www.heralddemocrat.com Open in urlscan Pro
66.148.122.12 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://heralddemocrat.com/
Effective URL:
https://www.heralddemocrat.com/
Submission Tags: analytics-framework
Submission: On April 21 via api (April 21st 2023, 5:13:22 am UTC) from US — Scanned from DE

Summary HTTP 230 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 51 IPs in 5 countries across 57 domains to perform 230 HTTP transactions. The main IP is 66.148.122.12, located in Seattle, United States and belongs to HOPONE-GLOBAL, US. The main domain is www.heralddemocrat.com.
TLS certificate: Issued by R3 on February 28th 2023. Valid for: 3 months.

This is the only time www.heralddemocrat.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 41	66.148.122.12 66.148.122.12	14361 (HOPONE-GL...) (HOPONE-GLOBAL)
3	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	207.228.225.157 207.228.225.157	14361 (HOPONE-GL...) (HOPONE-GLOBAL)
19	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	104.17.187.220 104.17.187.220	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::2014	15169 (GOOGLE) (GOOGLE)
11	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
14	20.40.202.28 20.40.202.28	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1	130.211.10.17 130.211.10.17	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
8	34.251.239.38 34.251.239.38	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2014	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
4	20.150.38.36 20.150.38.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2600:1901:0:8... 2600:1901:0:8344::	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	162.19.138.116 162.19.138.116	16276 (OVH) (OVH)
2	54.194.98.250 54.194.98.250	16509 (AMAZON-02) (AMAZON-02)
3	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
16	2600:9000:225... 2600:9000:2251:3e00:1a:5235:f980:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:440... 2606:4700:4400::6812:220a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.120.58.62 34.120.58.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	216.52.2.91 216.52.2.91	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2	52.222.208.154 52.222.208.154	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:249... 2600:9000:2491:9c00:1:6448:6d00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.112 185.64.189.112	() ()
1 2	185.64.189.115 185.64.189.115	() ()
1 1	185.29.134.248 185.29.134.248	() ()
5	185.64.189.110 185.64.189.110	() ()
2 2	213.155.156.167 213.155.156.167	() ()
5	185.64.190.80 185.64.190.80	() ()
1 1	193.0.160.131 193.0.160.131	() ()
1 1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	() ()
2 2	185.89.210.153 185.89.210.153	() ()
1 1	85.114.159.93 85.114.159.93	() ()
2 2	151.101.66.49 151.101.66.49	() ()
1	35.186.193.173 35.186.193.173	() ()
1	195.5.165.20 195.5.165.20	() ()
1 1	35.214.153.92 35.214.153.92	() ()
3 3	142.250.185.162 142.250.185.162	() ()
1	34.247.20.4 34.247.20.4	() ()
2 2	34.111.129.221 34.111.129.221	() ()
1	34.111.131.239 34.111.131.239	() ()
1	35.204.74.118 35.204.74.118	() ()
2 2	3.71.149.231 3.71.149.231	() ()
1	198.47.127.20 198.47.127.20	() ()
1	2a05:d018:d29... 2a05:d018:d29:3602:ea30:652:4665:4067	() ()
1	98.98.134.241 98.98.134.241	() ()
230	51

41 66.148.122.12 (Seattle, United States) 1 redirects

ASN14361 (HOPONE-GLOBAL, US)
PTR: sagemt.com

heralddemocrat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.heralddemocrat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
web1.etypeservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 207.228.225.157 (Ashburn, United States)

ASN14361 (HOPONE-GLOBAL, US)

analytics.cherryroad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.187.220 (None, )

ASN13335 (CLOUDFLARENET, US)

www.legacy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

japfg-trending-content.uc.r.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

assets.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 20.40.202.28 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

publisher.etype.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.10.17 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 17.10.211.130.bc.googleusercontent.com

www.justapinch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

71b9f19b7c03d40dfebc9934b0406e71.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.251.239.38 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-239-38.eu-west-1.compute.amazonaws.com

trends.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
yeet.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

japfg-trending-content.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.150.38.36 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

etypeproductionstorage1.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:8344:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

lexicon.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.116 (France)

ASN16276 (OVH, FR)
PTR: ns31533567.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.194.98.250 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-98-250.eu-west-1.compute.amazonaws.com

id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2600:9000:2251:3e00:1a:5235:f980:93a1 (United States)

ASN16509 (AMAZON-02, US)

live.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:220a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.confiant-integrations.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.58.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.58.120.34.bc.googleusercontent.com

www.americanhometownmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

justapinch-com-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.91 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.208.154 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-208-154.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2491:9c00:1:6448:6d00:93a1 (United States)

ASN16509 (AMAZON-02, US)

video.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (None, )

ASN- ()

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (None, ) 1 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.189.110 (None, )

ASN- ()

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.167 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.80 (None, )

ASN- ()

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.131 (None, ) 1 redirects

ASN- ()

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (None, ) 1 redirects

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.153 (None, ) 2 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.49 (None, ) 2 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (None, )

ASN- ()

ipac.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.5.165.20 (None, )

ASN- ()

core.iprom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.153.92 (None, ) 1 redirects

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.162 (None, ) 3 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.247.20.4 (None, )

ASN- ()

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.129.221 (None, ) 2 redirects

ASN- ()

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.131.239 (None, )

ASN- ()

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (None, )

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.71.149.231 (None, ) 2 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.20 (None, )

ASN- ()

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:ea30:652:4665:4067 (None, )

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.241 (None, )

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	heralddemocrat.com 1 redirects heralddemocrat.com www.heralddemocrat.com	2 MB
22	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269 cm.g.doubleclick.net	216 KB
20	googlesyndication.com 71b9f19b7c03d40dfebc9934b0406e71.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 177 pagead2.googlesyndication.com — Cisco Umbrella Rank: 129	964 KB
19	revcontent.com assets.revcontent.com — Cisco Umbrella Rank: 8927 trends.revcontent.com — Cisco Umbrella Rank: 2610 img.revcontent.com — Cisco Umbrella Rank: 13291 cdn.revcontent.com — Cisco Umbrella Rank: 10383 images.revcontent.com — Cisco Umbrella Rank: 10002 yeet.revcontent.com — Cisco Umbrella Rank: 9504	149 KB
18	primis.tech live.primis.tech — Cisco Umbrella Rank: 3581 video.primis.tech — Cisco Umbrella Rank: 7034	718 KB
17	pubmatic.com 1 redirects ads.pubmatic.com — Cisco Umbrella Rank: 725 hbopenbid.pubmatic.com image6.pubmatic.com simage2.pubmatic.com image2.pubmatic.com image4.pubmatic.com	94 KB
14	etype.services publisher.etype.services	105 KB
8	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 143	186 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 238	268 KB
4	windows.net etypeproductionstorage1.blob.core.windows.net — Cisco Umbrella Rank: 543956	317 KB
3	yahoo.com 2 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	1 KB
3	weborama.fr 2 redirects cr.frontend.weborama.fr idsync.frontend.weborama.fr	899 B
3	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 451	1 KB
3	crwdcntrl.net id.crwdcntrl.net — Cisco Umbrella Rank: 2256 sync.crwdcntrl.net	909 B
3	google.com adservice.google.com — Cisco Umbrella Rank: 130 www.google.com — Cisco Umbrella Rank: 16	2 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	2 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 91 region1.google-analytics.com — Cisco Umbrella Rank: 1718	20 KB
3	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4642	27 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	738 B
2	adnxs.com 2 redirects ib.adnxs.com secure.adnxs.com Failed	2 KB
2	de17a.com 2 redirects d5p.de17a.com	562 B
2	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 361 aax-eu.amazon-adsystem.com Failed	59 KB
2	confiant-integrations.net cdn.confiant-integrations.net — Cisco Umbrella Rank: 1925	106 KB
2	criteo.com gum.criteo.com — Cisco Umbrella Rank: 442 dis.criteo.com Failed	381 B
2	33across.com lexicon.33across.com — Cisco Umbrella Rank: 1915	356 B
2	gstatic.com fonts.gstatic.com	80 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 5261	696 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	120 KB
2	appspot.com japfg-trending-content.uc.r.appspot.com — Cisco Umbrella Rank: 152613 japfg-trending-content.appspot.com — Cisco Umbrella Rank: 98117	4 KB
2	cherryroad.com analytics.cherryroad.com	2 KB
1	sitescout.com pixel-sync.sitescout.com	187 B
1	simpli.fi um.simpli.fi	612 B
1	loopme.me 1 redirects csync.loopme.me	225 B
1	iprom.net core.iprom.net	279 B
1	ctnsnet.com ipac.ctnsnet.com	369 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	524 B
1	quantserve.com 1 redirects cms.quantserve.com	589 B
1	rfihub.com 1 redirects p.rfihub.com	795 B
1	mathtag.com 1 redirects sync.mathtag.com	737 B
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 883	631 B
1	openx.net justapinch-com-d.openx.net — Cisco Umbrella Rank: 113337	595 B
1	americanhometownmedia.com www.americanhometownmedia.com — Cisco Umbrella Rank: 126650	103 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 612	632 B
1	justapinch.com www.justapinch.com — Cisco Umbrella Rank: 64023	22 KB
1	etypeservices.com web1.etypeservices.com	14 B
1	legacy.com www.legacy.com — Cisco Umbrella Rank: 28137	17 KB
0	bidtheatre.com Failed match.adsby.bidtheatre.com Failed
0	turn.com Failed ad.turn.com Failed
0	dotomi.com Failed pubmatic-match.dotomi.com Failed
0	bidswitch.net Failed x.bidswitch.net Failed
0	audrte.com Failed a.audrte.com Failed
0	gammaplatform.com Failed cm-supply-web.gammaplatform.com Failed
0	adgrx.com Failed cm.adgrx.com Failed
0	tribalfusion.com Failed a.tribalfusion.com Failed
0	bidr.io Failed match.prod.bidr.io Failed
0	stackadapt.com Failed sync.srv.stackadapt.com Failed
0	rlcdn.com Failed api.rlcdn.com Failed
230	57

