e18398872103af1ae03

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 12 May 2021 12:14:32 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 330 B
540 B 45ms
45ms XHR
application/json 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU74RYRS
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 75c1a4073b215e661d060a6ea643c91b987cfabde7c2336de23f595f2a004e20

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:32 GMT
server: nginx
content-type: application/json;charset=ISO-8859-1
access-control-allow-origin: https://www.theonion.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 330
expires: Wed, 12 May 2021 12:14:32 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 134ms
68ms XHR
application/json 185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

d98a6f2b012dc37c7940261b5ddb5a6883c546d7e72b71f7987559bd330d70d8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:32 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.50:80
AN-X-Request-Uuid: 956fa00d-c04e-44d1-affb-1444b2c13615
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 127ms
64ms XHR
application/json 185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

19169c6501d19fe5db8d41fbb60d85273b91a076968f7f98fa7afaaad5ac913a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:32 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.154:80
AN-X-Request-Uuid: e0ee7c8a-213e-45da-9add-27d4bd551510
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
688 B 101ms
80ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=241226&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2222a75235e0b27f3%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.theonion.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2223463ad8cc2ce01%22%2C%22ext%22%3A%7B%22siteID%22%3A%22241226%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bcb45162f4767c27d523264f079fe50608d937d6efd881e1b2dca221c195c9e0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:32 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.156.175.107], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.theonion.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 45
x-ak-client-geo: 12
expires: Wed, 12 May 2021 12:14:32 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
146 B 126ms
49ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.17.0&cb=56562533474
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.theonion.com
date: Wed, 12 May 2021 12:14:32 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
2 KB 258ms
122ms XHR
application/json 213.19.162.61
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12156&site_id=243700&zone_id=1361946&size_id=15&p_pos=atf&rf=https%3A%2F%2Fwww.theonion.com%2F&tk_flint=pbjs_lite_v4.17.0&x_source.tid=ee51b02e-f24a-457e-bcae-9d38b63e614a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.11363623001027157
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.61 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 6e7bdf560a993758bb4f9f245f305b4a61a21d0837e2cebbe38cdbbd089adfca

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:32 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1

200
OK

hb Show response
sofia.trustx.org/ul_cb/
Redirect Chain

https://sofia.trustx.org/hb?pt=net&auids=9634&sizes=300x250&r=28b57bc50731a69&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9634&sizes=300x250&r=28b57bc50731a69&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000

2 B
825 B

127ms
126ms

XHR
application/json

35.211.168.6
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9634&sizes=300x250&r=28b57bc50731a69&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.211.168.6 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 6.168.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 12 May 2021 12:14:32 GMT
Server: nginx
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Content-Length: 2

Redirect headers

Date: Wed, 12 May 2021 12:14:32 GMT
Server: nginx
Access-Control-Allow-Origin: https://www.theonion.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9634&sizes=300x250&r=28b57bc50731a69&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 330 B
540 B 46ms
46ms XHR
application/json 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU74RYRS
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 901d82537d8e767614ff78f1cd654fca23d9252894b3d842c950ef875694d284

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:32 GMT
server: nginx
content-type: application/json;charset=ISO-8859-1
access-control-allow-origin: https://www.theonion.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 330
expires: Wed, 12 May 2021 12:14:32 GMT

GET
H2

403

insync
thrtle.com/
Redirect Chain

https://px.britepool.com/new?partner_id=t
https://thrtle.com/insync?vxii_pid=10054&vxii_pdid=eb17aa97-c5d7-43b9-a416-f599df77883d

0
0

345ms
113ms

Image
text/html

3.212.71.107
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thrtle.com/insync?vxii_pid=10054&vxii_pdid=eb17aa97-c5d7-43b9-a416-f599df77883d
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.71.107 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-71-107.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Date: Wed, 12 May 2021 12:14:32 GMT
Server: nginx
Vary: negotiate,Accept-Encoding
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://thrtle.com/insync?vxii_pid=10054&vxii_pdid=eb17aa97-c5d7-43b9-a416-f599df77883d
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Length: 0
X-Xss-Protection: 0
X-Request-Id: b78eb3fc795e0e053bac3236da45e9e4
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=6770184&ns__t=1620821672282&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=
https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1620821672282&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=

64 B
329 B

24ms
24ms

Image
image/gif

13.224.95.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1620821672282&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-18.zrh50.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:32 GMT
via: 1.1 c07945b00aad28e34fbfebb3d3907061.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: 8L89Zghf386Y0Tj6Efh0ZWof0mbj1Br8UEkzMOeRVRcgr1L3q4Ua8w==

Redirect headers

date: Wed, 12 May 2021 12:14:32 GMT
via: 1.1 c07945b00aad28e34fbfebb3d3907061.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1620821672282&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America's%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=
content-length: 211
x-amz-cf-id: bICCmm3YM0NJGCsurXG0G8FqqFGD8itpdwwyywwSOm1tRqhabDHb_w==

GET
H2 200 ping
ping.chartbeat.net/ 43 B
169 B 345ms
117ms Image
image/gif 3.233.246.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=theonion.com&p=%2F&u=caf6c1FNugCxkZj7&d=theonion.com&g=3012&g0=www.theonion.com&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=6227&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1496&t=B5lSCJCgSBMzCk3yTTCq73kZBAuRds&V=126&i=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&tz=-120&sn=1&sv=CYRHrSBCeLLRBaXW4pDxDX7oBTSp0S&sd=1&im=067b2ff3&_
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.233.246.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-233-246-167.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:32 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 129 B
513 B 246ms
246ms XHR
text/javascript 13.224.103.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3076&u=https%3A%2F%2Fwww.theonion.com%2F&pid=ibrItoP53EhDX&cb=0&ws=1600x1200&v=7.64.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x251%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F4246%2Ffmg.onion%2Ffrontpage_top-banner%22%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.103.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-103-105.zrh50.r.cloudfront.net
Software: Server /
Resource Hash: 2556f59b2cd53ed4796e3321c14f626f90f8e739ee20e14d70ddc96908785cad

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:32 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: ZRH50-C1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.theonion.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 134
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-id: _VbGsPq8Gymoz2dpA-aTOvKYufMYLAwnfXF2xAZ0wNejkXOO9tuFDw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 129 B
512 B 262ms
261ms XHR
text/javascript 13.224.103.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3076&u=https%3A%2F%2Fwww.theonion.com%2F&pid=ibrItoP53EhDX&cb=1&ws=1600x1200&v=7.64.00&t=1000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F4246%2Ffmg.onion%2Ffrontpage_left_top%22%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.103.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-103-105.zrh50.r.cloudfront.net
Software: Server /
Resource Hash: ab367e8880530a7949a5a5cffe5aed8ffe313413238fe8b1f6e9d8b5c1060614

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:32 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: ZRH50-C1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.theonion.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 134
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-id: j-JvBfpqpnzcoECnow6WzOgjEAvYJfsxVHg8JPYwH7W0aO2_7w-KHg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 48ms
15ms XHR
application/javascript 13.224.103.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.103.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-103-105.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 17:46:45 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 66468
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript
x-amz-cf-id: Oz-_4EZg6J-d_fjyDzE60IPPDdIifC1HI5a8WfA1bXqH8Xi6-N_cpw==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
88 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-223393-1&cid=464347664.1620821672&jid=1028745996&gjid=1510952654&_gid=902532476.1620821672&_u=aGDACEAAFAQCAC~&z=1357199727

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 12 May 2021 12:14:32 GMT
content-type: text/plain
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-142218-33&cid=464347664.1620821672&jid=492303485&gjid=1158699863&_gid=902532476.1620821672&_u=aGDACEABFAQCAC~&z=824183506

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 12 May 2021 12:14:32 GMT
content-type: text/plain
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK a551dae6-d332-4bc8-ab9c-8d052943998b
https://www.theonion.com/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.theonion.com/a551dae6-d332-4bc8-ab9c-8d052943998b
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

POST
H2 200 check Show response
connect.scroll.com/embed/ 0
1 KB 163ms
126ms XHR
application/json 35.201.100.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.scroll.com/embed/check

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.100.179 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

179.100.201.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name

Value

Content-Security-Policy

default-src https: 'unsafe-eval' 'unsafe-inline'; child-src blob:;frame-ancestors https: http:; object-src 'none'; img-src 'self' https://*.scroll.com https://logo-scroll.imgix.net https://u-scroll.imgix.net https://pub-scroll.imgix.net https://scroll-static.imgix.net https://scroll.imgix.net https://logo-scratch-scroll.imgix.net https://www.google-analytics.com https://www.googletagmanager.com https://*.stripe.com data: https://static.scroll.com https://assets.scroll.com https://scroll.com; connect-src 'self' https://api.stripe.com https://checkout.stripe.com https://sentry.io https://o74190.ingest.sentry.io https://www.google-analytics.com https://fonts.googleapis.com https://*.scroll.com https://static.scroll.com https://api.scroll.com/v1/; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://accounts.google.com https://static.scroll.com https://assets.scroll.com https://scroll.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com/ https://use.typekit.net https://p.typekit.net https://static.scroll.com https://assets.scroll.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://static.scroll.com https://assets.scroll.com; script-src 'self' 'unsafe-inline' https://js.stripe.com/v3/ https://checkout.stripe.com https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://static.scroll.com https://assets.scroll.com 'nonce-null' 'strict-dynamic';

Strict-Transport-Security

max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 12 May 2021 12:14:32 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.theonion.com
access-control-allow-credentials: true
content-security-policy: default-src https: 'unsafe-eval' 'unsafe-inline'; child-src blob:;frame-ancestors https: http:; object-src 'none'; img-src 'self' https://*.scroll.com https://logo-scroll.imgix.net https://u-scroll.imgix.net https://pub-scroll.imgix.net https://scroll-static.imgix.net https://scroll.imgix.net https://logo-scratch-scroll.imgix.net https://www.google-analytics.com https://www.googletagmanager.com https://*.stripe.com data: https://static.scroll.com https://assets.scroll.com https://scroll.com; connect-src 'self' https://api.stripe.com https://checkout.stripe.com https://sentry.io https://o74190.ingest.sentry.io https://www.google-analytics.com https://fonts.googleapis.com https://*.scroll.com https://static.scroll.com https://api.scroll.com/v1/; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://accounts.google.com https://static.scroll.com https://assets.scroll.com https://scroll.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com/ https://use.typekit.net https://p.typekit.net https://static.scroll.com https://assets.scroll.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://static.scroll.com https://assets.scroll.com; script-src 'self' 'unsafe-inline' https://js.stripe.com/v3/ https://checkout.stripe.com https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://static.scroll.com https://assets.scroll.com 'nonce-null' 'strict-dynamic';
alt-svc: clear
content-length: 0

GET
H2 200 ijs_all_modules_110149239cfc1cf273ad0a0461dc0f80.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 467 KB
113 KB 48ms
16ms Script
text/javascript 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_110149239cfc1cf273ad0a0461dc0f80.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 8f8323312bd3a3860255765e061c169c14fcb7cab186df887c845edc34543f58

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 13:01:05 GMT
content-encoding: gzip
age: 429207
x-guploader-uploadid: ABg5-UwMhyp-aGNoHA5geu9GFXr3gdrVY1yAursLKgm5XSrO6qEXXxB9-_CEZM23-9tgL63l6Ddvv86RVfy0Lu5cbf9aJ4PUvw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 114904
last-modified: Fri, 07 May 2021 13:01:01 GMT
server: UploadServer
etag: "efe74081e63995af3d7aeb770faff329"
vary: Accept-Encoding
x-goog-hash: crc32c=SiNEug==, md5=7+dAgeY5la89eut3D6/zKQ==
x-goog-generation: 1620392461963245
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 114904
accept-ranges: bytes
content-type: text/javascript
expires: Sat, 07 May 2022 13:01:05 GMT

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
545 B 130ms
43ms XHR
application/json 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=183957&gdpr=0
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: c67ad2d9238a59e431c3dde1e0012739faf0cf3cf40fe9a103169fb90c4e2b73

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 12 May 2021 12:14:32 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.theonion.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Fri, 11 Jun 2021 12:14:32 GMT

GET
H2 451 identity Show response
api.rlcdn.com/api/ 0
222 B 60ms
28ms XHR
text/plain 34.120.133.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 55.133.120.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 12 May 2021 12:14:32 GMT
via: 1.1 google
alt-svc: clear
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://www.theonion.com
access-control-allow-credentials: true
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length: 0

GET
H/1.1 200
OK any Show response
idx.liadm.com/idex/ie/ 206 B
688 B 461ms
121ms XHR
application/json 34.237.40.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idx.liadm.com/idex/ie/any

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.237.40.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-237-40-131.compute-1.amazonaws.com

Software

Resource Hash

fa40ab2039a7d204069b37e1236b7ca1ed0f38caf2181528aabb0d14139bcc07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Wed, 12 May 2021 12:14:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
trace-id: a7d9d6895bfbe039
Content-Length: 206

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 32ms
30ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-142218-33&cid=464347664.1620821672&jid=492303485&_u=aGDACEABFAQCAC~&z=153765370

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 34ms
32ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-142218-33&cid=464347664.1620821672&jid=492303485&_u=aGDACEABFAQCAC~&z=153765370

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 connatix.playspace.css
cds.connatix.com/p/116348/ 102 KB
14 KB 20ms
20ms Stylesheet
text/css 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/116348/connatix.playspace.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b16c29c3239cef6d04df226355334699c8c5099cf6b64ff30fa488c7a24a085a

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:32 GMT
content-encoding: br
last-modified: Mon, 10 May 2021 05:19:14 GMT
age: 197605
etag: "40c3a4e7a5edf8c2bf177f2280abe451"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 14330

POST
H/1.1 200
OK story Show response
capi.connatix.com/core/ 752 B
912 B 517ms
136ms XHR
multipart/form-data 3.18.8.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/story?v=116348
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.8.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-8-90.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 09ecc8c79c5542a48d504d994dfcea68a71cd61d7d58168c7b275ef5083b899e

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 May 2021 12:14:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 634

GET
H2 200 local_storage_frame16.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame 204F 2 KB
1 KB 17ms
17ms Document
text/html 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60

Request headers

:method: GET
:authority: assets.bounceexchange.com
:scheme: https
:path: /assets/bounce/local_storage_frame16.min.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

x-guploader-uploadid: ABg5-UxqVbEGuJZ-PjqL79XW2NgVG3Nk_LE95jFYtK0oIDbtRCyyIYxXfI_GaqAiHHM1Pc3YNuuIEQZlHUZdlC0gL0E
date: Thu, 06 May 2021 13:02:48 GMT
expires: Fri, 06 May 2022 13:02:48 GMT
last-modified: Tue, 04 May 2021 18:37:44 GMT
etag: "ff16135219c2765890bd84292ac58b05"
x-goog-generation: 1620153464294457
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1055
content-type: text/html; charset=UTF-8
content-encoding: gzip
x-goog-hash: crc32c=vFWVhw== md5=/xYTUhnCdliQvYQpKsWLBQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1055
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
server: UploadServer
age: 515504
cache-control: public,max-age=31536000
alt-svc: clear