	Domain	Requested by
39	www.heralddemocrat.com	www.heralddemocrat.com
19	securepubads.g.doubleclick.net	www.heralddemocrat.com securepubads.g.doubleclick.net www.googletagservices.com
16	live.primis.tech	www.heralddemocrat.com live.primis.tech
14	publisher.etype.services	www.heralddemocrat.com publisher.etype.services
13	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
8	lh3.googleusercontent.com	www.heralddemocrat.com
6	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	www.googletagservices.com	securepubads.g.doubleclick.net www.heralddemocrat.com
5	image2.pubmatic.com	ads.pubmatic.com
5	simage2.pubmatic.com	ads.pubmatic.com
5	assets.revcontent.com	www.heralddemocrat.com assets.revcontent.com
4	yeet.revcontent.com	assets.revcontent.com
4	images.revcontent.com
4	etypeproductionstorage1.blob.core.windows.net	publisher.etype.services
4	trends.revcontent.com	assets.revcontent.com
3	cm.g.doubleclick.net	3 redirects
3	match.adsrvr.org	ads.pubmatic.com live.primis.tech
3	ads.pubmatic.com	assets.revcontent.com live.primis.tech ads.pubmatic.com
3	fonts.googleapis.com	client www.legacy.com live.primis.tech
3	static.addtoany.com	www.heralddemocrat.com static.addtoany.com
2	ups.analytics.yahoo.com	2 redirects
2	cr.frontend.weborama.fr	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	ib.adnxs.com	2 redirects
2	d5p.de17a.com	2 redirects
2	image6.pubmatic.com	1 redirects ads.pubmatic.com
2	video.primis.tech
2	c.amazon-adsystem.com	live.primis.tech c.amazon-adsystem.com
2	cdn.confiant-integrations.net	www.googletagmanager.com cdn.confiant-integrations.net
2	id.crwdcntrl.net	ads.pubmatic.com live.primis.tech
2	gum.criteo.com	ads.pubmatic.com
2	lexicon.33across.com	ads.pubmatic.com live.primis.tech
2	fonts.gstatic.com	fonts.googleapis.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	www.googletagmanager.com	www.heralddemocrat.com www.google-analytics.com
2	www.google-analytics.com	www.heralddemocrat.com www.google-analytics.com
2	analytics.cherryroad.com	www.heralddemocrat.com analytics.cherryroad.com
1	pixel-sync.sitescout.com	ads.pubmatic.com
1	pr-bh.ybp.yahoo.com	ads.pubmatic.com
1	image4.pubmatic.com	ads.pubmatic.com
1	um.simpli.fi	ads.pubmatic.com
1	idsync.frontend.weborama.fr	ads.pubmatic.com
1	sync.crwdcntrl.net	ads.pubmatic.com
1	csync.loopme.me	1 redirects
1	core.iprom.net	ads.pubmatic.com
1	ipac.ctnsnet.com	ads.pubmatic.com
1	dsp.adfarm1.adition.com	1 redirects
1	cms.quantserve.com	1 redirects
1	p.rfihub.com	1 redirects
1	sync.mathtag.com	1 redirects
1	hbopenbid.pubmatic.com	live.primis.tech
1	ap.lijit.com	www.americanhometownmedia.com
1	justapinch-com-d.openx.net	www.americanhometownmedia.com
1	www.americanhometownmedia.com	www.heralddemocrat.com
1	id5-sync.com	ads.pubmatic.com
1	cdn.revcontent.com
1	img.revcontent.com
1	www.google.com	tpc.googlesyndication.com
1	japfg-trending-content.appspot.com	www.heralddemocrat.com
1	region1.google-analytics.com	www.googletagmanager.com
1	71b9f19b7c03d40dfebc9934b0406e71.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	www.justapinch.com	www.heralddemocrat.com
1	web1.etypeservices.com	www.heralddemocrat.com
1	japfg-trending-content.uc.r.appspot.com	www.heralddemocrat.com
1	www.legacy.com	www.heralddemocrat.com www.legacy.com
1	heralddemocrat.com	1 redirects
0	match.adsby.bidtheatre.com Failed	ads.pubmatic.com
0	secure.adnxs.com Failed	ads.pubmatic.com
0	ad.turn.com Failed	ads.pubmatic.com
0	pubmatic-match.dotomi.com Failed	ads.pubmatic.com
0	x.bidswitch.net Failed	ads.pubmatic.com
0	a.audrte.com Failed	ads.pubmatic.com
0	cm-supply-web.gammaplatform.com Failed	ads.pubmatic.com
0	cm.adgrx.com Failed	ads.pubmatic.com
0	a.tribalfusion.com Failed	ads.pubmatic.com
0	match.prod.bidr.io Failed	ads.pubmatic.com
0	sync.srv.stackadapt.com Failed	ads.pubmatic.com
0	aax-eu.amazon-adsystem.com Failed	ads.pubmatic.com
0	dis.criteo.com Failed	ads.pubmatic.com
0	api.rlcdn.com Failed	ads.pubmatic.com
230	81

This site contains links to these domains. Also see Links.

Domain
www.legacy.com
publisher.etype.services
zrecruit.cherryroad-media.com
mainst.cherryroad.com
japfg-trending-content.appspot.com
smeagol.revcontent.com
help.revcontent.com
www.revcontent.com
cherryroad-media.com
www.cherryroad.com

Subject Issuer	Validity	Valid
heralddemocrat.com R3	`2023-02-28` - `2023-05-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-04` - `2023-06-03`	a year	crt.sh
*.cherryroad.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-10` - `2023-11-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.appspot.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
assets.revcontent.com R3	`2023-03-13` - `2023-06-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
publisher.etype.services GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-13` - `2023-07-13`	6 months	crt.sh
web1.etypeservices.com R3	`2023-04-09` - `2023-07-08`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
justapinch.com Go Daddy Secure Certificate Authority - G2	`2023-04-18` - `2024-05-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
revcontent.com Amazon RSA 2048 M01	`2023-02-14` - `2023-07-16`	5 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.blob.core.windows.net Microsoft Azure TLS Issuing CA 06	`2023-02-18` - `2024-02-13`	a year	crt.sh
img.revcontent.com R3	`2023-03-13` - `2023-06-11`	3 months	crt.sh
cdn.revcontent.com R3	`2023-03-09` - `2023-06-07`	3 months	crt.sh
images.revcontent.com R3	`2023-03-06` - `2023-06-04`	3 months	crt.sh
lexicon.33across.com GTS CA 1D4	`2023-04-13` - `2023-07-12`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.id5-sync.com R3	`2023-04-18` - `2023-07-17`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.primis.tech Amazon RSA 2048 M01	`2022-10-24` - `2023-11-22`	a year	crt.sh
*.confiant-integrations.net GTS CA 1P5	`2023-03-27` - `2023-06-25`	3 months	crt.sh
www.americanhometownmedia.com Go Daddy Secure Certificate Authority - G2	`2022-05-12` - `2023-06-13`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.ctnsnet.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-04` - `2023-11-06`	10 months	crt.sh
*.iprom.net R3	`2023-03-01` - `2023-05-30`	3 months	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-04-04` - `2023-09-27`	6 months	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh

This page contains 30 frames:

Primary Page: https://www.heralddemocrat.com/
Frame ID: B69EE3978A924766FC46D1D8912FDB39
Requests: 120 HTTP requests in this frame

Frame: https://publisher.etype.services/special-editons/C6FA55C54659D987
Frame ID: A965B04F2B14CEA4B6D8E3A9A2F73CE6
Requests: 18 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: 732CB82BBD71896725BC56F3ACCE0512
Requests: 1 HTTP requests in this frame

Frame: https://71b9f19b7c03d40dfebc9934b0406e71.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A12CE1190739061DF5A1F2D70F6DD01C
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstmH_XPWKGUtTaNady-i_uLTxsQkzmP5qGk8sTLUO4p3q8KCoHoYOjcJ3oF7m2y8W2xDxng2xjcMRl2AuKQjUeYNMV6L6Rk1Y-hlhWr3Bad6Z6eiM613QHmgWW37PO-B2Hq8vwq744SBASTJjg3gPOpmrW098nAUkDlxBfBoH5kuGmh8Xt-itXk_JnnG17Chfa5Pwbu3S7gwzO-joS6a0X5Zu3K1dn8o00X76XH0f6Uq7d9wzrc-CV2gOw29T4Gltzcuq4wOo3CqG8TFGmWunhL4PYPn79a4fy_j8tP3H-JQSgdfb5HiNjbZ-2OFuCRuO_pou_8TmWT6KPpOdqRTIU&sai=AMfl-YQFDiwTEjQTED74roJLJl3FF_ia19Qd_iOY2mziE4PRAYYShuxQMBr2GaIjBT2U3V5HUg-N9QCoJgADjO6QN7duDPIhPVTXMdvv5w6n-Hytl77dovxgMPelLkWKdg9YqXuhWqgTMxPPUUl7Rdk_&sig=Cg0ArKJSzKfq6B0Z8ebuEAE&uach_m=[UACH]&adurl=
Frame ID: 916BA7D6555695B0215E5EAF022C1971
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstdZ0BIKpMNHs2o59y1PO5DD1SG4StmZmSSoquDLQsNxBzXgwL1dhPdlt6u5jLGxjM1-zPAZDvBUW40mg8azLtBx6IRekZ44UfKJhf526KGojO0tN9zjzYs8AJqDKIbcFnw61gpXc59-ZSMA_f5NM5JEvlR61pZc0bjvT5IlykkckE6hldDBPm_4_tDtFfnQ5YyR5Uc2fumUCeVTvWUiBb2TOaeqwWgxJbUUlCnn50C3b3tKofWPxZf98BhctClTULTx4RFpzCM1mIbqyJhTTj4cK3kUpIFRrLzd1ieb_Fw7jjydMvgYIKX2OSxnopmXx_tOINHuY9slJyRHl-i9VY-ick&sai=AMfl-YRw2u9X-MqEEejhTb_R2mlI_0r_MOsZd2R_Jm7ES-hymlpaNhqW4AMoq4TiHrQqkFbiloweyG-FGzOeysmJNjqsK_49cI-ggZN6eKo4oM5WSxMRAG6JhNoCX1cMRgA_zwI4LdcBfBUm6w-pbTM_&sig=Cg0ArKJSzKuBpM0A7tuSEAE&uach_m=[UACH]&adurl=
Frame ID: F77C60468BA048B312883C4992E28955
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuXM8KC_XPgtYukDC1-KvUDbzQ0x9ve7CSUi3l-rhPZN__v7KwoB_grmy_kGpGrmBEKAu55l6w8EofKtxcQoOVUBtzCAUEQUNz3xuSyMfr9TsAZRvCWvXAJP76dYG_0l2n693cx-wBtbJmg6WO0I_vKrLu-i0xAH3-FU0Q6jPC3nlQ6q2IPnqpzEAIvt83WkMvxqEd2QHAZSlNthqeRWyDF4O6R6eTfpcfvueUC3j_Y30vW66TrlYG2GtBsC76pnqwPUyIROmVmGcZxv2WXXdZ3jdudlFnslLYmIr_vB-sYj2TrXyFUAJ8V1RNBSNCN3S0RhWY4oHA71cQWsiPzy7n94eMKrw&sai=AMfl-YT0bER_Xv8vNKGVhGGKGMPujPayZZdSLtKLXJ-zE8ItxIRoQEuf5HMv1QeoWw1IYOl6apeE4kIh-FONKUJ527ANeL8R5HEh-wDxxAtR9jqBGPwUiXK5hZG8BQtzpQQ5dGOWTta7qHO6WAPBX1IT&sig=Cg0ArKJSzJKdFhEc2PvjEAE&uach_m=[UACH]&adurl=
Frame ID: 19808524243E15AA80EC5D6B3B91B5FD
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuprN1Xw_XzCxl7JyZ-58pn0c7lwtj0iI8-KC6BeryiHCaZGss0MwrD6jJ5EXHpnopSi39NrtWhNRkVbKs8p_FCPhVYHg6Dev4sB6rbGCngXO9crLEPz1j0M5DxNpz_duktSgao--dxsNtWl8zKgdlUp135krACUMTHhEOvYYtKg-gzLaxrdNXEeYtluXZLhDI1hHrBBfMsTN7qsghIFPbXkfFoNRYpNCegUQuEeR1-eqKAR4ktDdiUu881N9CA_6_9ZO9oGWKcXRHx78x564iAWKHn56rAVLNMbSApPl3Aryiw0jQlxtQJcOwPg2G2Mc-9n2CydZFYKS3oKzapBqjv&sai=AMfl-YTUDfCH4Eqnwitqm6TUVx-hm4j6eR-GNov_u_-6uOz4mVcUYK_1LdrTuewxdMWlxwx0SLcAlD6-EFLkjrKSLCWVjKDaFpbXuu95Us9e4LmVfiCz6ujg1NAPjAYJ1oaq8euJJYGz7YNQqRo61IUO&sig=Cg0ArKJSzKGL6WAMV2TeEAE&uach_m=[UACH]&adurl=
Frame ID: 94A5759FD7781063D8637BAADEA72A59
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_MWQfVhUGpSxBwtB89lUvDu13SohCGPHM7e-wnf0EhRoxxGGp8hvDUcoFhYSrcexmk7ZoFiah5lG3lqUSsxx2jP21tCqfdfB4ruDNSzEGSOwveYSVhJd_WlHRszCMb6kffXWFfBW2Jzy3n3tJolomjcvGqlhJWKlL8gBgD0zEUd6JjxJOT2QN2wRSkxlHp1qSm7NQ6Woa7GNizzyGgr__wcMEKAWypMFpqzEbxh-pll1IgEa3QmpeMMWoi2M-1K2NTxz68-Dhoc3S7skM8HPjzfk0Qc3lZnFOGjw6LXhviyKUPoWbO5G8_T0pzHeJAG4iPeZMKiMG8-IEoxxwcUab5Q&sai=AMfl-YTj2TAJEFyRWcjT9avXpf6neBxsV0OG3EXrypHBGci6riqm-lZeIzRXAtrxSSbwEvA3BTH60XZPr62ZnvhdgnRFL-PLirz_gTCgLWjaWJ85n5JWFIV0UAoLKxWce728PAhlCVID13Xj3qqcr57d&sig=Cg0ArKJSzH62DyPgCV7mEAE&uach_m=[UACH]&adurl=
Frame ID: 91987DD3450129C877A5ABD94D6AA05F
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 37F51CEB0F123AA7CA6A209BE7F43609
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5D9E993CA97EABF31921B6BD826EB0E6
Requests: 2 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682054000&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Frame ID: E487310B15F9D440030A9B681E55CABA
Requests: 19 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Frame ID: 83CA01A12A88CE30113486D33EDCAF49
Requests: 19 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:8c8f6442-1b72-4000-af2e-9f2e78b015b4&gdpr=0&gdpr_consent=
Frame ID: DFA2EBE56656061E59DCE1978F9C72D5
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5514073096729613439
Frame ID: CD37A6825EB069CA5FBD6A05A5CDBDA0
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 51FA7FA25F704EBD8AAE63C9B34AE9E9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588524360191072
Frame ID: 46A83DF29548C6D76BAC8FE1694AB82B
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JkMIbiEVC249TwVqJ08ROXMUDmk9Elo_IUIgiQKV
Frame ID: 7D5D69FDCFB423709B2EE5DA91B0FCCA
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: 8D00086F50D3A311050E21FC8FBE07AD
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3862291109529903718&gdpr=0&gdpr_consent=
Frame ID: 6152024D779C7FD236A0B894EA3CE225
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7224366928707844239&gdpr=0&gdpr_consent=
Frame ID: F25E08087A376627B194B469CA92463B
Requests: 1 HTTP requests in this frame