GET
H/1.1

200
OK

Cookie set iu3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 2955
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t

251 B
940 B

202ms
201ms

Document
text/html

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 9289f9c58f51cfe5a65efcc0ff8559af4ce2f3ade98196e38e263f1bca399ac6

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.theonion.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A4i1nJKhvka1sdnRz9r9m94|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

Server: Server
Date: Wed, 12 May 2021 12:14:32 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 203
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=A4i1nJKhvka1sdnRz9r9m94; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jan-2022 12:14:32 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Wed, 01-Jul-2026 12:14:32 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

Redirect headers

Server: Server
Date: Wed, 12 May 2021 12:14:32 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Set-Cookie: ad-id=A4i1nJKhvka1sdnRz9r9m94|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jan-2022 12:14:32 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 36 B
281 B 157ms
119ms Script
text/html 35.227.229.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklz=C4ewVgigvArgdgEwKYDMCWckIGQGNgDOUAjAGwBMADABzlkDs5p9AzNsAF4hQC0xV2AO5IARgTTAkAfTQIoLUgBYArNgBOSAiAA2MYGhBwSpSpQAe-U+tRI1GtVDwBDbdowBzKTDXaoAC2BgAAcCAFIWAEFQ8gAxaJjBRIA6YD8kQwM4JNwQAFt47AA3NHFgKRyQAGs0JChQ+gAhaPJtIObwqPJyAOCw8mVI6OVYodjEwRS0jMNsvNG4ruiAYWa1dsHFxfoAETwQKpq6xvrdwqc1AgBtBBQgqTURbRBcSoBdKDgQMo0nBABPPYHaSgEBSbTndy1FAuAhIbAiIJQSjYJDBKCXV7YIKERw5XJBNxOOC4aQocHuRyFPxOKBAA
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.229.34 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 34.229.227.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:32 GMT
via: 1.1 google
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
server: nginx
content-encoding: gzip
alt-svc: clear
content-type: text/html; charset=UTF-8

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
799 B 36ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=www.theonion.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 May 2021 12:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.theonion.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 May 2021 12:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 14 KB
8 KB 722ms
722ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1203628608458166&correlator=929885900331483&output=ldjh&impl=fif&eid=31060784%2C21068030&vrg=2021050601&ptt=17&sc=1&sfv=1-0-38&ecs=20210512&iu_parts=4246%2Cfmg.onion%2Cfrontpage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&prev_scp=article_position%3Dnone%26pos%3Dleft_top%26page%3Dfrontpage%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26ad_index%3D1%26amznbid%3D2%26amznp%3D2%26mnetDNB%3D1%26mnetPageID%3D3%26mnetCV%3D3%26mnetCC%3DCH%26mnetUGD%3D4&eri=1&cust_params=tags%3D%26blogName%3Dtheonion%26category%3D%26mnetDNB300x250%3D1%26mnetPageID300x250%3D1%26mnetCC300x250%3DCH&cookie_enabled=1&bc=31&abxe=1&lmt=1620821672&dt=1620821672806&dlt=1620821671145&idt=1058&frm=20&biw=1600&bih=1200&oid=3&adxs=1149&adys=4558&adks=331020001&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.theonion.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=301x384&msz=301x0&ga_vid=464347664.1620821672&ga_sid=1620821673&ga_hid=14494557&ga_fc=false&fws=4&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

8e62bbeef76338ef4a87c5392b7604254f0d2f6cf15e576991b47f0366218e9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8431
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 49ms
14ms Other
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 12 KB
7 KB 976ms
975ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1203628608458166&correlator=2920532715179335&output=ldjh&impl=fif&eid=31060784%2C21068030&vrg=2021050601&ptt=17&sc=1&sfv=1-0-38&ecs=20210512&iu_parts=4246%2Cfmg.onion%2Cfrontpage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250%7C970x251%7C970x90%7C728x90&prev_scp=article_position%3Dnone%26pos%3Dtop%26page%3Dfrontpage%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26ad_index%3D1%26amznbid%3D2%26amznp%3D2%26mnetDNB%3D1%26mnetPageID%3D2%26mnetCV%3D3%26mnetCC%3DCH%26mnetUGD%3D4&eri=1&cust_params=tags%3D%26blogName%3Dtheonion%26category%3D%26mnetDNB300x250%3D1%26mnetPageID300x250%3D1%26mnetCC300x250%3DCH&cookie_enabled=1&bc=31&abxe=1&lmt=1620821672&dt=1620821672822&dlt=1620821671145&idt=1058&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=304&adks=3099211010&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.theonion.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x290&msz=1600x290&ga_vid=464347664.1620821672&ga_sid=1620821673&ga_hid=14494557&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

575cc699ac23ea15d41918da3a497ecef7edb8370c1abf1ebd26312728d2e1ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7344
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pr Show response
aax-eu.amazon-adsystem.com/s/v3/ Frame 3E46 1 KB
765 B 46ms
46ms Document
text/html 52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 724e1d3c710a798d807e235c66c8839f66c14d10ded86de1dde5bb692e53cb85

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A4i1nJKhvka1sdnRz9r9m94; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t

Response headers

Server: Server
Date: Wed, 12 May 2021 12:14:32 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 404
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame BFF7 2 KB
3 KB 109ms
52ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 3cac148c26b30717b9351164b43c83c094ee67caf869d0055725039044fb507e

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMDD=AAKdJwE*; CMST=YJvGqGCbxqgB; CMID=YJvGqMorAktYwzz-BHpVOwAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 241|230|39|45|4|57|13|46
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1768
Expires: Wed, 12 May 2021 12:14:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
Connection: keep-alive
Set-Cookie: CMID=YJvGqMorAktYwzz-BHpVOwAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 12 May 2022 12:14:33 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 10 Aug 2021 12:14:33 GMT CMPRO=1137;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 10 Aug 2021 12:14:33 GMT CMDD=AAKdJwE*;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 12:14:33 GMT CMST=YJvGqGCbxqkB;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 12:14:33 GMT CMRUM3=f1609bc6a905a0&e6609bc6a92760&39609bc6a905a0&0d609bc6a905a0&2d609bc6a905a0&04609bc6a905a0&2e609bc6a905a0&27609bc6a90b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 12 May 2022 12:14:33 GMT

GET
H2 403 tamptsync Show response
sync-amz.ads.yieldmo.com/ Frame FABE 243 B
481 B 209ms
181ms Document
application/xml 2600:9000:206f:4000:0:70b1:7080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:4000:0:70b1:7080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f1625db1ab672498b3249e9f458daaf604acf8961093e2599472bc0a498f8af1

Request headers

:method: GET
:authority: sync-amz.ads.yieldmo.com
:scheme: https
:path: /tamptsync?callback=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: application/xml
date: Wed, 12 May 2021 12:14:32 GMT
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: sbxJzST_ubQiDqxa5Xj-G2_ePOewrJR-N9fvN3sjYg5gCtX4NYD2kg==

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame D67D 281 B
554 B 88ms
28ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhKa2tmCxRUZWfOgl2qOqfPGrhL8vyf7mLiY/CRnOttFP9UQv1FULOQ3SgGDSlnlAWiFIP9hAlb/GLEgInpQWgEKRdU66TGfmMWV7/AA==; ses15=; vis15=243700^1; khaos=KOLFDIHB-1V-3KR1; ses2=; vis2=243700^1; audit=1|naVuGyos1qrMEDF68gYkzXp4/TMPY9Xw2v5OGX+t4JUfReE2Fcn7KeXEKZlbTbZIVorotD8haePMboWaW1ii7YPohHjd5quG
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 12 May 2021 12:14:33 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame CD36
Redirect Chain

https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com
https://aax-eu.amazon-adsystem.com/s/ecm3?id=3676790845161630885&ex=appnexus.com

43 B
344 B

48ms
47ms

Document
image/gif

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=3676790845161630885&ex=appnexus.com
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A4i1nJKhvka1sdnRz9r9m94; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Server
Date: Wed, 12 May 2021 12:14:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

Redirect headers

Server: nginx/1.17.9
Date: Wed, 12 May 2021 12:14:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://aax-eu.amazon-adsystem.com/s/ecm3?id=3676790845161630885&ex=appnexus.com
AN-X-Request-Uuid: b6ec3726-22b7-49f7-9925-aaab1858174c
Set-Cookie: uuid2=3676790845161630885; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 10-Aug-2021 12:14:33 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.138:80

GET
H/1.1

200
OK

ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 684F
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=13903419558157282127

43 B
344 B

59ms
48ms

Document
image/gif

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=13903419558157282127
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A4i1nJKhvka1sdnRz9r9m94; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Server
Date: Wed, 12 May 2021 12:14:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

Redirect headers

date: Wed, 12 May 2021 12:14:33 GMT
content-length: 0
location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=13903419558157282127
set-cookie: tluid=13903419558157282127; Max-Age=7776000; Expires=Tue, 10 Aug 2021 12:14:33 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

POST
H/1.1 200
OK sr Show response
capi.connatix.com/tr/ 0
297 B 126ms
125ms XHR
multipart/form-data 3.18.8.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=116348
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.8.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-8-90.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 May 2021 12:14:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 753a17f3-9014-465c-9c29-e4ddd53a2482.bin Show response
vid.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 2 KB
1 KB 62ms
20ms XHR
application/octet-stream 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/753a17f3-9014-465c-9c29-e4ddd53a2482.bin
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 76936b204033a460151a8be346aa6feeaa3118d4cddacb9184ca4349409d0a45

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
content-encoding: gzip
last-modified: Wed, 12 May 2021 03:23:33 GMT
age: 31123
etag: "40b9f0cd5cc13949832534f9c228d8cb"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 917

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 334 KB
115 KB 34ms
13ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d209a411ab8f27fff323faa31d022204583adcad739e7bb35b9ef504c55df37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117059
x-xss-protection: 0
expires: Wed, 12 May 2021 12:14:33 GMT

POST
H/1.1 200
OK ao Show response
capi.connatix.com/tr/ 0
297 B 126ms
125ms XHR
multipart/form-data 3.18.8.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=116348
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.8.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-8-90.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 May 2021 12:14:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ 117 B
426 B 533ms
161ms XHR
multipart/form-data 3.18.8.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=116348
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.8.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-8-90.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: b4697681781b6897cbd7e25d02b4ee47295179b34157ea66a88a15fd0d2bc706

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 May 2021 12:14:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK ps Show response
capi.connatix.com/tr/ 0
297 B 248ms
126ms XHR
multipart/form-data 3.18.8.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=116348
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.8.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-8-90.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 May 2021 12:14:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 428f19a7-b0ea-4965-a4f5-1a12c2b7d4e0.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 14 KB
14 KB 23ms
22ms Image
image/jpeg 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/428f19a7-b0ea-4965-a4f5-1a12c2b7d4e0.jpg?crop=590:404,smart&width=590&height=404&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 28fde232132691fa382574493db5ec316404fb19e6e8e10d70e64a2740293e03

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
age: 31596
etag: "OtywOUm8KoezoX+Nl2AZVWaVsVvuS78NLH8kMqTlB0Y"
access-control-max-age: 86400
fastly-io-info: ifsz=53173 idim=1200x675 ifmt=jpeg ofsz=13938 odim=590x404 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 13938

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 82 KB
27 KB 90ms
38ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/x-kinja-static/assets/new-client/adManager.addfdaedaf2bdf948553.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: d6b7472f98f400d0f4c24dea8eb9a90afb003eda04b32f86f48fddaf56f78fbf

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
content-encoding: gzip
last-modified: Mon, 10 May 2021 10:39:22 GMT
server: nginx
etag: W/"60990d5a-14816"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 May 2021 12:14:33 GMT

GET
H2 200 428f19a7-b0ea-4965-a4f5-1a12c2b7d4e0.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 11 KB
11 KB 21ms
20ms Image
image/jpeg 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/428f19a7-b0ea-4965-a4f5-1a12c2b7d4e0.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 303fc21a57976a4056e39549226934ffb9af09280ba83fdc5b8df9c5ee5abff0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
age: 31596
etag: "F4aa1RvFz47kjDJf9fsYxvnlpGjww+4lcjX6gO5xygA"
access-control-max-age: 86400
fastly-io-info: ifsz=53173 idim=1200x675 ifmt=jpeg ofsz=11288 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 11288

GET
H2 200 b64960c0-6028-4f36-8c64-ca34cc9536d2.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 22 KB
22 KB 21ms
20ms Image
image/jpeg 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/b64960c0-6028-4f36-8c64-ca34cc9536d2.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: bcc251ac1a861dec17cb39cd089bf4be1cb39f560e69273be3d38d745da51d55

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
age: 31596
etag: "6KbE2PHRlNm5V6eSc81TPdwglzf6+Xg3B/TxHlfnLLI"
access-control-max-age: 86400
fastly-io-info: ifsz=127780 idim=1200x675 ifmt=jpeg ofsz=22244 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 22244

GET
H2 200 33e83e99-e111-451a-9d2a-87a84191b096.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 24 KB
24 KB 21ms
21ms Image
image/jpeg 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/33e83e99-e111-451a-9d2a-87a84191b096.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d6e668bf0c21ef4274202a2bbef5d482b3caae18fd9f3f877bf8ce929a4e7f13

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
age: 31596
etag: "Uva92o/hbQbd+08vQGwTnHDLDoyF7Fi+ACaskVbYNg8"
access-control-max-age: 86400
fastly-io-info: ifsz=124643 idim=1200x675 ifmt=jpeg ofsz=24348 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 24348

GET
H2 200 1e3a23df-5c67-459b-a254-55098b16ce14.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 18 KB
19 KB 22ms
21ms Image
image/jpeg 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/1e3a23df-5c67-459b-a254-55098b16ce14.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dc680d436d373e6a96049bb377a03b99cd5279e3326051e860cea98e5086d25d

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
age: 31597
etag: "fF1Ygrs/l5papl9TQKk/sgP9MKwvILxt55FWnxoR49s"
access-control-max-age: 86400
fastly-io-info: ifsz=1114766 idim=1200x675 ifmt=png ofsz=18818 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 18818

GET
H2 200 45fc345a-7825-4afe-a1a6-d646c816ab0e.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 19 KB
20 KB 26ms
25ms Image
image/jpeg 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/45fc345a-7825-4afe-a1a6-d646c816ab0e.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 288ea89b19322f57deebd23e5cc13a7e99234699920b665cbba0b2428578e1c3