Frame: https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
Frame ID: 10B74647DA88C6BEB4BB483967DE7ED1
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1
Frame ID: BACE48D45F3D27655FE64950425E7687
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZEIbcgAES1niMgAp&gdpr=1&gdpr_consent=&_test=ZEIbcgAES1niMgAp
Frame ID: 6019DC03405B8478FB2C503ED34006E0
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: C55ADAACBE02943A0AAABFC32C88C5EC
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Frame ID: 205DBAB943FF4EB718104CC0FFB6C75E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 4DF5DF6438AC3F5EC2A19D56871B7E01
Requests: 1 HTTP requests in this frame

Frame: https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: DFF936B8F6346C5DCFC3405DA1838A2F
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: E651F45655791E6D11D14AD4ED3CE7FC
Requests: 1 HTTP requests in this frame

Frame: https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
Frame ID: BF840CE9C797F6BC4C3C2C0B876147C2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Herald Democrat – Herald Democrat

Page URL History Show full URLs

https://heralddemocrat.com/ HTTP 301
https://www.heralddemocrat.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

230
Requests

90 %
HTTPS

39 %
IPv6

57
Domains

81
Subdomains

51
IPs

5
Countries

5624 kB
Transfer

11241 kB
Size

18
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.legacy.com/us/obituaries/heralddemocrat/browse
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://publisher.etype.services/Herald-Democrat/Classifieds/V2/Herald-Democrat-Classifieds
Title: Classifieds

Search URL Search Domain Scan URL

URL: https://zrecruit.cherryroad-media.com/
Title: Job Board

Search URL Search Domain Scan URL

URL: https://publisher.etype.services/Herald-Democrat/Classifieds/V2/Herald-Democrat-Legals
Title: Legals

Search URL Search Domain Scan URL

URL: http://mainst.cherryroad.com/
Title: Main St

Search URL Search Domain Scan URL

URL: https://japfg-trending-content.appspot.com/click-dug.php?a=%2F&f=10254&p=/recipes/side/vegetable/sauteed-garlic-green-beans.html&s=10000&do=www.heralddemocrat.com
Title: By Holly G. in OTISCO, INSauteed Garlic Green Beans

Search URL Search Domain Scan URL

URL: https://japfg-trending-content.appspot.com/click-dug.php?a=%2F&f=10254&p=/recipes/dessert/cake/birdie-cake.html&s=10000&do=www.heralddemocrat.com
Title: By Samantha O. in Camden, TNBirdie Cake

Search URL Search Domain Scan URL

URL: https://japfg-trending-content.appspot.com/click-dug.php?a=%2F&f=10254&p=/recipes/dessert/cake/oatmeal-cake-12.html&s=10000&do=www.heralddemocrat.com
Title: By Jolayne C. in Americus, GAOatmeal Cake

Search URL Search Domain Scan URL

URL: https://japfg-trending-content.appspot.com/click-dug.php?a=%2F&f=10254&p=/recipes/bread/other-bread/the-best-crusty-bread-dutch-oven.html&s=10000&do=www.heralddemocrat.com
Title: By Pat D. in Saginaw, MIThe Best Crusty Bread (Dutch Oven)

Search URL Search Domain Scan URL

URL: https://smeagol.revcontent.com/cv/v3/W51Sy1FdKyQB2_WwE-0XS_vug5g6kZsu8COz_q9SYHijYe1B5zwwPjiWNXLCs6u37rMqVwNqk-yDPp_jNP5iJ-vZP4zTARBLYQ2_dznaJfttxXk9pZbsGW7caRGpNe59MQA7XT5iZplhDpqXKTrHORLv7Oaio_boDTmf4roheNJl9u0QkShuYFDa5sJsVWrJQt9IOKJPXcEH0z_T2LE-YUSBe1WscUC5tpEzlEkvPdn3NqjRQIrsmwSU6zekrqJTckAc-T0KI0TH-c1VM27mYrnHpoufzE9cUtM6VX9dlybMEtGkpaZ9oQv7L4oYS_GoVwqBRCAwiwupa3OY5Uy8et3RdeK94go78insERnAsP3sNi4LZVfT0NcTuNVUV--YFHG-DJr1NOfgqYPJmYORFgSzkEY7WpYn8Py0uSKeZFnzQ6LFuN4NA2fmnEm7XWFrKkuLraybkJiKkfTMuDxy_WpoP42D6S9da2EBGlcDvLYNU0tMx4No4XpPo7rssmLN8jAIFAb62HGSu3QHJuELJ8d7Pyz5JxP2Q9xvFZWzpu6-wXcW1YU66H_DZtk-KUPRWtaIBM-D7PpCyay-ZszQMuGwd1cj-YGh0OUZ3EnBKpJoUkKgWXMTEGWqqLwHg4kbF__Lmy0Rpyj3pgue2TbmwHejhR5MqccLeY4LxmvMnsO5DkiM1qhMyTJGwO0g9ZDNEiD-brnfyn6i_kpBqD_q?p=GgFDMOy2iKIGOiRiMjMwNThkZC1jZDVkLTRkYjEtYjFkMi1hNTcxNWY4NTM0N2RCJDljODcxMjVlLTczNjAtNDI2Yi1hNDA5LTkxN2Q2NDkwZGI3YUoMd2hpdGUtd2Fsa2VyUIPWCljH5hBiEmhlcmFsZGRlbW9jcmF0LmNvbWoHZGVza3RvcIoBAzF4MZABAdgBso7wAaoCCjgxLjk1LjUuNDA
Title: Wollen Sie hundert Jahre alt werden? So reinigen Sie Ihre VenenCardioBalance

Search URL Search Domain Scan URL

URL: https://smeagol.revcontent.com/cv/v3/9VjUU7Hm_gfmIXTZB6bA805tgq9vg8zj1Q2mEmQ0w_IuYln219UzcT5TYoV3ViSV-6Bz_uG58iQ47qy3aVVLXnZKKKIb0efnTBhdRcpPOAwrrr-xMSWoRW36rJU3AoZIcMBCT-CfLICchgX68gedlZghzP115S0YuXttSa0K2Ygb5kW7ytbmTP-Z3Rb-jiBS0W_wlBI-xpvaGvieYn1yvJoBWrxnJI1b2zY6Qtu5Dndd5oFkjXvLUvC6Whjv4SkvDdXNEEk9pQ-cB87GmW66SuIgQEKAXfAaGcKbnbrVbSyxuwEAFURKCFsKamUqX5JSTWUB-TEOOddPdpZTK8ttfFssT781ViYgOqZKy8FxB4waKF8Sqq-nodDMIcW5yl1l29qfPDqNDuOksKE5APmcSEXeH9tUpmdfAtZo0aRdFEmgVaBX-iTGjZC0Sp9RFJVRUAzQvms_jy5h9ButddPBI6TRpagB3cYNWkdVpKFSIX3uLK8BBXhW_ix-DENGzPgnCEKnqOryeq4kmX3k_A?p=GgFDMOy2iKIGOiRiMjMwNThkZC1jZDVkLTRkYjEtYjFkMi1hNTcxNWY4NTM0N2RCJDljODcxMjVlLTczNjAtNDI2Yi1hNDA5LTkxN2Q2NDkwZGI3YUoMd2hpdGUtd2Fsa2VyUIPWCljH5hBiEmhlcmFsZGRlbW9jcmF0LmNvbWoHZGVza3RvcIoBAzF4MZABAtgBso7wAaoCCjgxLjk1LjUuNDA
Title: Plastic Surgey and Improvements Cost Them Too MuchSurelyAwesome

Search URL Search Domain Scan URL

URL: https://smeagol.revcontent.com/cv/v3/pfax9M5IRKF5p8jJmf4jwY8_Phk3vQ5AILiYyuSYMw7CseF6rrj3xhO7TlvZbc2IZgph-sVpZUiaHCxhzq9_syR2mq3mtESxZqLR9oI5MgReTk69Qido2xgvG-ugvwukyjs_jR4GmPCbxQp7gtB1nPu5Hml1Q-1QbiOFw_EfFjJGcLE1Ct6tfVpet7R7R5jzDViw59ukmqH8sO8WK5Ma49ARl9idbKzjNyzDNoPF20Dt3VXZaV4aWi_FzfabZLGueVcTD5JXBSuT3R0GllNO2fkzk5Imf8oU50dYHPegbYBXgLLHr2DJ9Vq6uTQaDo0ea52UPwj4Qh3vFEvbrPE2fowMHEzeTMD60Zi7Tcr7PG2k494JQGrPAUUhWMbB1PV-vbr7jUq2yuX0ofowGydfPAZG_CD_M6NoUACTTiP6xjtH0D824Rz5CoGnXeVh7TErXJNI272hBd_-JGlVF7qFzPce0W-zSh5cUVupzM9en7Krbx12xKzpdcA7PLHUwOhuYZVg2CfvSE0bgdUMNU_8vhtUti08HT7ghh6pg4xWrw?p=GgFDMOy2iKIGOiRiMjMwNThkZC1jZDVkLTRkYjEtYjFkMi1hNTcxNWY4NTM0N2RCJDljODcxMjVlLTczNjAtNDI2Yi1hNDA5LTkxN2Q2NDkwZGI3YUoMd2hpdGUtd2Fsa2VyUIPWCljH5hBiEmhlcmFsZGRlbW9jcmF0LmNvbWoHZGVza3RvcIoBAzF4MZABA9gBso7wAaoCCjgxLjk1LjUuNDA
Title: This Video Will Soon Be Banned. Watch Before It's DeletedSecrets Revealed

Search URL Search Domain Scan URL

URL: https://smeagol.revcontent.com/cv/v3/gPFN45NB_gF3uJFIkdmTRckRVwAl-0qzKdQqTt86DqHu5l_6BNAnqxS09-FqRIZdsu2EOQp5oVgoAbZgrUU5aJ3_dpu88mKrUU66mIorIcLfRLCRVSk1F8NPSyiC7dH0H4xx7nq1DVomlKbnl1UTUy5hHb0cXWqvzifS301DpJtcVik96CJWAlW87V0GDEqm5T_0JOPm7BUpUAlTjt4IYv0kmkxPs0aGxwrT7Se6hziB_FYtb2FABQUSOnMWw7WqQ6LWG9cV7tjUk6TDtLER_Db4trDAHN0804Ruyt_ov0rfMyjqYqaTxtHKiUzKVfV9KxtrZ6djMIX9kQ9hn8U0WK8SIeojzo883InqGrxQjBcoXEjxG70rSeAk-YMJCwMH-SYvq4Pn72vTiq4LTXPnGRcpHFJc-1pqeh2dazp047fT8DXQv79W8Kq-OSIvZ_aA8XREnCBKy3EbJpsfITAlGWUwHUGKkiChqI3ixvT7PmeoTiSFR3Kvb7GzLHP5P4T8HsojfmD1q_QwZn0MpIGvIk7C_uxDwdvyuymwTf2VXf8KA_RldiO7O5hqJ-ljelCPyHNveuvjUBx7i03-D9qD9J3ZHSgNhFecxLhLxWIzS3FjqlLaX3zL-4fPolj1Z-qgJS535AxeBKhiLWyDD4uyQI9HDg?p=GgFDMOy2iKIGOiRiMjMwNThkZC1jZDVkLTRkYjEtYjFkMi1hNTcxNWY4NTM0N2RCJDljODcxMjVlLTczNjAtNDI2Yi1hNDA5LTkxN2Q2NDkwZGI3YUoMd2hpdGUtd2Fsa2VyUIPWCljH5hBiEmhlcmFsZGRlbW9jcmF0LmNvbWoHZGVza3RvcIoBAzF4MZABBNgBso7wAaoCCjgxLjk1LjUuNDA
Title: Getting an Online Job in the USA May Be Easier Than You ThinkOnline Job | Search Ads

Search URL Search Domain Scan URL

URL: https://help.revcontent.com/en/knowledge/revcontent-privacy-policy
Title: Revcontent's Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.revcontent.com/popup?utm_source=ads&utm_medium=organic&utm_term=signup
Title: Increase Your Engagement Now!

Search URL Search Domain Scan URL

URL: https://help.revcontent.com/en/knowledge/fake-news-complaints
Title: Submit a Report

Search URL Search Domain Scan URL

URL: https://cherryroad-media.com/community-rules/
Title: Community Rules

Search URL Search Domain Scan URL

URL: https://www.cherryroad.com/cookie-policy/
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://cherryroad-media.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://cherryroad-media.com/terms-of-service/
Title: Terms of Service

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://heralddemocrat.com/ HTTP 301
https://www.heralddemocrat.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 197

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:8c8f6442-1b72-4000-af2e-9f2e78b015b4&gdpr=0&gdpr_consent=

Request Chain 198

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5514073096729613439

Request Chain 200

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588524360191072

Request Chain 201

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JkMIbiEVC249TwVqJ08ROXMUDmk9Elo_IUIgiQKV

Request Chain 202

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent=&dcc=t

Request Chain 203

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3862291109529903718&gdpr=0&gdpr_consent=

Request Chain 204

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7224366928707844239&gdpr=0&gdpr_consent=

Request Chain 206

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1

Request Chain 207

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZEIbcgAES1niMgAp HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZEIbcgAES1niMgAp&gdpr=1&gdpr_consent=&_test=ZEIbcgAES1niMgAp

Request Chain 210

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 214

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=juFWWf1-SRSUfGbsojLFhg%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 216

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 307
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=2734721765 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=8EE15659-FD7E-4914-947C-66ECA232C586

Request Chain 218

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEVFMTU2NTktRkQ3RS00OTE0LTk0N0MtNjZFQ0EyMzJDNTg2&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 219

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEB3SPWQScCUMy5zpFjDhtuc&google_cver=1

Request Chain 221

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5714937427250808965

Request Chain 223

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-VXYSme9E2uXqZPgeZuN3dp.nhZQGPrk-~A&gdpr=0

Request Chain 225

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=

Request Chain 229

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID

230 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.heralddemocrat.com/
Redirect Chain

https://heralddemocrat.com/
https://www.heralddemocrat.com/

139 KB
29 KB

5809ms
5168ms

Document
text/html

66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

8621c908bc4b9e1cfdfa5066ab78bc730fcc9d766069a94d6dee83d9432bd5a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
content-type: text/html; charset=UTF-8
date: Fri, 21 Apr 2023 05:13:10 GMT
link: <https://www.heralddemocrat.com/wp-json/>; rel="https://api.w.org/" <https://www.heralddemocrat.com/wp-json/wp/v2/pages/851>; rel="alternate"; type="application/json" <https://www.heralddemocrat.com/>; rel=shortlink
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
referrer-policy: no-referrer
server: nginx/1.18.0 (Ubuntu)
strict-transport-security: max-age=5184000
vary: Accept-Encoding
x-content-type-options: nosniff
x-default-cache: default_cache
x-fastcgi-cache: MISS
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

content-length: 178
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
content-type: text/html
date: Fri, 21 Apr 2023 05:13:08 GMT
location: https://www.heralddemocrat.com/
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
referrer-policy: no-referrer
server: nginx/1.18.0 (Ubuntu)
strict-transport-security: max-age=5184000
x-content-type-options: nosniff
x-default-cache: default_cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 Georgia-Regular-font.ttf
www.heralddemocrat.com/wp-content/uploads/2021/05/ 140 KB
140 KB 187ms
184ms Font
application/octet-stream 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2021/05/Georgia-Regular-font.ttf

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7d0bb20c632bb59e81a0885f573bd2173f71f73204de9058feb68ce032227072

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
last-modified: Wed, 25 May 2022 10:00:14 GMT
server: nginx/1.18.0 (Ubuntu)
referrer-policy: no-referrer
etag: "628dfe2e-22e74"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
content-length: 142964
x-xss-protection: 1; mode=block

GET
H2 200 style.min.css
www.heralddemocrat.com/wp-includes/css/dist/block-library/ 93 KB
13 KB 167ms
164ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Mar 2023 02:51:32 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640e8fb4-172a9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 classic-themes.min.css
www.heralddemocrat.com/wp-includes/css/ 217 B
893 B 665ms
662ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/css/classic-themes.min.css?ver=1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Mar 2023 02:51:32 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640e8fb4-d9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.css
www.heralddemocrat.com/wp-content/plugins/paid-memberships-pro/css/ 18 KB
4 KB 665ms
662ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/paid-memberships-pro/css/frontend.css?ver=2.6.6

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

9ab2aae1e13e9678b5ff7477eb2376325e1793cd3dceeed0b980d6c59522828c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 10 Jun 2022 20:52:57 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62a3af29-481e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pmpromc.css
www.heralddemocrat.com/wp-content/plugins/pmpro-mailchimp/css/ 220 B
876 B 665ms
663ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/pmpro-mailchimp/css/pmpromc.css?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ca7a013acd7bc1d7d1af8726274c7c9248318846ac1eed864faf22656ba4d6f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 10 Jun 2022 20:53:08 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62a3af34-dc"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js_composer.min.css
www.heralddemocrat.com/wp-content/plugins/js_composer/assets/css/ 452 KB
44 KB 665ms
663ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.10.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