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
age: 31597
etag: "h3aDBLe9/nASyuxiW+x5MH/WkheZaJ1KDeCROSiHZVo"
access-control-max-age: 86400
fastly-io-info: ifsz=732330 idim=1200x675 ifmt=png ofsz=19843 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 19843

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame D67D 30 KB
9 KB 37ms
30ms Script
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 148cf0d73298f5d4f9bf3f7e8174a5a11e0abfab5e11b9274bfeb01a755d496d

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 12 May 2021 12:14:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 21:43:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=16160
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9236
Expires: Wed, 12 May 2021 16:43:53 GMT

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame BFF7 43 B
720 B 370ms
122ms Image
image/gif 72.21.206.140
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YJvGqMorAktYwzz_BHpVOwAABHEAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.21.206.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: 206-140.amazon.com
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame BFF7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJvGqMorAktYwzz_BHpVOwAABHEAAAIB&gdpr_consent=&us_privacy=&gdpr=
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YJvGqMorAktYwzz_BHpVOwAABHEAAAIB&gdpr_consent=&us_privacy=&gdpr=&google_tc=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEKTMGvKCGrr3vpxHaGrMYtw&google_cver=1

43 B
315 B

30ms
30ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEKTMGvKCGrr3vpxHaGrMYtw&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 12 May 2021 12:14:33 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEKTMGvKCGrr3vpxHaGrMYtw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame BFF7 70 B
264 B 65ms
55ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=39&cm_user_id=YJvGqMorAktYwzz-BHpVOwAA
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame BFF7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YJvGqMorAktYwzz-BHpVOwAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1

43 B
1 KB

46ms
46ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 12 May 2021 12:14:33 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BFF7
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8506371035693427673

43 B
1 KB

99ms
40ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8506371035693427673
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 12 May 2021 12:14:33 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8506371035693427673
pragma: no-cache
date: Wed, 12 May 2021 12:14:32 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame BFF7
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1870471595053401794

43 B
1 KB

63ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1870471595053401794
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 12 May 2021 12:14:33 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1870471595053401794
Date: Wed, 12 May 2021 12:14:33 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame BFF7
Redirect Chain

https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0638220400d33da89142788f&expiration=[EXPIRATION]
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0638220400d33da89142788f&expiration=[EXPIRATION]&C=1

43 B
1011 B

54ms
53ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0638220400d33da89142788f&expiration=[EXPIRATION]&C=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:45 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 12 May 2021 12:14:45 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0638220400d33da89142788f&expiration=[EXPIRATION]&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 316
Expires: Wed, 12 May 2021 12:14:45 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame BFF7
Redirect Chain

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3676790845161630885

43 B
1 KB

104ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3676790845161630885
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 12 May 2021 12:14:33 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.120:80
AN-X-Request-Uuid: dc5e3a54-3efa-40eb-af5c-21e3498307bb
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3676790845161630885
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK ecm3
aax-eu.amazon-adsystem.com/s/ Frame BFF7 43 B
344 B 65ms
56ms Image
image/gif 52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=index.com&id=YJvGqMorAktYwzz_BHpVOwAABHEAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 bridge3.457.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 93A2 573 KB
187 KB 35ms
22ms Document
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.457.0_en.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27e46ca80375bcfd0eacaa8e78a88b59c2a14605706440e27b5390260a8a1f3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.457.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 191824
date: Mon, 10 May 2021 19:35:20 GMT
expires: Tue, 10 May 2022 19:35:20 GMT
last-modified: Mon, 10 May 2021 19:28:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 146353
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 60ms
13ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Wed, 12 May 2021 12:14:33 GMT

GET
H3-29 200 bridge3.457.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 6AAC 573 KB
187 KB 14ms
6ms Document
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.457.0_en.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27e46ca80375bcfd0eacaa8e78a88b59c2a14605706440e27b5390260a8a1f3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.457.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 191824
date: Mon, 10 May 2021 19:35:20 GMT
expires: Tue, 10 May 2022 19:35:20 GMT
last-modified: Mon, 10 May 2021 19:28:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 146353
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 bridge3.457.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 07CA 573 KB
187 KB 11ms
8ms Document
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.457.0_en.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27e46ca80375bcfd0eacaa8e78a88b59c2a14605706440e27b5390260a8a1f3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.457.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 191824
date: Mon, 10 May 2021 19:35:20 GMT
expires: Tue, 10 May 2022 19:35:20 GMT
last-modified: Mon, 10 May 2021 19:28:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 146353
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame D67D
Redirect Chain

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KOLFDIHB-1V-3KR1&ex=d-rubiconproject.com&status=ok

43 B
344 B

48ms
48ms

Image
image/gif

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KOLFDIHB-1V-3KR1&ex=d-rubiconproject.com&status=ok
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:33 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KOLFDIHB-1V-3KR1&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame D362 36 KB
12 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 11:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 2149
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Wed, 12 May 2021 12:38:44 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 0904 36 KB
12 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 11:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 2149
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Wed, 12 May 2021 12:38:44 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 3F6E 36 KB
12 KB 19ms
16ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 11:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 2149
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Wed, 12 May 2021 12:38:44 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 82 KB
27 KB 66ms
23ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: d6b7472f98f400d0f4c24dea8eb9a90afb003eda04b32f86f48fddaf56f78fbf

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
content-encoding: gzip
last-modified: Mon, 10 May 2021 10:39:22 GMT
server: nginx
etag: W/"60990d5a-14816"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 May 2021 12:14:33 GMT

GET
H3-29 200 container.html Show response
269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4769 6 KB
3 KB 20ms
7ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 12 May 2021 12:14:32 GMT
expires: Thu, 12 May 2022 12:14:32 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 litype.php Show response
hbx.media.net/ 82 B
248 B 28ms
27ms Script
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/litype.php?&cid=8CUL2TG3D&lid=4519495657&sn=S0&callback=window.advBidxc.doRefresh

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

23abd3879c065de7044cf1997c8fbe169cbaaba9518d808a461f4a9a2ff3af70

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=604800
server: Apache
date: Wed, 12 May 2021 12:14:33 GMT
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=10800
content-length: 82
x-mnet-hl2: E
expires: Wed, 12 May 2021 15:14:33 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ef9a18aef9847638b3b4344a0b2ebed14e84fb0aeb8ce29292af06826a2580a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620696588139699"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28014
x-xss-protection: 0
expires: Wed, 12 May 2021 12:14:33 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame D67D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELgT5jt2On5fSeVUjgREJkA&google_cver=1

42 B
691 B

96ms
24ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELgT5jt2On5fSeVUjgREJkA&google_cver=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELgT5jt2On5fSeVUjgREJkA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame D67D
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/5mogXsqekcdmQWoetxsw2Mn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5801336479216645073

42 B
691 B

25ms
25ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5801336479216645073
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

date: Wed, 12 May 2021 12:14:33 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5801336479216645073
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame D67D 0
66 B 62ms
27ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame D67D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=0c58609b-c6a9-4e00-9595-b895755a36f1

42 B
691 B

25ms
25ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=0c58609b-c6a9-4e00-9595-b895755a36f1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

Date: Wed, 12 May 2021 12:14:37 GMT
Server: MT3 3709 11aaa92 master zrh-pixel-x26
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=0c58609b-c6a9-4e00-9595-b895755a36f1
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 12 May 2021 12:14:36 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame D67D 70 B
264 B 46ms
44ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D67D
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjRhNzI0OGUwNjY4YTM1NzIyMThiMDNjODM4ZmE4NjIyYjE5MGNiZA

170 B
188 B

33ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjRhNzI0OGUwNjY4YTM1NzIyMThiMDNjODM4ZmE4NjIyYjE5MGNiZA

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjRhNzI0OGUwNjY4YTM1NzIyMThiMDNjODM4ZmE4NjIyYjE5MGNiZA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame D67D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YJvGqgAAz-1PmQBg
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YJvGqgAAz-1PmQBg&_test=YJvGqgAAz-1PmQBg

42 B
691 B

24ms
23ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YJvGqgAAz-1PmQBg&_test=YJvGqgAAz-1PmQBg
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1620821674.070881,VS0,VE0
x-served-by: cache-hhn4034-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YJvGqgAAz-1PmQBg&_test=YJvGqgAAz-1PmQBg
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D67D
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09MRkRJSEItMVYtM0tSMQ==

170 B
188 B

32ms
31ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09MRkRJSEItMVYtM0tSMQ==

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09MRkRJSEItMVYtM0tSMQ==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 bl-165eba0-79d4efd1.js Show response
tagan.adlightning.com/gomedia/ Frame 4769 65 KB
20 KB 17ms
16ms Script
application/javascript 13.224.95.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/bl-165eba0-79d4efd1.js
Requested by: Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-16.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2252d99057cd26061913d9d6b86bc2f958b51fcaf62bea99f1f03f6e47a57f64

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 08 May 2021 18:09:11 GMT
content-encoding: gzip
age: 324322
x-cache: Hit from cloudfront
content-length: 19806
x-amz-meta-git_commit: 165eba0
last-modified: Sat, 08 May 2021 18:07:03 GMT
server: AmazonS3
etag: "fe871ac503a303479370b96bb0ebc6df"
x-amz-version-id: THtQbjWQSdsLfy7PezD3R_qntNpuNpmb
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: iQUCUIJrVC8-UZ_vTzDZzSqA2N5R0iWvg_Uk1RhYTxYfJfznj5MbIA==

GET
H2 200 b-49c6f47-cbbfc745.js Show response
tagan.adlightning.com/gomedia/ Frame 4769 69 KB
23 KB 17ms
15ms Script
application/javascript 13.224.95.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js
Requested by: Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-16.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d77beb93df130b7b138f3affbdb35abba9e51ca3437ba86c7216bd2746dcc1a3

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 19:31:35 GMT
content-encoding: gzip
age: 3170579
x-cache: Hit from cloudfront
content-length: 23076
x-amz-meta-git_commit: 49c6f47
last-modified: Mon, 05 Apr 2021 19:30:30 GMT
server: AmazonS3
etag: "0a7d5a16c55eb7e7e99bbede6a4cfde6"
x-amz-version-id: YXUvlAlX4KlnH3M.eaMo._kk8.YeX82I
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: jhSKcP33gP09lZdq0xLyJ2hq_wabm4eQpRy8fC4V7XY1m8RTfa3unQ==

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4769 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DmBJlM33qQEXoLIcswvD5mlvrSMKx8GrX3CE5B37Mz-xm-X4nxLl8jg9BinXmA2lCHr2oNsmO8UWDNeEdeDjyqu--l5S1Lxgw6kmkneteszbgaHck

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame 4769 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/window_focus_fy2019.js

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:09:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 May 2021 12:09:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4769 116 KB
35 KB 26ms
22ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e3de2e14d9c8708fe42cbb220f1c4d52b720493b1503aa266fac9361b64ac31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620696594685118"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36097
x-xss-protection: 0
expires: Wed, 12 May 2021 12:14:33 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame 4769 13 KB
6 KB 20ms
16ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:13:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 May 2021 12:13:21 GMT

GET
H3-29 200 container.html Show response
269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C8B6 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 12 May 2021 12:14:32 GMT
expires: Thu, 12 May 2022 12:14:32 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C773 478 B
408 B 16ms
16ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNXw5ghdA8jCbxkUcslVOvgmbrBheK7rhvlNCTpo7LatPK6ECCKaFYHihYh4xWHatRiP935Gn17xi4CNXAN_Mq34rb0teA

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNXw5ghdA8jCbxkUcslVOvgmbrBheK7rhvlNCTpo7LatPK6ECCKaFYHihYh4xWHatRiP935Gn17xi4CNXAN_Mq34rb0teA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMSbjXXytrdcVAn0Muw2q2V3yGRys5ixRRCfV63fD1qeHEzPrOB3tgbtxXJJA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 12 May 2021 12:14:33 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 12 May 2021 12:14:33 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4769 57 KB
23 KB 50ms
48ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BEYcVu9kA0tmQz7woh43LTS9bi-1Bg3WsOIzKeJn35TKPMOdlV4osqnqYRMP8T3_HYMT1AFiU2xtxNK6KJitg_USH0CFjcK3YKeMGHeVekVGnL8z5PYHyI8XZHdCCMdeZbug-Q5q4PFS-xNr5EW4yZrfZjcg&dbm_d=AKAmf-BPyCizSlLUcrBe__MTFX4ZMB2Jfn_wjQYxyaLUrH1k9WW1q6iyqv36nv5-ccZWGqDC01aL-r0YTnVfwfnUYjMju_7QCFZdDjnKpdzSefvBJDqOIzUhjJi2mwbmXqNcjp78NRlgwTP2TMMj0J3xOBTCh_ZNmiQL49r0c-HTAdU-Qex4HK7Ij-eSApiKkfbjnI_pY9H01i3Uo9YaW4Maw6PohytUDygYA8V3KKJuhFo8Nax-Yv9d-Za-Q06VxIEvzgAdYiN0dBicCChjiuRW0JengIKf6mWsd7sYzZCCjJy3XHHwANQo3nn5vXOy-59xltMuQ5EL3le2fxl9jGsVXZO4mK4sSjN9CncLl6SZWQqwwdZ-IpzHs0UNghSnZhQ5BMchDA93GQO8qXnNOsQSwsgSIqPljKnPeIjbigDRlY-MthNKeUPcj98nyNJ3mVkl9dSL7mF281RvHuXsCNUMb5o1SXrQwuV27HlbSjZSbpvFFwulCUZ62COcG6R4mRnjllez7dv1oKln4TM9wEaKTXq2WPWX2jqdQH0OaCiSTIhfcnkzBAtNn853msQUtLOhtl70lSRjnH7bdqbnTEPufqtzfSJsWymrjqjok1Hip0omVaXxWBjncuu5sqSAdMbb9aIh7mskSij0drW48i8-KOHObHuZUbA0GixCpL5QV9wgHp2tKKwHv4ap0G3Cl30QSGRX3l0ocqMyadcN6AQ7ti4Or7CK1PJc9ei3l0URswiyshhW6cp224IYoY1ud31v55zpoqnshr9LMzFcY5UqbfRpXENpLEyA9BVOykwQDBe4uSXuLW58byHu7_l_yAYQyYVJrVuatn-eGzJdZ8ji5ZHCypbmmCCwWwxsCu_cZnlNjsyUhEliHyvWdSaTZewibYryL5L12wEAerYmxcUf8AyLrEmbQvz1dAmRQIM22rEJP-JVLwy1L1-ecG58MI50g_Zs72oaJ3t5acKC8orxPStMDppACEDaS4abKKKJoG8uUYYMGUI7hslv7xQO7Kri2uyTsy_-lCVRt9H82Go6jc89PyRL2o_s7wya95AE-p9UjcqtP6nQ4DConjXaLyZeLnmbMO1sRtqdvE5ealbmabjuDE-HWFnwbo2qxVU6luAsz7L-etNUIJYwkUQ1HFXK_O_RuPPFLlN4Q1GNkM-F4Fr3j8zRtrkGZPRd6vKXnjzFfiFL_rAnxD2xtrMkBCBLjY8MJOCYg8bODXGCXFv55WNzWdK4tAqDhxp-0eQM-d4FANU8_KGjZ8SICND04cWrT5SoELt_WzgHr80fu7aie8tn8waGHqXvmrMSZO57Emax70sQ65SQhMWiW6uiMuxNm4ola3PmKn06Tc1cfBQOj7k1qUcDEqkJpefer5brPzTA-U2tw6wI6lw78tTJmZybrjWaNos7PhCz9OOlC1k4TCEqik0b-dCgONeXW6rY7d5ksz4obDkDEuQk09hex1lSLjHVZfWHiSneaK1V9L5ynCY2zzsROf59osxd5YZWh1kkn9f-YPiYKGSK_ZR_vTYGtJYJQ72A6tysG8oVIDylVqKptjCr6fsIb9umYA7PK3jWZ_IhV5S0HsckY1r5w7fIBJCufZ35GPv56BgBY9qJntlGORwfHhbbGuoKhHN6FSxEn0lvSkzRwXT8pJ0xYOcbt-6lDxTCtmlgzxnt5uTSlsNmaK2TGJHJbqkDLy_eSfk6faL1LCmO5ElF1pSZn5kNlgnuSzM8C3qiXtmNg6dwIE_Hxn6f6PIu66CoHStrpBylRQxELRb3B3DYkCvZqDw4LcTXgVXbB673YdbMfPmt8bbh3WMw5B7cZCnGjgPtj1jeC4BfTqQa5b_zQ4zIA1DOwO-X9W6X-g7tPgRhXvgUYEG2PUQ5ptpSfScI8mmTCJuCOigwdfbRFYTQijXjop7tXsmtwjtbl7rRdC6OdA_3DmciFqNYR4zgKPVxgIDPQTpjJzcO-nBiKX4wkaplhgmU0exA8An1zRI_4LekxlB3CfNAO0TzIdKmy5Yi8UB_dmiwiVcklbGXPCkx4oIROawYkOz5jwTnwucydYFbXbAKGEVru_nmbO04WnsAmJxkf7Hq1KzJZXVy_5hCpIXOX4nB3EGUiVwhsYoCP0OG7KSUvg2QFrbTidgdOPSgV9GUblAI_v0maO21jGqe8BSGF73J5iUkEU83XfwFiwlpFqTME5TsiYaok0Al8GToJuZFN4fJZ0coeIY4DtGmyWQo-X5yHet3xkgqa8mzVCLfMxx5nXZA_d2hZ96_wQnppyuhFiEKKNRuwTuCgLC4_zdgDtcloXIQNQG85JQAtMI-XWl8z0QOByeHdqWOs7V0V77KB0QVka71WiIqbxMiVA0fpzrS_BzkM51fI8gcqPByXRzj1LKPjqc0qd8ECyGWN8Im1hoRgazr9-ax4p0o1SeCMEVvdOiXkwgXCmUUvqalBU9nDj5FBmzNXLPnJjTGnVg4Jh9-GuQnXuAMi8tPJfagY3d5fvDPJbQEy7lrUSQPgAOLlOt3-kF1xuAsd9jr2KmiF3npH2Ugxhcet-gq6sbJra5tbka1wlTtd5MJuFas_U0pXgS1EsLEPhAPs_PKGvXGUL5xrc8vaX9c5jdoiF6IuxcpfHLnX-bvA5iDVwtaCVRuFTTC2h5WQMpVoEbd6hPnUXweDYW-4bxPCYmwEbhzbtETX-TXT2qlyWtdhqvWCMaU3VF7yoSFDhY-0BA76O56_CGgBTF87ROP7akGJVs2ZLqCahWP-4xD2wRVfOxVgbtXhBNgU6hrhhSyQFmqDr1Xhfe_6cs8xG0Ny5Lc_d7px4d8PqNthTJwChUDtAuMP3zNrE2p5yZfJtNgIVlWg0m6itxJbxM8imBFrYKQlL_hqQsv5fHLla1TG0CAHA1GcNCNtcDgumDkW5M4w3IAZ3pvTlPuME1TGmyW8xbu_ZcoTMaY43eUaM6C3UW8Z9aq0cY6TQSTtv2Vh2aDq4Vhwln0Pnz0dRvviKT-gurBnwg_0djvaM3aBsHNA-BSYGrUnOj6V3aHnt44AccD1rzvglFHAlFxaCV01Hv-2I3DY3cBAC8QOw0i-llOs2OgpqDirztxEkACH3RIp1kuhAyX2yejW5BrDBbA1nSJmxZyfo48KYP3EdZts4UHUsndpN74rRz5R2qK7TCns0bAyxoqzB16uonNTNEjLtToBCyZfZRD4QLbm2EOwD-H9MOZ6n76byn7GoBP8muOYRu8uXWUm1eNCf4ZBR0Aj-0&cid=CAASFeRoIGB94HdtGWpQ9PT7bjMRHDH90Q&rfl=1%2Chttps%253A%252F%252Fwww.theonion.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49013e2b7cb8c3240e453f1d478399b2e59434e6eedfc518272eedd4164a5998

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23836
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bl-165eba0-79d4efd1.js Show response
tagan.adlightning.com/gomedia/ Frame C8B6 65 KB
20 KB 18ms
18ms Script
application/javascript 13.224.95.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/bl-165eba0-79d4efd1.js
Requested by: Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-16.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2252d99057cd26061913d9d6b86bc2f958b51fcaf62bea99f1f03f6e47a57f64

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 08 May 2021 18:09:11 GMT
content-encoding: gzip
age: 324323
x-cache: Hit from cloudfront
content-length: 19806
x-amz-meta-git_commit: 165eba0
last-modified: Sat, 08 May 2021 18:07:03 GMT
server: AmazonS3
etag: "fe871ac503a303479370b96bb0ebc6df"
x-amz-version-id: THtQbjWQSdsLfy7PezD3R_qntNpuNpmb
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: xdhrF0NrnT6QXzH6hv1LCZO-l0AXLMaU5hpnlPRcB0i2JJI3JBXcmA==

GET
H2 200 b-49c6f47-cbbfc745.js Show response
tagan.adlightning.com/gomedia/ Frame C8B6 69 KB
23 KB 18ms
18ms Script
application/javascript 13.224.95.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js
Requested by: Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-16.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d77beb93df130b7b138f3affbdb35abba9e51ca3437ba86c7216bd2746dcc1a3

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 19:31:35 GMT
content-encoding: gzip
age: 3170580
x-cache: Hit from cloudfront
content-length: 23076
x-amz-meta-git_commit: 49c6f47
last-modified: Mon, 05 Apr 2021 19:30:30 GMT
server: AmazonS3
etag: "0a7d5a16c55eb7e7e99bbede6a4cfde6"
x-amz-version-id: YXUvlAlX4KlnH3M.eaMo._kk8.YeX82I
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: B6q4U4aLD7vOF1E0O-ailU6vpo5XSmYKiIftcOIq4ne-d2KjrDAUSg==

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C8B6 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dh4XxS-dRR7E1xsP0aiFGaLizOqjXAr86kbQR-s46aT4yAizXTgNwJWGy-_crAa3NXPoyd1UHOtwD7VCl_inCOwcc1YqMl1io4m3WZApi7u6lXZl4

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame C8B6 2 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/window_focus_fy2019.js

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:09:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 May 2021 12:09:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C8B6 116 KB
35 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e3de2e14d9c8708fe42cbb220f1c4d52b720493b1503aa266fac9361b64ac31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620696594685118"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36097
x-xss-protection: 0
expires: Wed, 12 May 2021 12:14:34 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame C8B6 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:13:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 May 2021 12:13:21 GMT

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame C773 170 B
188 B 31ms
30ms Image
image/png 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNXw5ghdA8jCbxkUcslVOvgmbrBheK7rhvlNCTpo7LatPK6ECCKaFYHihYh4xWHatRiP935Gn17xi4CNXAN_Mq34rb0teA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C773
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1

43 B
1 KB

36ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNXw5ghdA8jCbxkUcslVOvgmbrBheK7rhvlNCTpo7LatPK6ECCKaFYHihYh4xWHatRiP935Gn17xi4CNXAN_Mq34rb0teA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 12 May 2021 12:14:34 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C773
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJvGqMorAktYwzz-BHpVOwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1

43 B
1 KB

39ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNXw5ghdA8jCbxkUcslVOvgmbrBheK7rhvlNCTpo7LatPK6ECCKaFYHihYh4xWHatRiP935Gn17xi4CNXAN_Mq34rb0teA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 12 May 2021 12:14:34 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIYMsO-rcdcFFUnRdsVeqM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 4769 111 KB
38 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 14:18:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78952
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 May 2021 14:18:42 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210510/r20110914/elements/html/ Frame 4769 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210510/r20110914/elements/html/omrhp.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:12:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 May 2021 12:12:29 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210510/r20110914/ Frame 4769 22 KB
8 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210510/r20110914/abg_lite.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df0df39146c8995f0d40836e1e0839ad95f81ad1c9d24ba85169e3c2f0560ac1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:06:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 495
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8628
x-xss-protection: 0
server: cafe
etag: 4958886646989192229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 May 2021 12:06:19 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B759 611 B
316 B 18ms
18ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNXXhG72VJLtGsiaysx5SmrJJJIQ7_VECfLBN7nmpIdhR4ayHvhLhuvKunaC_vH_6oc0_VTigNMcBcOn3N_IU1JvxujQ9w