6a2d500d4ac0bba5317698b68c383179098a0ad47879f56de7318ceb37fba68e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 02:13:59 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd867-70ee5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addtoany.min.css
www.heralddemocrat.com/wp-content/plugins/add-to-any/ 1 KB
1 KB 666ms
663ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 04 Oct 2022 13:08:31 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"633c304f-5ef"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/ 588 KB
92 KB 666ms
664ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

feb53de7103cfe17c2e2a4468dfd1c7c54250b52f433f033b16f1dc89e4d5de5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd401-9309a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js-composer-frontend.css
www.heralddemocrat.com/wp-content/themes/jnews/assets/css/ 3 KB
996 B 666ms
664ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/css/js-composer-frontend.css?ver=1.0.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

1c468f25c66a9aeaa637ca5244f64ec7f967734b2dc2aa92b667cf5316155e81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd401-bb7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scheme.css
www.heralddemocrat.com/wp-content/themes/jnews/data/import/newspaper/ 6 KB
2 KB 666ms
664ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/data/import/newspaper/scheme.css?ver=1.0.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

3a3b8f1947675166325e8785c1058e7d8a2a1946f33a67e0fedb5c0b0ec2a16d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd400-1644"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 theme.min.css
www.heralddemocrat.com/wp-content/themes/jnews-child/dist/ 208 KB
29 KB 666ms
665ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/theme.min.css?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ae5e8b709455fcc6d0c794c6dcdadef5d38438725e865856d35d6a117ce8b525

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 12 Aug 2022 15:43:42 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62f6752e-33f7a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 home_page.min.css
www.heralddemocrat.com/wp-content/themes/jnews-child/dist/ 5 KB
2 KB 667ms
665ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/home_page.min.css?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ed0791d2019df55609fed92dbd4d8ecef07c3e556aca283d7a8e1aabdfbdfef4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 20 Jul 2022 17:53:00 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62d840fc-144a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
www.heralddemocrat.com/wp-includes/js/jquery/ 88 KB
31 KB 667ms
665ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Mar 2023 02:51:32 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640e8fb4-15e54"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.heralddemocrat.com/wp-includes/js/jquery/ 11 KB
5 KB 667ms
665ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-2bd8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 52ms
20ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c5cc47eb8499efe3f4353bc50b38690756e78da21b0e158e14293b39c5ef812

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 31488
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 11 Jan 2023 01:11:30 GMT
server: cloudflare
etag: W/"c04-5f1f2ae2e431b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=172800
cf-ray: 7bb322fcaf7d90d6-FRA

GET
H2 200 addtoany.min.js Show response
www.heralddemocrat.com/wp-content/plugins/add-to-any/ 129 B
839 B 156ms
155ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 04 Oct 2022 13:08:31 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"633c304f-81"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 script.min.js Show response
www.heralddemocrat.com/wp-content/themes/jnews-child/dist/ 2 KB
1 KB 667ms
666ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/script.min.js?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b6dcca3034056688691afb759a5900f22c16648c2f09bbc17b02afbf859d2de6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:14 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Jun 2022 15:55:01 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62a75dd5-649"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK plausible.js Show response
analytics.cherryroad.com/js/ 1 KB
2 KB 953ms
98ms Script
application/javascript 207.228.225.157
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.cherryroad.com/js/plausible.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.228.225.157 Ashburn, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

Software

nginx /

Resource Hash

7eec3429c76cb48e5fd457c5afb71b7cf34bc4298d53023bae8aea715443b4a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
Server: nginx
Content-Type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 1332

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 75 KB
25 KB 143ms
81ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eba2d386b23a126e2b122d66babab2f09b90adc529493a03f76753771a5ee34b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25366
x-xss-protection: 0
server: cafe
etag: 966 / 19468 / m202304170101 / config-hash: 13555417812552352376
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 Herald-Democrat.jpg
www.heralddemocrat.com/wp-content/uploads/2023/01/ 29 KB
29 KB 367ms
364ms Image
image/jpeg 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/01/Herald-Democrat.jpg

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

06bfcbc62a8a2e2a624c3d07e3d173518339143afa1d033e6fa49f4e57a7a398

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 29440
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 24 Jan 2023 18:30:43 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "63d023d3-7300"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Best-of-Texoma.png
www.heralddemocrat.com/wp-content/uploads/2022/09/ 47 KB
48 KB 289ms
288ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2022/09/Best-of-Texoma.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

62c929161d0af43697d1f251fc65b5cea61d58a66b9398d8d49a8ab32b8e6e72

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 47909
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 29 Sep 2022 15:40:10 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6335bc5a-bb25"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jeg-empty.png
www.heralddemocrat.com/wp-content/themes/jnews/assets/img/ 70 B
763 B 319ms
316ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/img/jeg-empty.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 70
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "640fd401-46"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 widgetLoader.js Show response
www.legacy.com/widgetloader/ 48 KB
17 KB 462ms
407ms Script
application/x-javascript 104.17.187.220
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.legacy.com/widgetloader/widgetLoader.js?type=ROV1&ld=true&ot=1&cnt=4&sw=0&rc=0&aid=2344
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.187.220 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c7b35faae42c46d4a913d6e41156eee44be4f4b7cb84871c95752c901b801e74

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires: Sat, 22 Apr 2023 05:12:34 GMT
date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: User-Agent, Accept-Encoding,Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cf-ray: 7bb322fcca909bfa-FRA
content-length: 17466
x-ua-compatible: IE=edge

GET
H2 200 trxtwo.php Show response
japfg-trending-content.uc.r.appspot.com/ 12 KB
4 KB 167ms
126ms Script
text/html 2a00:1450:4001:80e::2014
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://japfg-trending-content.uc.r.appspot.com/trxtwo.php?s=10254&v=1&q=4&i=21
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 3f99e71207592a89cebf173253549f4e82709ea220748baee0b8028e2afd390c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 delivery.js Show response
assets.revcontent.com/master/ 161 KB
51 KB 56ms
12ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/delivery.js
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 21a4e261b3c98c9ab9cf3de0ad7c1d1ce420fd0c09f62c5a3b31adbae7bb7bdd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
last-modified: Fri, 14 Apr 2023 14:15:05 GMT
server: AmazonS3
x-amz-request-id: 9QCJZ89EZRZQ7TQA
etag: "cd6ef508acd21fd90cc2de7163af0d41"
x-amz-server-side-encryption: AES256
x-hw: 1682053995.cds167.fr8.hn,1682053995.cds146.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 51622
x-amz-id-2: SjKFlDuiW9yISbxBO/UCsPMBBQQ7mXcTMuAkqw+rOZQirgLUWK7KzarNJchI0GJ6O4W0sQIvGM0=

GET
H2 200 toolbar.min.js Show response
www.heralddemocrat.com/wp-content/plugins/accessibility-toolbar/dist/ 523 KB
182 KB 179ms
179ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/accessibility-toolbar/dist/toolbar.min.js?ver=1.4.5

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a3024b9f4a8863af77a271745a863f6241c1724ba82c88ee694792de008b556a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:33:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fced8-82c62"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.adrotate.clicktracker.js Show response
www.heralddemocrat.com/wp-content/plugins/adrotate/library/ 365 B
981 B 234ms
230ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Mar 2023 23:44:21 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fb555-16d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 comment-reply.min.js Show response
www.heralddemocrat.com/wp-includes/js/ 3 KB
2 KB 254ms
249ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/comment-reply.min.js?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-ba5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hoverIntent.min.js Show response
www.heralddemocrat.com/wp-includes/js/ 1 KB
1 KB 278ms
274ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-5db"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 imagesloaded.min.js Show response
www.heralddemocrat.com/wp-includes/js/ 5 KB
2 KB 291ms
287ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-15fd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/ 298 KB
86 KB 159ms
159ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/frontend.min.js?ver=1.0.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

48b2d240737cceb970b7b3ef8b86aef31f321c9d51f0af1fa1f4c68544e5d498

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd401-4a9ae"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js_composer_front.min.js Show response
www.heralddemocrat.com/wp-content/plugins/js_composer/assets/js/dist/ 20 KB
6 KB 165ms
165ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.10.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

bf817ee4b2d4e9d98e05e1382d295f8f10fef43770cd4e291d924a5d0afc8cc2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 02:13:59 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd867-4e52"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cr_dep_best_of_widget.js Show response
www.heralddemocrat.com/wp-content/plugins/cr-dep-best-of-wp-plugin//scripts/ 1 KB
1 KB 157ms
157ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/cr-dep-best-of-wp-plugin//scripts/cr_dep_best_of_widget.js?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

e13491499f5b076127246b7d73d8a4e086307134f138d0bf66655bd26eacc7a0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 09 Aug 2022 17:58:01 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62f2a029-4eb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.heralddemocrat.com/wp-includes/js/ 18 KB
6 KB 162ms
161ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-48b9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 print.css
www.heralddemocrat.com/wp-content/plugins/paid-memberships-pro/css/ 86 B
800 B 158ms
157ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/paid-memberships-pro/css/print.css?ver=2.6.6

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

914cb6fe13efdf97379c1a2910d677144821201ff3f41b67a5a6ddb367e1a27b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 10 Jun 2022 20:52:57 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62a3af29-56"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 38ms
8ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 21 Apr 2023 04:27:45 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 2730
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Fri, 21 Apr 2023 06:27:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 130 KB
48 KB 64ms
23ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KV4F27B

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6d149b991e26ec034a23eddd868d330077badf66fe3afe93bc976a65662b1fdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49085
x-xss-protection: 0
last-modified: Fri, 21 Apr 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H/1.1 200
OK C6FA55C54659D987 Show response
publisher.etype.services/special-editons/ Frame A965 4 KB
2 KB 552ms
128ms Document
text/html 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1cea05c9dc43838e32fcb06ae84779481540258aeb6dad99e552de9b9ffbf184

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private
Content-Encoding: gzip
Content-Length: 1434
Content-Type: text/html; charset=utf-8
Date: Fri, 21 Apr 2023 05:13:15 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

GET
H2 200 red-blob.png
www.heralddemocrat.com/wp-content/uploads/2021/06/ 2 KB
3 KB 356ms
354ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2021/06/red-blob.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/theme.min.css?ver=6.1.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a4935d49528d0a5a6b2444b81c23246aac70cb7a9a7d64e2da2af33aac28611f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 2154
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 10:00:14 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "628dfe2e-86a"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 grey-blob.png
www.heralddemocrat.com/wp-content/uploads/2021/06/ 5 KB
6 KB 338ms
335ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2021/06/grey-blob.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/theme.min.css?ver=6.1.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7d46496177f660fe1c4d3b3be0361fefa1a4fc87665736441f5234ea8ee9c762

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 4996
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 10:00:14 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "628dfe2e-1384"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 ADA-Compliant-Logo.png
web1.etypeservices.com/wp-content/uploads/2021/11/ 14 B
14 B 552ms
159ms Image
text/html 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web1.etypeservices.com/wp-content/uploads/2021/11/ADA-Compliant-Logo.png
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/theme.min.css?ver=6.1.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),
Reverse DNS: sagemt.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5316717f872a3b46022c0c6b37009e1a18df8809a0cd70a58d8c47fd97f9919c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "636661f9-e"
content-length: 14
content-type: text/html

GET
H2 200 fontawesome-webfont.woff2
www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/font/ 75 KB
76 KB 255ms
251ms Font
application/octet-stream 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/font/fontawesome-webfont.woff2

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
referrer-policy: no-referrer
etag: "640fd401-12d68"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
content-length: 77160
x-xss-protection: 1; mode=block

GET
H2 200 sm.24.html Show response
static.addtoany.com/menu/ Frame 732C 677 B
564 B 23ms
22ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.24.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1251987
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 7bb322fcefaf90d6-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 21 Apr 2023 05:13:15 GMT
etag: W/"2a5-5edb40e6d10d8"
last-modified: Fri, 18 Nov 2022 00:47:55 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
H3 200 core.26680508.js Show response
static.addtoany.com/menu/modules/ 69 KB
25 KB 43ms
24ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.26680508.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73cfb0ed71e314a835831530e27ba1fde5609b224781f7dbc2dd3eb9a08603cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 21760
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 11 Jan 2023 01:11:29 GMT
server: cloudflare
etag: W/"11452-5f1f2ae24215b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 7bb322fd0f6339ee-FRA

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/ 400 KB
124 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

432acd8192429c035f55370ab0501a7f58d69456a10b0a1bc213bd3efb6d2946

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 21:19:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28429
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126857
x-xss-protection: 0
server: cafe
etag: 11988808581808118609
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 19 Apr 2024 21:19:26 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 900 B
423 B 67ms
45ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.heralddemocrat.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92fb9569dc9bbfdd1c4cc92443f58ad7f167ea26698b6cfd2afc27f23557d08f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 v-iQPqBew0LImjAI-rQPx67SoVuDoIITwal7YV3CjLisreqjQHCCY0DSf-FGnFRDGQOWFX61oj9szC-Kr9Ra2XGODpC-iPOjhr7Zso6x8ro=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 49 KB
49 KB 70ms
9ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/v-iQPqBew0LImjAI-rQPx67SoVuDoIITwal7YV3CjLisreqjQHCCY0DSf-FGnFRDGQOWFX61oj9szC-Kr9Ra2XGODpC-iPOjhr7Zso6x8ro=w450-h375-c-rj-l75

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

56fd5ee440c344b3a073e361fcc3c24a528d3b0331ea2ef892e7f10c3f4e52a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 02:13:42 GMT
x-content-type-options: nosniff
age: 10773
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49976
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 22 Apr 2023 02:13:42 GMT

GET
H2 200 DpNoryu4kh7sTnMApLTm6vOUkVuc56jyrFyJc_wuZh-u0PO5OdoRA42yQcTgFjDD5JyrbfEHYxPw-VgmYc1X8scVwz52MKXToI8jRBM=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 1008 B
1 KB 78ms
17ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/DpNoryu4kh7sTnMApLTm6vOUkVuc56jyrFyJc_wuZh-u0PO5OdoRA42yQcTgFjDD5JyrbfEHYxPw-VgmYc1X8scVwz52MKXToI8jRBM=s42-p-rj-l68-e365

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b798ef77c3558af3959789f8f6233a7f75ff146fc58f8e84711269273fd96b44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 02:13:42 GMT
x-content-type-options: nosniff
age: 10773
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1008
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=31536000, no-transform
timing-allow-origin: *
expires: Sat, 20 Apr 2024 02:13:42 GMT

GET
H2 200 OIX075snDkCq6RVfRQdEdrNSMorKNjpkAF0gsEnkz9ymUZtUEeFtGSTbC8kIzLcONB3jInVBA1syuZqrg8VwfBxwJ37Xfx4LBr-dKO6MHg=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 46 KB
46 KB 24ms
21ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OIX075snDkCq6RVfRQdEdrNSMorKNjpkAF0gsEnkz9ymUZtUEeFtGSTbC8kIzLcONB3jInVBA1syuZqrg8VwfBxwJ37Xfx4LBr-dKO6MHg=w450-h375-c-rj-l75

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

578403fd9e618f355ffe407d546a33ca8440136e6689e3ceda0aaef98fa3f13b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 03:25:27 GMT
x-content-type-options: nosniff
age: 6468
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47445
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 22 Apr 2023 03:25:27 GMT

GET
H2 200 tBovtdZmvF0gY08zU8K7V89JjBJgJZyvnvkjtoMxkxft-GP2vDEhWsH55UKdKDruQ-u74vzh54OB8UXByHclbFkKndqgsTqyNloURDs=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 1 KB
1 KB 30ms
27ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/tBovtdZmvF0gY08zU8K7V89JjBJgJZyvnvkjtoMxkxft-GP2vDEhWsH55UKdKDruQ-u74vzh54OB8UXByHclbFkKndqgsTqyNloURDs=s42-p-rj-l68-e365

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b9b96598f0b6470d52fd17071c222db4789317b004831514068e5595f05eb91c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 03:25:27 GMT
x-content-type-options: nosniff
age: 6468
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1244
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=31536000, no-transform
timing-allow-origin: *
expires: Sat, 20 Apr 2024 03:25:27 GMT

GET
H2 200 YZ9MH2wdlJdCYw83__WEwmWJNDdmDC-G1gxTRgzM9uRH676tU-vbYTf3Y-Rawash8vdXgAF_uHV2Z0sNg2KTbHcovY1TKpc=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 44 KB
44 KB 22ms
20ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/YZ9MH2wdlJdCYw83__WEwmWJNDdmDC-G1gxTRgzM9uRH676tU-vbYTf3Y-Rawash8vdXgAF_uHV2Z0sNg2KTbHcovY1TKpc=w450-h375-c-rj-l75

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6c958b3ea583cf0a2e50ee6ad6e8ef42ddd4b8269d760492fbd6d6dcc956d51d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44577
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 22 Apr 2023 05:13:15 GMT

GET
H2 200 4gffykdJl-LDj6JedsrqWqMnUtjA4ettukBlAIr1tIizpxQEFxmVGikaNUjgS0RbQxgGDH2rJEpNPKqLRGh42SMyQEm0S9BakYfmmk0=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 962 B
1 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/4gffykdJl-LDj6JedsrqWqMnUtjA4ettukBlAIr1tIizpxQEFxmVGikaNUjgS0RbQxgGDH2rJEpNPKqLRGh42SMyQEm0S9BakYfmmk0=s42-p-rj-l68-e365