Requested by

Host: 269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
URL: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNXXhG72VJLtGsiaysx5SmrJJJIQ7_VECfLBN7nmpIdhR4ayHvhLhuvKunaC_vH_6oc0_VTigNMcBcOn3N_IU1JvxujQ9w
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMSbjXXytrdcVAn0Muw2q2V3yGRys5ixRRCfV63fD1qeHEzPrOB3tgbtxXJJA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 12 May 2021 12:14:34 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C8B6 58 KB
23 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ar0Me3aS56Wp8SFVL6K4hp4Sgs2RwqXDBjabxWdmtAt_g1x0J2nCIl9WHeUQuBiVhu2-UFA9VRfJdSO9p0vuW-AE3lJ_CFhFzvvJtAXPzeMlBHkFVqWy0F25dvop21oEFJJERNj-J-hLGM4kqv611xZsOHSw&dbm_d=AKAmf-DCx8djN5mrrI_IGlsNXEg-E62ij2kzHUulCTwXowjZ4Y08zN9Qa3HVXN1_PLReD24eowv-IVwk6ck7ssObgBR_izeXD1-QJw6mtjogKrL1H1_QCGcDEYb9bdx8hgpH5JatPuvfhd1A0Bg0166SyLcKzoq1r71alwKeM3AZJr_lW1fGYHChsWGtXz1Et5VXLD0-wzcua-wxWsZCs6FkO895UZhx2e6j2XPeP6q27jgGyVBaA2sFHEZkAzt3OHfAyMft1lFce4MdsHLjFv2eiPKV1bGXTcu_9Ja1XIqXqqVnZAa4U4qSPdeonl3Im1xCvoIUSS-mPAhXF1MqTLpHX1JfjRkLwC4OjQiVGiuCnQBaHFcBzILmdtsFHNReTAHhjvQOhpqlMjpxJZ4Y5gD1OmZPZrWPCN8XNtMa4c0ERRLRLF2B3VR31jZmIj0pChApR4QLsad4FwCjkN_SPagkEfMp4dbmzs9WBg6PRMvZ7f3sc7Dz8w1u6PsXchwn1TqFL9pmwaHk7-aDlPtcuxqinn-3r8tPS3PJhxjwXZAsIa4BFffSedKSwlkQKKTotdPETzyg80WV2r2esifbR6_qtvOABxit37zzevDk5tFTTEK-Q92-xEpwaoWuSWJPONmD1hYlK77U4o2lZKCN2cz77YkevYIvLhLPFyrAM4qxi-cCUqBXTL7WV3sGmqUCilpxxXclwZ59XZUSG3c3pWgvPM4ZmUPdI2uxe0iS32qy4lJfdY0WbZh4pIuOUf51R3tv5Qwteyr837TOafBOz0Vi9axRrI39nRa0StSZzeZg0vYVFF90C2paMN4okLS0ggO3l6Gnkz8xTPnaDKcnN0aT96FSuq-DOM-261oMpD8AqB4IJqp0yUPNVQM2M9ypw1e_fmWr5gpVDEanWR95DzyPwIV28z8eTDX_4Tcupc1gx2cGdCXzxqoL-26Q_N1LSOdQ2KL4FVtbK2cRsSGecz5wP-dNKYL5hSyGKciHI920dGhkiBqA7yUOZOMHQ433bB8h5pKRGyr_Tk1fhmqWvpDPEgjmfvD7ykbSwQFtFt5iziB7gp4SaCS3G008Ep0EUnsW0jK-CRP9FJ_PmTjHKrQnyivJTa6sQd2bDc6AYiT2aCOp7WBx9Kl3nRmnLxFTDCtSLefAT2-txv3gn56y74BM2rcHepCjh0bD9zCHbPgTVBHfyLxJS7h0hC66PqJS00DaY7PpnBxn1vt6Ux0bU-fTXwK3YZnpB06g3X_AG7FhnIWPUqWgEl9kqMEA4yECimKLsnDzQPw1Fg0uWatoolFRGcKOl6Gk6yK8p7x0a46VnTpxOP836B3xzp17rrHqWOhMSuZpzTnHw8vMeyduVQgwEyxk90HWIy8DSVzZhML1LM5QP4gko4Xw8cIU2vSJciTjavHon0WhUWDT9xNpxgIBQNjmdOS0iovUTeLQXiQQl6Rqctzj2MnCrhF4rrUHmDlyBkinCW7kYAlYN_fViYz6lLOZTaD_ATZkyM_2fJQwjItQX9IvBqYGLMIZBilbN2o2potGHRwAv8uPDMW66Y23k9sdlwulmMnq34u5obdGVjRPbGLpnSv8xECLqOnbupo8nAF8I1R45wqkD6xDm9F7Mbdvdi6lFfjqcbsru9YaBs1O7kdqDgP2WXYUKh6bMPLdjOM7e8c5YMTCkqyt2gp9z7I1Jx0-M8p4oxJl49bZZvWCtzd8NPMVm6hZPDCj37JIE0kfjDOo2Ykg9yzXMlEfbYTTpBC8vv3Z_RgS8EJ8L2HmIzDmzTwEBkRcnRoP1P9PF37GKKH2i_ubjxRZaqRaXQQQ6xB8MJ7VmVf-KlDq97U5_GTSGlUpxbZ9re69lhEYc-ih2A7chBBIwhlbK8EelzdLDevsTiC-4r9z799mqB1SrmBwMTgiBkquPqUr2n-oiaYY2q8wJ8jLYp4D1CFVjyY_mS94TFBu_g4KA6vrhjpfJflya2WcAs1mHyrHZM2lfiJGkCavQm6CKbC4OC7DKAHXaQAASfnFuhNFLS7Zia60QbxHZoZyRRR5ONUM0UuKK4GAgRNyH4aU9mPP6ZASvQupdufr-2PdGBea_PtEZmya1rC--yEdOilCgeaXTr7IrHQQrTpBZtQ0Rwad-lmdrsGYfUF_I3R7BEbOiYVfH1d4gBZ9y5EA2qKYQ7I0XIbdDksGrNXmNeL2KSTkIm4M_JJCNtFkIpfh39GrjuDMCw6DXykaDBQP9ojhdvyc1tQRTJEdbGP7CLhjGeIuxiEOjxJvuVezEIYs19MVhZ4cXZkspNDGWazutHpQy7mJvGe9Gt89rcazbxJEY0gFZS_tzRvOnOGP1Y842V6OZnevT18Xs5uzjByZrESHXIvrktSfzKlDyDbY1zIAnZQjdY-Xh6Bbox0QJHuHxCGuu3i3_AfNx7I-dG8jmYiq2gCAEjKsre4Xg0L5vB2lTlmBqZg5Yzh9t5CcR44ZNwuGdNZ9hg5EGTBY1PniX8_cr--CvLERRbCYSemuiM0G0p6RSkLK94pGAw_XI_jrvPaE9-E-_9sVh2ROPKpsD12WRZzC9WEAtxqTz-7t-YHwlKqrNN25VGclyDx5-M9YItDgsC-o6JMTEy2xth8OzxARXSsHJW-PaIFLiUUA5UmfI7agxEEmrOZYS-chSxhWNUKFSPp5uhVh858fb1syoAqFVdw4vKTs20BG0WFVMY95VzQXOl5WuDw11s3Cp_XTqHMMBoPYg-L1H_jmqs8uLIwYq56dNHh3ewlAf23J0vMM6aYkzJu2AQb-MpyBcsjMoa2uZ8QhFSFxoDroV-56XQxUuvX-eQVDUfHhrf2E6bV7CEQFfQV4O9s8C0IN4RzZsmqJHY_bFDjyNceVoq0kRpGSmt3cUI9KHjB25KSy3uAIV5qI6D6TbNWg2pUPUk9mQV3MqxgeojFl3PzXoeSU-KDUi8nLU9pnAEdBZN-4QwIFJkSPWMMvasqODmyTFQ4EfaoviDkzx8_gP_ll5vyqW7gXX5hM1bNSiVK3NE13qZhTcwp4HeISfOdK3ixo3QGslN-muZvP87ErQFLefh-re3jA4OAozXF6Ir-wCPca0ZatjVRQGpSwT20zT3Mm1CNeV4Zbmm7My_Phgvj5GANPbF7D4KKZMPOq6Fxhkm-2EBhEIhhUjmOKRhqt6KfQx-SvoNyhWKqghEexD0h1-YXHM5Ybz3k2ezkrmh9nZu7-EQD-S8Zdt-pMukvpAgyasg&cid=CAASPeRoSIY8myrwk2NQ9XfiEar7Mgq67S2R-G6x9SQFPdYEUDdYkST3_2SF28wuOSjp__6bixJzyVERqugnT40&rfl=1%2Chttps%253A%252F%252Fwww.theonion.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13da6e454c48a42e6f9af593a8b194332c747807da217e9f294761640e8d8bc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23905
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 166 KB
25 KB 24ms
6ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1605078249191/index.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f612b17f06a64bcf4683b3b04e54c313ede809fe59d10ffc691b80abdf4ff6e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9506911/1605078249191/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 25581
date: Wed, 12 May 2021 05:20:56 GMT
expires: Thu, 13 May 2021 05:20:56 GMT
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 24818
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4769 0
575 B 116ms
64ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvZJXaCj-4wm9IWsbaHnmpp0TpMS337mdnvT8wJ0eR0RHYy4DBzy2IedO_eAIVyJRnSW8DGmfZFt6wIkOJo6MVDzcmAExTDn5DrcF5vQcs2OlNKV2wEh8Jlef9M4Bdxvno_mzrWuZFtNj2UKnN3Y8q5yQQtjbNjrYhk21sZA7uCr2GsNJz9WOeVWt4N1z_ARSD8hbaHFltvQhALnVu9VZfn7ZFSlhc7DL-Nuvcgltz6bMikixPeLReyf4OhlGbgYkGmRhiAsOKSoh96OHdJflvw9AhwmtMZgpyLlYy6HODCDPYHJnXfe4HmteYZl9pk41uLBma3aml5IGSr85F1bo8_oVvUjFapDT4CZAHjLJWBwGOBLeyBf-baJjg0way6d0uYMsOiPw4dOc7Bgj540Hww2QvZljtwoSpODMCG_OYrvPBoFl5PMHARKBYW_wh3RiXbgK1nS8iaLoD9HtZ4spyJbmj1EDvOKKtIBsdsUU5FXaviEPXrZqLGtdHzsYfi4i7_LQ9zj2luBbbDKQQqBW04bRYbXXmSN3_04glShIaYlpdspL37OvP_TQf737gWX5ADOIjuvOWY6nrVyHVe3EODFWYeQD8NCtPJMcFgH-Y-KeaGGt6w5RqQ0vlVlieajfrlIdX300BkDqg9kcMX4IWN7h4PI4tTfSkc7rrZ32iJFI1ZKQxJ0wxN6PBPCTI13R1erzpvYlJdO7MN7DhRFbzEzNLmSfXzQbN9u1N0Ds6VqnnQg8QnWnmogSB2h0WFCpAg-gQ816OahrhY0kpH6KMj1Iq-y3vTRLuWmNfqDc83kOfMv8yRZptbFMmk9-ICwLhN38H8ZWvQ693Cm1jisjS-Z4lrmYTkXdteBo_XDlitDxlZzsKTKQL-j88NnkBdN-FNoPoMJnvJYOCTwatk_pF-vBCgn5XFEuexBrNZ8UZ_aiaIsuu26CSX6fVQaOXSSAPGWvYISNGjlFvUmeD-L_6ttYcG1CBelUYTBi55H84iUVA6yfMR8zICRBwGig0sna5V1q74t93Q2DhbnSIsj96zPN_DL5Mf5FHROTrjHcvhyMeMkY3VJdFaH0atlqQNPL8AUEsFgTw0d79pvluQj9NC8NeJlp66BacZyiqv1qGlzBTklvf5MmEu71NPr6GI1QTo9P9ALN-AuAzQdADaqhPjm4nfcBbG52nuit2apkkwhk636rgkSZ1uYaaSiMeXiJ3vONq3VDnMsiRHc7nB-LQl&sai=AMfl-YStVWWLaLh-A9rzlkINbt7_7AJtSOw6owl0tFiVaWExYUemJPzTbVn-DoBhamWFLv5YaO4f3ZtLhWzJ-lGZJ5sYHDOBk2WivbnFyPfd2WHJC5vmoywCjuK0JV-GD48J0pIW4K6QyUYufF1WMzlm_7HSKJz0aH_af5AytI4&sig=Cg0ArKJSzB6RDRhoBk20EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=137&cbvp=1&cstd=119&cisv=r20210510.13035&adurl=

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 12 May 2021 12:14:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4769 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 08:53:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12053
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 May 2022 08:53:41 GMT

GET
DATA 200
OK truncated
/ Frame 4769 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bfccdd802e4f49357a3395f0bebcec9a0469bacba10ab5644f45b9411ec67386

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame B759
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPovPVMOPcabqahSoyQApGU&google_cver=1

43 B
1 KB

34ms
33ms

Image
image/gif

185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPovPVMOPcabqahSoyQApGU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNXXhG72VJLtGsiaysx5SmrJJJIQ7_VECfLBN7nmpIdhR4ayHvhLhuvKunaC_vH_6oc0_VTigNMcBcOn3N_IU1JvxujQ9w

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:34 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.146:80
AN-X-Request-Uuid: 93cc1f30-2dab-4aa2-b498-dadf99546a64
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPovPVMOPcabqahSoyQApGU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B759
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY3Njc5MDg0NTE2MTYzMDg4NQ%3D%3D

170 B
188 B

34ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY3Njc5MDg0NTE2MTYzMDg4NQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 12 May 2021 12:14:34 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.39:80
AN-X-Request-Uuid: c5241782-239c-4923-8025-1cb88d3fcb47
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY3Njc5MDg0NTE2MTYzMDg4NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B759
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOVdkHCGCH-ZoaLcTOROzYA&google_cver=1

43 B
180 B

32ms
32ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOVdkHCGCH-ZoaLcTOROzYA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNXXhG72VJLtGsiaysx5SmrJJJIQ7_VECfLBN7nmpIdhR4ayHvhLhuvKunaC_vH_6oc0_VTigNMcBcOn3N_IU1JvxujQ9w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.207.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
via: 1.1 google
server: OXGW/16.207.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOVdkHCGCH-ZoaLcTOROzYA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B759
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NzRkMmZhMTUtZjY0Yi0yMzRlLWMwM2EtOWUwOWM1NjQ0ODli

170 B
188 B

31ms
30ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NzRkMmZhMTUtZjY0Yi0yMzRlLWMwM2EtOWUwOWM1NjQ0ODli

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 12 May 2021 12:14:34 GMT
content-encoding: gzip
server: OXGW/16.207.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NzRkMmZhMTUtZjY0Yi0yMzRlLWMwM2EtOWUwOWM1NjQ0ODli
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame C8B6 111 KB
38 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 14:18:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78952
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 May 2021 14:18:42 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210510/r20110914/elements/html/ Frame C8B6 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210510/r20110914/elements/html/omrhp.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:12:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 May 2021 12:12:29 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210510/r20110914/ Frame C8B6 22 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210510/r20110914/abg_lite.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df0df39146c8995f0d40836e1e0839ad95f81ad1c9d24ba85169e3c2f0560ac1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:06:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 495
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8628
x-xss-protection: 0
server: cafe
etag: 4958886646989192229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 May 2021 12:06:19 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame ACD0 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 12 May 2021 11:49:04 GMT
expires: Thu, 12 May 2022 11:49:04 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1530
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame FFF8 28 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1605078249191/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 10:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6468
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 May 2021 10:26:46 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 129 KB
23 KB 7ms
7ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1604308179092/index.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e144286a6fd7250ec2c718987fbfa8f6fab94042a1b182af938dd2aac3bd1c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9506911/1604308179092/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 23538
date: Wed, 12 May 2021 04:00:24 GMT
expires: Thu, 13 May 2021 04:00:24 GMT
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 29650
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame C8B6 0
24 B 90ms
61ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu9PD_gc8BVC4OMgRE3FHeNEzc50zDuPCgeBALOQ6QCEYVa1DQ2Gd6FngT0idigSkZ36xexghI8pz19bTrDRC1EJlzh3D7KKoCoAqeQtOp3sPrQKLkoZJ0CWlzqBbnJYdieDozCa0ACR3AC9IwtO4Pt24870rHSfmGlOVxzgACikGJYcQ715SPbLtLC_5YkE91uPwAAnj7cqQWtph5X35UJD6zcsbX4ws1wl3DRwLnrTCmX6SUVIhZ0SgSljXMairgfXwhU41hFPRWuT6Z9T0dz4MhQG9V7LCM8cMmINOrRoJ8AL3wm0nBwFJ1w-V0Hw5l1eOdR_Ff_L8SxmBHQUzrWm4CXmfUAxxyGgSHd8fGkstePRGctVG0cwxkUElGA1rjK7pWq-30WOAuWQ9dj7TCDCVCBg34SJrMTnv8ClojGc4lQOi1UXk_BnqiPo8p8-ezBM--p2FHe0ETJKqYog8q6EGHG-0f5JHfPNJ4YmNDgkojQVaAuW5Ps0L7Rrag1PMbcf8Km9KJM8LXehjvjDocQUpg4xaFF4sbAp2RvUYFebOdid58Sdg5zNtOz33JmIKcAp_gOVL1xy5OcYqtcQPbgQzff3BBd4z6-e2V_W-St1sJynrru93dF2yqd7pnSe_Tr0HJzXg5C3wP3vGYtlV513vcd9iozem6WzOQCFnNcGHyO7I7z405pI8ekyVyheDgODYME9a2RAOKBOUW15dG1aqnBu5RQRsirr6w_uprGcBbQy2E2MtFeZ2AKCs66KB2Iyjik7eYTm6Oj3M59NKpkynohBj_vFN1zRQEtFYcUeRA1MLMv8GJStwnNMFI_GsS2BEaFz2IV8PC-F3sVPC2-avAYRTbpPMKASzTyQKhmIHFmPseJYsuxh-Lhtj_h7GstEuBKCiyFynXSkSNfW7RZ0qmNCRfEfZRvtXLfbztA-z3yIRck-iPzkbttxvyT2WLHz-ndUHhk1uiQlmioGCfX8jNKaOFZfwIeN_vJq5DZptccahJM5shXp57Y1-QWuIPzMCwPvGBZphz9IIq2H8CEfBqg_L8QRUAUYR8h8Qv4rS_xM447Rdeff43MAC9wEEJAQZESLEvzPnsvyCFshPSAdTyCmiLe7xqrLqVl8f3XEepKXaqPwLfMsDX3YUz3UfuFn8C4Ou7_XymVcUl5th0aIDDIeX4NitbWC0HKph-giLDyfk7Rk7lncRTKj190yPF1kQ1MKE0TCN7G4jBC8ywILH6ek_18xV73X_0be2QIGfN6z56MnemtAG_mic07lkLMrvEar5YLnRTF3oU&sai=AMfl-YSHF2GN4u3pC9sV5c_9P9hAYeITJg0q-MUPhHWFLTAOY8KxJnBu6OVivgeJqe7T_O5-Y-kTbA41OrWokWrxqgJcU-nc0LxpCtkqy8s6rF-Y50edW3KPzuAQa9CdQBjrJzAYBoAxYGLsrRAoJ41ufIi6GBcwjseDSBRjgXvVowY8EfzDAtx8zXQ6Q07YvVGqUvzVCokIvXCP6BPMTNhCP5gPGDb_g95UwBhe-xbBD9L6OGdO7Wvq6eTKOfBTPMIopA&sig=Cg0ArKJSzENQ5TCd7GIREAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=94&cbvp=1&cstd=83&cisv=r20210510.59875&adurl=

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 12 May 2021 12:14:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C8B6 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 08:53:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12053
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 May 2022 08:53:41 GMT

GET
DATA 200
OK truncated
/ Frame C8B6 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3ec8291ae5f0df52cdc3c5cb4caea82f62952952d23788af94efd0b1e2cbe1f7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8A53 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-49c6f47-cbbfc745.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 12 May 2021 11:49:04 GMT
expires: Thu, 12 May 2022 11:49:04 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1530
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 CoopCondBd.woff
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 29 KB
29 KB 7ms
7ms Font
font/woff 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1605078249191/CoopCondBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1605078249191/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63b176462a62d19e5a2af4cc0a845119d0389aae23ef15decd83efd182c91c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 14:38:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 77794
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29944
x-xss-protection: 0
expires: Wed, 12 May 2021 14:38:00 GMT

GET
H3-29 200 CoopBd.woff
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 32 KB
32 KB 13ms
12ms Font
font/woff 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1605078249191/CoopBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1605078249191/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 13:37:40 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 81414
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32612
x-xss-protection: 0
expires: Wed, 12 May 2021 13:37:40 GMT

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame A6D8 28 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1604308179092/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 10:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6468
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 May 2021 10:26:46 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4769 0
23 B 57ms
57ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 12 May 2021 12:14:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 VUb54HSrcJlfDt76-zYSNvHYPadoqD5ysjWH2aTGPz8.js Show response
pagead2.googlesyndication.com/bg/ Frame ACD0 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VUb54HSrcJlfDt76-zYSNvHYPadoqD5ysjWH2aTGPz8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5546f9e074ab70995f0edefafb361236f1d83da768a83e72b23587d9a4c63f3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 10:03:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 7847
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5687
x-xss-protection: 0
expires: Thu, 12 May 2022 10:03:47 GMT

GET
H3-29 200 Kontrast-300.png
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 31 KB
31 KB 14ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/Kontrast-300.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96e96292bf35ab4cfa60cf8f26578f55bacf27297ed4d97f7110a70e29229e0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 14:38:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 77794
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31808
x-xss-protection: 0
expires: Wed, 12 May 2021 14:38:00 GMT

GET
H3-29 200 spaghetti-200.png
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 9 KB
9 KB 17ms
13ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/spaghetti-200.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df32c5ecbbd376bb8d8ed9c4ac41376dc50f4523b8d43e7165d710ba8a1095e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 07:10:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 18274
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8962
x-xss-protection: 0
expires: Thu, 13 May 2021 07:10:00 GMT

GET
H3-29 200 malbec-190.png
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 6 KB
6 KB 21ms
17ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/malbec-190.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ed2acc4abf47252212c74fa79892db172ac16781d484cec7810649a591e388f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 09:58:42 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 8152
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5813
x-xss-protection: 0
expires: Thu, 13 May 2021 09:58:42 GMT

GET
H3-29 200 peperoni-200.png
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 11 KB
11 KB 20ms
16ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/peperoni-200.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6681ebe8f1adb7cb3140002cd40223d5d4e240adb9d92527e83147e621a65c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 14:38:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 77794
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11012
x-xss-protection: 0
expires: Wed, 12 May 2021 14:38:00 GMT

GET
H3-29 200 pesto-60.png
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 5 KB
5 KB 20ms
17ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/pesto-60.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7eddef88f07ba5f97a16767e5dd2bd191cb49eca86caa5c56ecec4f3e6a06d34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 09:58:42 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 8152
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4720
x-xss-protection: 0
expires: Thu, 13 May 2021 09:58:42 GMT

GET
H3-29 200 Kontrast-300-Henkel.png
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 3 KB
3 KB 19ms
15ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/Kontrast-300-Henkel.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cbb58dea630e6854e6c5912004d1ec97ad9829d50725234801b850bc811d3a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 13:37:40 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 81414
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2632
x-xss-protection: 0
expires: Wed, 12 May 2021 13:37:40 GMT

GET
H3-29 200 Coop-Icon.png
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 4 KB
4 KB 18ms
15ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/Coop-Icon.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 09:58:42 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 8152
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3753
x-xss-protection: 0
expires: Thu, 13 May 2021 09:58:42 GMT

GET
H3-29 200 coop.jpg
s0.2mdn.net/9506911/1605078249191/ Frame FFF8 7 KB
7 KB 17ms
14ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/coop.jpg

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 10:41:49 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 5565
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7509
x-xss-protection: 0
expires: Thu, 13 May 2021 10:41:49 GMT

GET
H3-29 200 CoopCondBd.woff
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 29 KB
29 KB 12ms
10ms Font
font/woff 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1604308179092/CoopCondBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1604308179092/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63b176462a62d19e5a2af4cc0a845119d0389aae23ef15decd83efd182c91c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 04:00:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 29649
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29944
x-xss-protection: 0
expires: Thu, 13 May 2021 04:00:25 GMT

GET
H3-29 200 CoopBd.woff
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 32 KB
32 KB 10ms
9ms Font
font/woff 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1604308179092/CoopBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1604308179092/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 11:20:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 3264
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32612
x-xss-protection: 0
expires: Thu, 13 May 2021 11:20:10 GMT

GET
H3-29 200 VUb54HSrcJlfDt76-zYSNvHYPadoqD5ysjWH2aTGPz8.js Show response
pagead2.googlesyndication.com/bg/ Frame 8A53 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VUb54HSrcJlfDt76-zYSNvHYPadoqD5ysjWH2aTGPz8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5546f9e074ab70995f0edefafb361236f1d83da768a83e72b23587d9a4c63f3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 10:03:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 7847
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5687
x-xss-protection: 0
expires: Thu, 12 May 2022 10:03:47 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame C8B6 0
23 B 57ms
56ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 12 May 2021 12:14:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 coop.jpg
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 7 KB
7 KB 13ms
11ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/coop.jpg

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 15:39:12 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 74122
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7509
x-xss-protection: 0
expires: Wed, 12 May 2021 15:39:12 GMT

GET
H3-29 200 Coop-Icon.png
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 4 KB
4 KB 13ms
11ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/Coop-Icon.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 15:39:12 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 74122
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3753
x-xss-protection: 0
expires: Wed, 12 May 2021 15:39:12 GMT

GET
H3-29 200 Theke-frisch-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 17 KB
17 KB 15ms
13ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/Theke-frisch-300.jpg

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16567a7c25c8f64c0861b7eae3892722920bd09e5a77dd293799eb034194b551

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 09:40:15 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 9259
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17005
x-xss-protection: 0
expires: Thu, 13 May 2021 09:40:15 GMT

GET
H3-29 200 Ka_se-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 19 KB
19 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/Ka_se-300.jpg

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81404aacb0d84988d864c671b075ca74f1baa4cebbb9f2b4c646233117d2d73e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 09:40:15 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 9259
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19900
x-xss-protection: 0
expires: Thu, 13 May 2021 09:40:15 GMT

GET
H3-29 200 lachs-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 21 KB
21 KB 13ms
11ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/lachs-300.jpg

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

764a170851cb6e2d00a02685b39a0c28a3378a19c82a568c4cfbc5df52af8031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 12:50:20 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 84254
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21126
x-xss-protection: 0
expires: Wed, 12 May 2021 12:50:20 GMT

GET
H3-29 200 brot-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 17 KB
17 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/brot-300.jpg

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30302ebb7094c997809ca671e593375ba4e34efe494a86bc3003692ddd27099e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 08:08:55 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 14739
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17048
x-xss-protection: 0
expires: Thu, 13 May 2021 08:08:55 GMT

GET
H3-29 200 aufschnitt-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 16 KB
16 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/aufschnitt-300.jpg

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6de2bd9b5cb6e9ebfbf874940becb16016151d713ee19049eab99dfe0965ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 15:39:13 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 74121
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15912
x-xss-protection: 0
expires: Wed, 12 May 2021 15:39:13 GMT

GET
H3-29 200 tete-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame A6D8 24 KB
24 KB 14ms
13ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/tete-300.jpg

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa4d27239f61f3f12e511f7774931c0d59c456971f9f6ef1d7a13a2408420d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 15:39:13 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 74121
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24916
x-xss-protection: 0
expires: Wed, 12 May 2021 15:39:13 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ACD0 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAdXOqsabYJWxA9br3wPGprG4BgAAAAA4AeAEAg&bg=!0NOl05fNAAY59bwoOfU7ACkAdvg8Wg9DYin3siWLRVC8nfXO42v3P_IPesxMpfDa6u5nzh4ZtscsbAIAAAD0UgAAADJoAQcKAQYM7EclCfDV06CxvqpQ7yG_XU3PKG3ZMBsuKjkOdBmqKfqbqcHShOu0XngeQOM5yd7M30AGFNBiFywtBBee-A0IPbk9T_qB2QVE0LhWg0nav5ahIRu9ldQVICczJ_y2rQzNfq9XtxFW-Xd_4cInp5qtSHT0p3M-XdWR_ePsG1BMFP111yYDn1b8qriVnqLgYwfLp8lieLAa84bTBhCbCmjLdpYipeLmX-_q5cbwOdji8Q16auqnMdOrOA04aDffChgetUM4dShKTKCXUl8bK0LKVnro_atUTGBGmdlMgWKS5jT3mJKHD1zD9UsugYCxrmAGRy_4hAXvaywGC2BOdPOzBPCSxofEmQKOiZcwcOlEKiYJYiSnSjvf8F9pqt9XyM8UIJRB59Q4MMGUL9OSbPL3FVn93nMw-edKSuGpvQyxqi-0GNpGL5qOfFuIdK0nZanZ79GkYPqjn1y-gG5xFQLnUE2iKnmXKlpWCVM-T2qk9pa5zKNd1ZNepxZtFsFts1M3Ag4vY6xM9gt2DHO8NNyHIcyM-Ct9Gc2gyHzK9hfA3v7dkIGoVT70WlUMUcKGqCCZu0Bavv3dhCwS0MC0eRi8g9LlWUYxUCVEn760giKoGUegUb7l4erm41DdFuFEix3YdMhoI40fehHDMBJ6q_LC0SAq9ZXgjt72kiiUJMBqohExRrg1l4UsdQ61kUDHlWrGehcQo1H_vit1NbSG4Uaenj3fhxxtalkl9BmU_n7x2VYyH5Yo39PCM-uzZB7dEUaGZnCzUW-61opDwaYMNhqyntuXUAysd9XJgBQLhTKALitueTpPlgjCVRtkINmUB_n7K6R5d2r1pABQ3SZ2chSV-E7n_YCoXBzb88M4Gh7Uvu3cQRgV0_KJz0j_Cm85bqiV4cakQ2YrYx0WqqKMKaA3ngTJubgazKftcNIpZiuq7GZKRuG9eEajREDOd4_5g_x_BUoBjq2mx1qYiYTXZdpa1KCzONTBNeNw5S57daD9zwH4znguFQiu2q8naNvN87-v8hxmAFE-mbnKwZ8a4cA_Njsjh2OdAvR7DhsQk3Mt-ZkE1ZgXAN-mM5DfX12PLSdrlSTJJeAk9vps2pj27QlWLJ4q8PeWi9klxKKttww1ffqrWG-jAygtZYoAJPbdxEgE-icp_4Lwig7AH0ZK7hy9krS3IBxcQN54MlTqpRe2pmrdk18-NLiXeqtv0f7DE64UCyc-zDoV

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8A53 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BrOs9qsabYOjsDdar3gPUpZWYBQAAAAA4AeAEAg&bg=!YWKlYibNAAY59bwoOfU7ACkAdvg8WhU9NYpwU41Pd5mjaGPgREzp1Ry_frcHm4ZYlCYlGbVP0LMSDAIAAADdUgAAABBoAQeZApNX0ybbmnu7pgIiiHyheFtPo6gx2iyIMgLbzxq1PCTs-gIiaWCDMIKj-TJDf1zRNcMw-Rz_9JZRP3jUPOZknIFSa8I-BHsWki1p3oGxU_MGR6gHM-56q7WV5-6aqnu5vlHtiHS23pWdOjD9eEkTVDwbqdVAbPCwIoqRqY8FBY3y_RsbgkjoPI6-_x8PvaJMSuhfzCsZtAM4QM4FtC-BSGchnWiNG6RnIHD2sbioU1C6cDkbxyyNp2PlySWrH8xje0nLrdfl3mtZ7mrvajV9_uT4Pfh9omNWetX69-yPaKYnAZCu7PVNo3EwJH3UZu3CBHWRYHZ0XJruUTtdaMvgHW73K0V8m5Gj2M4YTcjhyPzKRDsmYURve4dE9jUXOAi13DQ3hMwohM802m-Fa1LVfV3ikVyrSnkcn1eDTdJIbtm2MzF9Z1qAxTCKPHm4_v18lyEPQFgjGun9yYXZobdA6LwC_7K7KZqYGbh0IMpcXvIHKOZ84W4NdN1mFsv_l-ZuBau329wLxBokvELtoffytd3bDlwAj25zDSHWuPNkQuV7SbTEtx3LTZ-i2D3mtpBfREyUnLI1Ho-l31z5IQALo6Eyjd-BxI-GGkN0wlycGZBpmUnB8Ixpz2PVFgk8dZ0V9iwY3CVSrqQLM9iIMFIESeDagK78lXxdpkLoTeiHWP3H9gshYByI2yKDpcRyKPy8r9JB7XJSP3O_M2Q_VhklK1GDA2iU1rHCoLavNvXVhCmjxx7uoIjRMXGpRdoGgGqO9wqaIrq58EU9GL-R9Vb7vFa5zPi7DI2pgHbdXOy3RmNhnWwksUpcbUrcLicWEMUr2J_Ob4zr47-xEEy7Dbot5JZWlWp3HGzSr6_9s-LfP-Pv3XwCqQ

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C8B6 42 B
64 B 49ms
48ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv4bMAkmo8OmRa26O5-kvNW2mLoZf3KmReK6qAPhSTRAtQeetL5yeF0iL407OwWzAMFCj-iiWKRUpqvBQY50ApaX4WezpNU3jRdu1YvI-qNOQ-bSG8P16ABhTOhsg&sai=AMfl-YTFH5hzuARH8RikHMvNXR5BF3Wrdzb6arJq0ghVoSlvRBaIavicfOsHM6MVfyqIU1svPo6GimXqGNTFxP1d_GJLkEMPheXTYkTm0O0ER4mvBlqprkleaTtMgHq0Pd1f&sig=Cg0ArKJSzP5SZgftSUBhEAE&cid=CAASPeRoSIY8myrwk2NQ9XfiEar7Mgq67S2R-G6x9SQFPdYEUDdYkST3_2SF28wuOSjp__6bixJzyVERqugnT40&id=lidar2&mcvt=1000&p=259,436,349,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210510&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3099211010&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1620821673879&dlt=30&rpt=2&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST id
api.britepool.com/v1/britepool/ 0
0

OPTIONS id
api.britepool.com/v1/britepool/ Frame 0
0

GET
H/1.1

200
OK

sync
sofia.trustx.org/
Redirect Chain

https://sofia.trustx.org/push_sync
https://creativecdn.com/cm-notify?pi=trustx
https://creativecdn.com/cm-notify?pi=trustx&tc=1
https://sofia.trustx.org/sync?tp_id=22&tp_uid=QkCkyYuLozRpaX4Rkf64&pi=trustx&tc=1

43 B
437 B

133ms
133ms

Image
image/gif

35.211.168.6
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sofia.trustx.org/sync?tp_id=22&tp_uid=QkCkyYuLozRpaX4Rkf64&pi=trustx&tc=1
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.211.168.6 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 6.168.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 12 May 2021 12:14:36 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://sofia.trustx.org/sync?tp_id=22&tp_uid=QkCkyYuLozRpaX4Rkf64&pi=trustx&tc=1
pragma: no-cache
date: Wed, 12 May 2021 12:14:36 GMT, Wed, 12 May 2021 12:14:36 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cksync.php
cs.media.net/ 45 B
358 B 43ms
35ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:35 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Wed, 12 May 2021 12:14:35 GMT

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ 0
297 B 129ms
129ms XHR
multipart/form-data 3.18.8.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=116348
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.8.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-8-90.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 May 2021 12:14:40 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ 117 B
426 B 199ms
199ms XHR
multipart/form-data 3.18.8.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=116348
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.8.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-8-90.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: b4697681781b6897cbd7e25d02b4ee47295179b34157ea66a88a15fd0d2bc706

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 May 2021 12:14:44 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 dc_oe=ChMIla6BoY_E8AIV1vV3Ch1GUwxnEAAYACCixKVDQhMIvc63oI_E8AIVa1TlCh0LIAhX;met=1;&timestamp=1620821684801;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 4769 42 B
498 B 100ms
52ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIla6BoY_E8AIV1vV3Ch1GUwxnEAAYACCixKVDQhMIvc63oI_E8AIVa1TlCh0LIAhX;met=1;&timestamp=1620821684801;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 dc_oe=ChMI6OmLoY_E8AIV1pV3Ch3UUgVTEAAYACD92YNDQhMIrrG4oI_E8AIVgl7lCh2s3wc0;met=1;&timestamp=1620821684903;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame C8B6 42 B
63 B 88ms
54ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI6OmLoY_E8AIV1pV3Ch3UUgVTEAAYACD92YNDQhMIrrG4oI_E8AIVgl7lCh2s3wc0;met=1;&timestamp=1620821684903;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

502
Bad Gateway

hms.gif
sync.colossusssp.com/
Redirect Chain

https://colossusssp.com/?c=o&m=cookie
https://sync.colossusssp.com/hms.gif?puid=af324f41dac367e8b00c19c25547f789595f1339

0
0

328ms
109ms

Image
text/html

88.214.193.99
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.colossusssp.com/hms.gif?puid=af324f41dac367e8b00c19c25547f789595f1339
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.214.193.99 , United Kingdom, ASN46636 (NATCOWEB, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Location: https://sync.colossusssp.com/hms.gif?puid=af324f41dac367e8b00c19c25547f789595f1339
Date: Wed, 12 May 2021 12:14:49 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 200 checksync.php Show response
hbx.media.net/ Frame A9B8 22 KB
8 KB 61ms
60ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUL2TG3D&prvid=3%2C23%2C29%2C51%2C56%2C77%2C79%2C80%2C82%2C96%2C97%2C106%2C109%2C122%2C126%2C132%2C145%2C147%2C148%2C157%2C159%2C171%2C172%2C175%2C182%2C184%2C186%2C188%2C201%2C203%2C208%2C215%2C220%2C221%2C222%2C225%2C228%2C236%2C238%2C239%2C246%2C251%2C273%2C2033%2C3014%2C3015%2C3018&itype=HB&rtime=13843&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

4db3920379725d38bc3ad1f11caa3859d480936d84048aab851e8b3960466cf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: hbx.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUL2TG3D&prvid=3%2C23%2C29%2C51%2C56%2C77%2C79%2C80%2C82%2C96%2C97%2C106%2C109%2C122%2C126%2C132%2C145%2C147%2C148%2C157%2C159%2C171%2C172%2C175%2C182%2C184%2C186%2C188%2C201%2C203%2C208%2C215%2C220%2C221%2C222%2C225%2C228%2C236%2C238%2C239%2C246%2C251%2C273%2C2033%2C3014%2C3015%2C3018&itype=HB&rtime=13843&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sat, 13 Nov 2021 12:14:46 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Fri, 14 May 2021 12:14:46 GMT
date: Wed, 12 May 2021 12:14:46 GMT
content-length: 7916

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame CDCB 0
326 B 41ms
13ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.theonion.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=www.theonion.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1584
set-cookie: uid=d5aaf583-afb7-40dc-bd6f-45535e3043d2; expires=Thu, 12 May 2022 12:14:45 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Wed, 12 May 2021 12:14:45 GMT
content-length: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021050601&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e9b2852a2fe1af51803bbdf4c67488f2ea5cde14b82dff3785bae3de67e8ab32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 May 2021 12:14:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7782
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 12:14:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 12 May 2021 12:14:46 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame E8F2 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 12 May 2021 12:07:11 GMT
expires: Thu, 12 May 2022 12:07:11 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 455
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 VUb54HSrcJlfDt76-zYSNvHYPadoqD5ysjWH2aTGPz8.js Show response
pagead2.googlesyndication.com/bg/ Frame E8F2 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VUb54HSrcJlfDt76-zYSNvHYPadoqD5ysjWH2aTGPz8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5546f9e074ab70995f0edefafb361236f1d83da768a83e72b23587d9a4c63f3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 10:03:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 7859
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5687
x-xss-protection: 0
expires: Thu, 12 May 2022 10:03:47 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021050601&jk=1203628608458166&bg=!HB-lH1vNAAY59bwoOfU7ACkAdvg8Wn1h4akqeaP1x1_l2KhTp1Q7J9jL1xmPi3Utbb0Bnm0kUdgokAIAAAB9UgAAAA1oAQcKAKFdPejXn6jNx9aKIXAtsvyHng9a76K_qMg8SrdmQttIAAxARSdOvLJC_XSmF9788cnDUmcsv-yLvDnzNEPHK8TmKUQgBmByboF3vX7coPuJY32-KSRexc6G5amMqGAetEJCwzPTgBGPshDjbw9uiNICagZjqg-TzMNDHN179KIe7AEkjDjMaOooYM1JSVY451MJubYFIBSjomJyyd2iMaGQkpkCRCpAhd1ADzVbXpql9vnr-4mcDc1HH4I0ytHiBjfKQM2zh3l04sa9z2Ay0IgI047sKspmNcVCdkKxZrnJhp-a3UMHyjt94d5MMuicRb7UFu2Tq6lgsSvRzwJxvN_bc5HbNHlkSdBj7sbrQl_-kB7NYfDGVJGrWge08r63UTC-dD_EFQoFdxI5x4MVHp7_wLODjiTTIBuCJh9m4XwzDr6Nakn7zt4Ch-8bj_5J7gfmIgK5LhN82cq3V09o7soj3K9xzMnVzWt9yXhUZ-noowY5QLysfZLC880hQ-tX2l_xtePYft4Ph3n6X71DvPAuj9E7OHh3G0TpyWOom7LD7Ytr7WNn4C4D4P8YN6i9VuZiOxV42XU9WLidcwL2p7RtauqHvjYNWM31F7bnX-CYy45u4MNGYPnGwk1mX7NR2vcz4Bvy4cql1v66V15Xd4uZTYHiNIPwJwetYffOoZWJVbxeXiRqDrnrb-zktosF86VEDu51Uo_BqC9k_-xXAE_ixZ3vH44RdEHla50nvVDLxGIdRfnzPKppS0LKhDamQNiLgL9I-r4gL3MYLyErNM9ACafQKiMpNBZPrNwuucatjU9F6Fu1c6qwA-ScomSgu5S-aR00pYvvOcVqlyA9oA-rBG3yyzBPI0fQaS56yRNpF_sKjf3vGG2vfBep7Fh10rXGnB-R_oDWqC38CKoNnxB022sWSnEwNb9Azx3iuSV7kYWr7LQ8r85ruK6CB22zQSUWtneZrDUlGwHcwG-eFmI29_-EBxjVTdg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 113ms
113ms Image
image/gif 3.233.246.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=theonion.com&p=%2F&u=caf6c1FNugCxkZj7&d=theonion.com&g=3012&g0=www.theonion.com&g1=No%20Author&n=1&f=00001&c=0.25&x=0&m=0&y=6671&o=1600&w=1200&j=30&R=1&W=0&I=0&E=5&e=5&r=&b=1496&t=B5lSCJCgSBMzCk3yTTCq73kZBAuRds&V=126&tz=-120&sn=2&sv=CYRHrSBCeLLRBaXW4pDxDX7oBTSp0S&sd=1&im=067b2ff3&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.233.246.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-233-246-167.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ 0
297 B 126ms
125ms XHR
multipart/form-data 3.18.8.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=116348
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.8.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-8-90.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 May 2021 12:14:48 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 dc_oe=ChMIla6BoY_E8AIV1vV3Ch1GUwxnEAAYACCixKVDQhMIvc63oI_E8AIVa1TlCh0LIAhX;met=1;&timestamp=1620821694801;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame 4769 42 B
107 B 85ms
84ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIla6BoY_E8AIV1vV3Ch1GUwxnEAAYACCixKVDQhMIvc63oI_E8AIVa1TlCh0LIAhX;met=1;&timestamp=1620821694801;eid1=2;ecn1=0;etm1=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 dc_oe=ChMI6OmLoY_E8AIV1pV3Ch3UUgVTEAAYACD92YNDQhMIrrG4oI_E8AIVgl7lCh2s3wc0;met=1;&timestamp=1620821694903;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame C8B6 42 B
63 B 54ms
54ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI6OmLoY_E8AIV1pV3Ch3UUgVTEAAYACD92YNDQhMIrrG4oI_E8AIVgl7lCh2s3wc0;met=1;&timestamp=1620821694903;eid1=2;ecn1=0;etm1=10;

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 May 2021 12:14:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.britepool.com
URL: https://api.britepool.com/v1/britepool/id

Domain: api.britepool.com
URL: https://api.britepool.com/v1/britepool/id

Verdicts & Comments Add Verdict or Comment

154 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.casalemedia.com/	1970-01-20 02:59:17	Name: CMRUM3 Value: 0d609bc6b527600638220400d33da89142788f
.casalemedia.com/	1970-01-19 20:23:17	Name: CMPRO Value: 1202
.casalemedia.com/	1970-01-19 20:23:17	Name: CMPS Value: 3202
.casalemedia.com/	1970-01-19 18:15:08	Name: CMST Value: YJvGtWCbxrUA
.casalemedia.com/	1970-01-20 02:59:17	Name: CMID Value: YJvGtW.6GzzViX02ooqfFgAA

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://www.theonion.com/x-kinja-static/assets/new-client/adManager.addfdaedaf2bdf948553.js(Line 8) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050601.js(Line 6) Message: updateCorrelator has been deprecated. Please see the Google Ad Manager help page on "Pageviews in GPT" for more information: https://support.google.com/admanager/answer/183281?hl=en

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

269cd7b71cb1e73d9902abf674c05f90.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
ad.turn.com
ade.googlesyndication.com
adservice.google.ch
adservice.google.com
ampcid.google.com
ampcid.google.de
api.bounceexchange.com
api.britepool.com
api.rlcdn.com
assets.bounceexchange.com
bidder.criteo.com
btloader.com
c.amazon-adsystem.com
c2shb.ssp.yahoo.com
capi.connatix.com
cd.connatix.com
cdn.britepool.com
cdn.speedcurve.com
cds.connatix.com
cm.g.doubleclick.net
colossusssp.com
connect.scroll.com
creativecdn.com
cs.media.net
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
f.kinja-static.com
fastlane.rubiconproject.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbx.media.net
htlb.casalemedia.com
i.kinja-img.com
ib.adnxs.com
id.rlcdn.com
idx.liadm.com
imasdk.googleapis.com
img.connatix.com
insight.adsrvr.org
js-sec.indexww.com
kinja-com.videoplayerhub.com
kinja.com
match.adsrvr.org
onion.com
p.rfihub.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel-eu.rubiconproject.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid.media.net
px.britepool.com
s.amazon-adsystem.com
s0.2mdn.net
sb.scorecardresearch.com
secure.adnxs.com
securepubads.g.doubleclick.net
sofia.trustx.org
ssum-sec.casalemedia.com
static.chartbeat.com
static.criteo.net
static.scroll.com
stats.g.doubleclick.net
sync-amz.ads.yieldmo.com
sync-tm.everesttech.net
sync.adotmob.com
sync.colossusssp.com
sync.mathtag.com
tag.bounceexchange.com
tagan.adlightning.com
theonion.com
thrtle.com
token.rubiconproject.com
tpc.googlesyndication.com
us-u.openx.net
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.theonion.com
x.kinja-static.com
api.britepool.com
104.111.230.142
13.224.103.105
13.224.95.16
13.224.95.18
13.248.242.197
142.250.184.194
142.250.185.194
151.101.114.137
151.101.114.217
151.101.114.49
151.101.194.166
151.101.66.166
172.217.16.130
172.217.23.98
178.250.2.131
18.156.195.47
185.183.112.155
185.184.8.30
185.29.133.199
185.33.221.50
193.0.160.129
199.232.194.217
2.18.234.21
2.18.235.93
2001:678:cb4:bbbb::11
213.19.162.61
23.37.38.181
2600:9000:206f:4000:0:70b1:7080:93a1
2600:9000:2190:8e00:18:1fcd:34e:d2a1
2606:4700:20::ac43:4686
2606:4700:3039::6815:c076
2a00:1288:110:c305::8000
2a00:1450:4001:800::2002
2a00:1450:4001:803::2001
2a00:1450:4001:808::2004
2a00:1450:4001:808::200e
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2001
2a00:1450:4001:812::2002
2a00:1450:4001:829::2003
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::200e
2a00:1450:400c:c08::9a
2a02:2638:1::13
2a02:2638::3
3.124.65.205
3.18.8.90
3.212.71.107
3.233.246.167
34.120.133.55
34.120.253.250
34.237.40.131
34.98.72.95
35.201.100.179
35.211.168.6
35.227.229.34
35.244.159.8
35.244.174.68
52.30.148.233
52.86.237.87
52.95.124.165
65.9.66.94
67.199.248.13
69.173.144.139
72.21.206.140
88.214.193.99
88.214.207.207
01522e70e4807e89bf3303d4f2e01fb141b4ce91dba4023d23794e255028ed9e
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
04232729bcec24f880f21da3bb7555efd1088ac1a004a9961c8213f738fb73e0
05b1936a5e4229dc34d8e5fcfc22ce024634ea618687f37e31857402b27c4dba
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
09ecc8c79c5542a48d504d994dfcea68a71cd61d7d58168c7b275ef5083b899e
09f9d527f7ee559eddd55aa8399e14c8cd9531a5e3f0f62f709d4ab6bb858d1a
0b77092feebb9e3f84d07e5b471826b60eb77ea623f65e18398872103af1ae03
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd80ca89aea8cd21814197bd160450d2f508198c8f172afb61674fd5c6614ca
0dc00b92269a44e4fe71813c9cc16fcc27d1d97c83db255a09cec62bc91aaaca
0e3de2e14d9c8708fe42cbb220f1c4d52b720493b1503aa266fac9361b64ac31
0e7cec00a56dcc4f9b8bafc9003193ccee8cc269f6990c64fc9302b4aa448e6e
11da7e6f8cee87e26cc93982fe55c87e6bdf70c215a62d23c72b60e19f4ef993
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13da6e454c48a42e6f9af593a8b194332c747807da217e9f294761640e8d8bc6
148cf0d73298f5d4f9bf3f7e8174a5a11e0abfab5e11b9274bfeb01a755d496d
159f073ca9a9d774b1cad9f7991e48b1f060f297d4fdcb15b14d4e25edf20a48
16567a7c25c8f64c0861b7eae3892722920bd09e5a77dd293799eb034194b551
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
18f0d90879772af94b6517a86fdccebbfe13c895208dd7943324e9f6aa9f2b1a
19169c6501d19fe5db8d41fbb60d85273b91a076968f7f98fa7afaaad5ac913a
1972670f356d064fac8d1be0a1c2cc92ef6bf3acd6c0ad8d934981ce601b3b0f
1ab5e8f02049723599890880252a821a1977b08f1f9fb3b0b14575581315eb7b
1cbb58dea630e6854e6c5912004d1ec97ad9829d50725234801b850bc811d3a1
202fa7ba876a0bcdc66bc00230ce7c0f140627f469024ea49a0bb118bdb846d7
2252d99057cd26061913d9d6b86bc2f958b51fcaf62bea99f1f03f6e47a57f64
23abd3879c065de7044cf1997c8fbe169cbaaba9518d808a461f4a9a2ff3af70
2556f59b2cd53ed4796e3321c14f626f90f8e739ee20e14d70ddc96908785cad
27e46ca80375bcfd0eacaa8e78a88b59c2a14605706440e27b5390260a8a1f3e
280aa0d6cbff263e9cbea356ed88de741efd7abc1814f5f897bc727edab2c5e2
288ea89b19322f57deebd23e5cc13a7e99234699920b665cbba0b2428578e1c3
28fde232132691fa382574493db5ec316404fb19e6e8e10d70e64a2740293e03
2a6dc6fb00cde6afb3b582119bf4c8c6ee7f5b4043cf09b789482b85850a48d4
2a9a71312cdfc062f7d8dd7d322a2017cbc8e0834eaf76f42a9ecc6ad7174d3b
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2ce6ec59c3b4fb4d5b4dd981f15c37b81d46e7390906fb31099b5c5baba78124
2d209a411ab8f27fff323faa31d022204583adcad739e7bb35b9ef504c55df37
30302ebb7094c997809ca671e593375ba4e34efe494a86bc3003692ddd27099e
303fc21a57976a4056e39549226934ffb9af09280ba83fdc5b8df9c5ee5abff0
30a74a724f831d9b59d6a44c890fe18ff341bd1d68579aed2cb09e682b59f312
3116a8232e6dfe2a45e4a2e4a8440f4feb8c003406eaae9d98b569be933d42b5
3426fb9ab290b175146bce114372bac9bae5f2f661cd390d5caa75d3b2bc7544
35983cd8f6ef4c7cb9989a29f0e9151b5cd81ace67f614dc88cb0797bb1eea32
3917bbc98bcd38c813bbe6857e24b5d82a03d8116a296d34e1a631c5a1956ec2
392d86a7939819e2c66e6119fd2619c362f950d7f56b5a7ec80333c949871ccb
3ad101552294640eb09ff94ec6d2ccb497d17b143b4e57aeb974994b8c2da97a
3cac148c26b30717b9351164b43c83c094ee67caf869d0055725039044fb507e
3d764be1388f0488c90be29ca58c3ad082f9d954ece8448448779bb79e3ca7a4
3ec8291ae5f0df52cdc3c5cb4caea82f62952952d23788af94efd0b1e2cbe1f7
3ed4dce1bfb07c181da64095e302461a5b744ee60299ca8cdff598633d745bf9
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
403c7599ce9433adbea0c263dc96dbfcd0a61f895e2787568c11d47a39be21ed
43e36f6705b5a49d2764947aaa7b019c7e24c3ceab702b7791cbeb4401eaf23b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4615e6cc9388c895f8d0abe74b485076270e2bb13b311866e27bf4680342e1ca
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
49013e2b7cb8c3240e453f1d478399b2e59434e6eedfc518272eedd4164a5998
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4db3920379725d38bc3ad1f11caa3859d480936d84048aab851e8b3960466cf8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ef9a18aef9847638b3b4344a0b2ebed14e84fb0aeb8ce29292af06826a2580a
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5546f9e074ab70995f0edefafb361236f1d83da768a83e72b23587d9a4c63f3f
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
568068711d00d07ac001e1937acdb4621d0d7ea602ff8beb225c1b9f22701d1d
575cc699ac23ea15d41918da3a497ecef7edb8370c1abf1ebd26312728d2e1ba
5c9fc196d96d36e202f92c9437be44870861197142f8df87e69e0129b949dc3c
5d4c614600b11972eb2858a5a87c76c8acb7feef0066f4df89a47cfa5727bfe9
5ed2acc4abf47252212c74fa79892db172ac16781d484cec7810649a591e388f
6123ac967d1ab79ef7093374f3156aa4143f4b0ea081a5e0356fbf55fcb40cb4
61ccb8c3252e27a327becaf9318517719a131160e0bc05659b0d2493dc6e9245
63125723c148b0c5391dea8c827d96958a6706a542f8b45822904aaefe10c4ad
63b176462a62d19e5a2af4cc0a845119d0389aae23ef15decd83efd182c91c40
660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c50de5ea5214d5c8bca51d1f4021d3a84781ddaaed9aa8aea8d183b9bba7077
6db55e01bed50fd095397a0c2382148aea2865278d05a346499a5a677bc49fcd
6e7bdf560a993758bb4f9f245f305b4a61a21d0837e2cebbe38cdbbd089adfca
724e1d3c710a798d807e235c66c8839f66c14d10ded86de1dde5bb692e53cb85
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec
75c1a4073b215e661d060a6ea643c91b987cfabde7c2336de23f595f2a004e20
764a170851cb6e2d00a02685b39a0c28a3378a19c82a568c4cfbc5df52af8031
76936b204033a460151a8be346aa6feeaa3118d4cddacb9184ca4349409d0a45
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
7767571d4000409145e765742b118281eb854a1685fb846371a1a33febd253a2
7e81304e7824242c9059d1ba7875b48357656ac82d4e143dccb3d0eb7c77296c
7eddef88f07ba5f97a16767e5dd2bd191cb49eca86caa5c56ecec4f3e6a06d34
81404aacb0d84988d864c671b075ca74f1baa4cebbb9f2b4c646233117d2d73e
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859d5e37e66e811e057fe7751b8b769cba70f3c3073793ca482ffcf2d422c826
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e62bbeef76338ef4a87c5392b7604254f0d2f6cf15e576991b47f0366218e9c
8e8d2c867ae480b6b318900eb4168d5645f635420bdb1626976c9c0af71c45eb
8f4ea46ad7e421dbf383dff81c4e8169ba515c49c72151c020d364aaa7c7bf27
8f8323312bd3a3860255765e061c169c14fcb7cab186df887c845edc34543f58
8fe5f0c4bdaf3e031a6172679193e88d3a24c7deb6e3c7e2b2a477061cc1ad81
9000f4bba14a2516df65d76529948e70a55cc7dbf73f74407409fe2ea74b7a73
901d82537d8e767614ff78f1cd654fca23d9252894b3d842c950ef875694d284
90ec56a70a898b1c9fd2b114ccb5145e4294cd9098597004f15e86c9b0f3814c
9289f9c58f51cfe5a65efcc0ff8559af4ce2f3ade98196e38e263f1bca399ac6
92a0bfc0861a802d3fe9c2c70913bebc317707244d8d4d4656927713ecc2a2f5
94d647beae028fa58c0290080f2ca6cd0ec88b5fdc51a401864ec1cd433a8af2
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
96e96292bf35ab4cfa60cf8f26578f55bacf27297ed4d97f7110a70e29229e0a
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9b5473db0e51abf3da61b7537df9dcb6a8758d37438aa247d0aad4bfd51f2b56
9eb83620a305b5cfbd47a770dd1f649d9ae99d34becf19308f9cc75106d1b5b4
9f3d63652277cd51fb82f48f9c18480d5a5bd4960cab9e0c8d96f5f03bce7836
a0bbea3c8619e7354c243ce2a7a41030f3997c3d3230a89d692ceda9b88a2e2c
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a720edff5fac0933dfb339213c8239f78abfa3cb60c27a9c467704fb5c57aae0
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa4d27239f61f3f12e511f7774931c0d59c456971f9f6ef1d7a13a2408420d37
ab367e8880530a7949a5a5cffe5aed8ffe313413238fe8b1f6e9d8b5c1060614
abf419ca6f6d5e3c5c89f26cdf1eae7a4c079c6d3566a55959e3ee222398041a
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0384dc4f44a2d2192eea70893ce43e74d63925434d7cfe10163227ee2791cd7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16c29c3239cef6d04df226355334699c8c5099cf6b64ff30fa488c7a24a085a
b4697681781b6897cbd7e25d02b4ee47295179b34157ea66a88a15fd0d2bc706
b6541ccc3e28b7eb3657d8624c3b23a6c955f0a05fdef7a7cfa04a798c3d0f30
b6681ebe8f1adb7cb3140002cd40223d5d4e240adb9d92527e83147e621a65c6
bab52415ad1528e0e14bedfabdd748d62572a27dcd2ff1991d8cd9bdb0b0609a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc7167a426fb45825902fddef4a2d12b790bb470ff9e8656fdaadf293b676f42
bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a
bcb45162f4767c27d523264f079fe50608d937d6efd881e1b2dca221c195c9e0
bcc251ac1a861dec17cb39cd089bf4be1cb39f560e69273be3d38d745da51d55
bd81568ef95ce5d7859859f7e4e48f46bfa0a4a8f404d3f2d56c65bd1c223915
bf085c3ec47acdc729ec9929e13405f071ce559d6e4bf8aa0cf91d10f4dff396
bf7055642f98c8e3f7717323c7df5ac421d68f48a30a94c74d11691d2ab25888
bfccdd802e4f49357a3395f0bebcec9a0469bacba10ab5644f45b9411ec67386
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2623c377b66546fddb83939116bccb47fc698265387ca1d6b224ef7aaac5cf9
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c67ad2d9238a59e431c3dde1e0012739faf0cf3cf40fe9a103169fb90c4e2b73
c6aab545ef170f4fc6eef7be5bb957994762f03eddea7d481275a3f922563b0d
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb8cac8943d6b7fafc5c7173438c24ff66ea641feb7e4e6ab1572ac696309263
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1b63c0e25078c4b8a65b7719683916657f163dcf291f93a9baed43729914ef4
d36313f89703f3c4a05f122f9ae4ad86a26ef03b218004281fcba2ac9203d24e
d6b7472f98f400d0f4c24dea8eb9a90afb003eda04b32f86f48fddaf56f78fbf
d6e668bf0c21ef4274202a2bbef5d482b3caae18fd9f3f877bf8ce929a4e7f13
d77beb93df130b7b138f3affbdb35abba9e51ca3437ba86c7216bd2746dcc1a3
d98a6f2b012dc37c7940261b5ddb5a6883c546d7e72b71f7987559bd330d70d8
dc680d436d373e6a96049bb377a03b99cd5279e3326051e860cea98e5086d25d
df0df39146c8995f0d40836e1e0839ad95f81ad1c9d24ba85169e3c2f0560ac1
df32c5ecbbd376bb8d8ed9c4ac41376dc50f4523b8d43e7165d710ba8a1095e6
dfb8689a3cbf4f504d5e8523c5b74e684d32766e37521bd00943d6e3c96da80e
e144286a6fd7250ec2c718987fbfa8f6fab94042a1b182af938dd2aac3bd1c4f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51bf05139b07aadb61ae64ba50759e715fb306003e97489a3e7865098e4ab88
e6875ff569b25bca34b2b7865b07326ddcc91b960cf0006b586bf3caf84d7fcd
e6de2bd9b5cb6e9ebfbf874940becb16016151d713ee19049eab99dfe0965ebc
e7fcd15fc0e26e922fb8d0e2ad5b6dbd141bdd20915188c8c6ffda7be062f8f3
e9b2852a2fe1af51803bbdf4c67488f2ea5cde14b82dff3785bae3de67e8ab32
ebb5281c0b2743cffb8ee8bece7103473b30cf8636848661aa53571d81cad3ed
ec93813683cccb74a7896a34a2ed1b2163288620f6959ae06de3ded30cf518b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c19455876a23a70e104a436baa4d5cfdbade5685e228c25cd5f1aeadc42c7c
f1625db1ab672498b3249e9f458daaf604acf8961093e2599472bc0a498f8af1
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f612b17f06a64bcf4683b3b04e54c313ede809fe59d10ffc691b80abdf4ff6e2
fa40ab2039a7d204069b37e1236b7ca1ed0f38caf2181528aabb0d14139bcc07
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

www.theonion.com Open in urlscan Pro 151.101.194.166 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

256 Requests

99 %HTTPS

30 %IPv6

49 Domains

86 Subdomains

59 IPs

7 Countries

3903 kBTransfer

11995 kBSize

5 Cookies

59 Outgoing links

Page URL History

Redirected requests

256 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.theonion.com Open in urlscan Pro
151.101.194.166 Public Scan

Screenshot
Live screenshot

Full Image

256
Requests

99 %
HTTPS

30 %
IPv6

49
Domains

86
Subdomains

59
IPs

7
Countries

3903 kB
Transfer

11995 kB
Size

5
Cookies

256 HTTP transactions
3 data transactions