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

50c9201fab5a8a851d4a225b1fdb97338c461b2aaee7357c235f26dfa7126168

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 02:21:08 GMT
x-content-type-options: nosniff
age: 10327
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 962
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=31536000, no-transform
timing-allow-origin: *
expires: Sat, 20 Apr 2024 02:21:08 GMT

GET
H2 200 zy5hk_6dlkr1fCHwdZgKoMXQJWhBwYXVMmY1NUX5CuGEZ1ifkmhHuBXYuctFK9rBOR0Ifq8_XzYiRJ7Lvm4cSehRQwNitCs=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 42 KB
42 KB 25ms
23ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/zy5hk_6dlkr1fCHwdZgKoMXQJWhBwYXVMmY1NUX5CuGEZ1ifkmhHuBXYuctFK9rBOR0Ifq8_XzYiRJ7Lvm4cSehRQwNitCs=w450-h375-c-rj-l75

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

eb71fa34962dd68703df6691338fa645cf32299171e17c74be69c55812efbe3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42859
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 22 Apr 2023 05:13:15 GMT

GET
H2 200 XxO8GpIQcgkWV58x8I1AfLHGUPze_MrecTf8CQ1lsrc2xJVLhdcYSMI-E4GM4QKntQuVSbrtrtVrmZUWvLzp0RvBiu6VAlcOQ0tnQGE=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 1 KB
1 KB 25ms
23ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XxO8GpIQcgkWV58x8I1AfLHGUPze_MrecTf8CQ1lsrc2xJVLhdcYSMI-E4GM4QKntQuVSbrtrtVrmZUWvLzp0RvBiu6VAlcOQ0tnQGE=s42-p-rj-l68-e365

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a19a356741e542145b8c793af8228b24fe2a829d0c23c77c3c104b192c1c45bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=31536000, no-transform
timing-allow-origin: *
expires: Sat, 20 Apr 2024 05:13:15 GMT

GET
H2 200 sprite_icons_6dc7d94.png
www.justapinch.com/images/ 22 KB
22 KB 182ms
8ms Image
image/png 130.211.10.17
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.justapinch.com/images/sprite_icons_6dc7d94.png
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.10.17 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 17.10.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 48ea5787f01c0678de86c7861e830f03a3163a2d3a25ddb8fe3b343725dfeabd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 19:20:41 GMT
via: 1.1 google
last-modified: Wed, 19 Apr 2023 17:35:37 GMT
server: nginx
age: 35554
x-who: gcloud-web-1
content-type: image/png
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22292
expires: Fri, 19 Apr 2024 19:20:41 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
226 B 26ms
25ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=2088336008&t=pageview&_s=1&dl=https%3A%2F%2Fwww.heralddemocrat.com%2F&ul=en-us&de=UTF-8&dt=Herald%20Democrat%20%E2%80%93%20Herald%20Democrat&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1034276099&gjid=245496735&cid=2014851188.1682053995&tid=UA-214788847-46&_gid=1088860483.1682053995&_r=1&_slc=1&z=341244837

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5eb922e5a926ca6554d08b48be54d8c48200c31cf48a6af3f283b2fe87116943

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
932 B 191ms
17ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans|PT+Serif

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e9d9c73303f3f01bf623e1a7f11a44b2d1a9c1c0ed263cbde30afbbc786e6fa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 21 Apr 2023 05:13:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 199 KB
71 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8Y10R17R20&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

54e1e7b31a27697d16378b2e355e964e291da7ed6d1fde664b5e028c86c425f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 73066
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H/1.1 200
OK bootstrap.min.css
publisher.etype.services/assets/global/plugin/bootstrap/css/ Frame A965 118 KB
19 KB 137ms
136ms Stylesheet
text/css 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/bootstrap/css/bootstrap.min.css
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:42:46 GMT
Server: Microsoft-IIS/10.0
ETag: "05f8ba02227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 19629

GET
H/1.1 200
OK jquery.bxslider.css
publisher.etype.services/assets/global/plugin/bxslider/css/ Frame A965 5 KB
1 KB 128ms
126ms Stylesheet
text/css 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 894011cff758a43f1db57b26424ea2befcdc85b25e09c91e139040a22cb10e7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:43:55 GMT
Server: Microsoft-IIS/10.0
ETag: "80efabc92227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 1213

GET
H/1.1 200
OK jquery.min.js Show response
publisher.etype.services/assets/global/plugin/ Frame A965 95 KB
33 KB 256ms
128ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/jquery.min.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3ae5d8b5a2806b811378107313b19f0b05baae4b2bbe85e19e9cd223391a0fe3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:41:43 GMT
Server: Microsoft-IIS/10.0
ETag: "8055fe7a2227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 33844

GET
H/1.1 200
OK bootstrap.min.js Show response
publisher.etype.services/assets/global/plugin/bootstrap/js/ Frame A965 36 KB
10 KB 372ms
125ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/bootstrap/js/bootstrap.min.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:42:55 GMT
Server: Microsoft-IIS/10.0
ETag: "80a9e8a52227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 9839

GET
H/1.1 200
OK jquery.bxslider.js Show response
publisher.etype.services/assets/global/plugin/bxslider/js/ Frame A965 64 KB
14 KB 383ms
126ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/bxslider/js/jquery.bxslider.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3f84897d884f47f9c98b1656962479b41fde99934e6a3abae8128995b7d81f7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:44:00 GMT
Server: Microsoft-IIS/10.0
ETag: "0e0a6cc2227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 14163

GET
H/1.1 200
OK js_Common.js Show response
publisher.etype.services/Scripts/ Frame A965 24 KB
6 KB 383ms
126ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/Scripts/js_Common.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 38587d14ecdbee0b173c6773618ab712a02d30f4e8effa50d4ce23dbdafb2cc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 13:38:40 GMT
Server: Microsoft-IIS/10.0
ETag: "0f0d87cf93ad91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 6307

GET
H/1.1 200
OK js_SpecialSectionWidget.js Show response
publisher.etype.services/Scripts/ Frame A965 8 KB
2 KB 384ms
127ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/Scripts/js_SpecialSectionWidget.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b637638d704015822114b8c9c1f726b106517e106b5fca956dcf4ea3148126ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 13:38:49 GMT
Server: Microsoft-IIS/10.0
ETag: "803a3682f93ad91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 1206

GET
H/1.1 200
OK common.ashx Show response
publisher.etype.services/ajax/ Frame A965 3 KB
2 KB 384ms
126ms Script
text/plain 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/ajax/common.ashx
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d9788f957a0264a11cf4beeac5436e49aa2b908d80c60bcf6681a4e4e8113318

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
Cache-Control: private
Content-Length: 1354
Expires: Fri, 21 Apr 2023 05:14:15 GMT

GET
H/1.1 200
OK eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx Show response
publisher.etype.services/ajax/ Frame A965 3 KB
2 KB 501ms
126ms Script
text/plain 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/ajax/eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 53a17958431b40d88f256147f2b657856b13d823f79065ed7a11aaee68e24d68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
Cache-Control: private
Content-Length: 1344
Expires: Fri, 21 Apr 2023 05:13:16 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 42ms
16ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.heralddemocrat.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 41ms
16ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heralddemocrat.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
704 B 1165ms
1165ms Fetch
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3660892537962404&correlator=2778548807914224&eid=31073320%2C31073678&output=ldjh&gdfp_req=1&vrg=202304170101&ptt=17&impl=fifs&iu_parts=21843165966%3A116205717%2CCherryRoad_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=1&adks=4239096872&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682053995631&lmt=1682053995&dlt=1682053994099&idt=1498&adxs=1157&adys=1779&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=300x250&msz=300x250&fws=4&ohw=1600&ga_vid=2014851188.1682053995&ga_sid=1682053996&ga_hid=2088336008&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b19897128e6aa39128ab5fe0fc2b66e5acb18a3b7f25e6d8846dd66ff493109c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 85ms
85ms Fetch
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3660892537962404&correlator=2778548807914224&eid=31073320%2C31073678&output=ldjh&gdfp_req=1&vrg=202304170101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_h1_leaderboard&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x90%7C728x90&ifi=2&adks=3882773831&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682053995640&lmt=1682053995&dlt=1682053994099&idt=1498&adxs=143&adys=278&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=1314x50&msz=1314x50&fws=4&ohw=1600&ga_vid=2014851188.1682053995&ga_sid=1682053996&ga_hid=2088336008&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c846f6051d59669f2cab4c1aca826b54eb30846136c2da7966882c486a554b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13215
x-xss-protection: 0
google-lineitem-id: 6142789644
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138414855553
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 108ms
107ms Fetch
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3660892537962404&correlator=2778548807914224&eid=31073320%2C31073678&output=ldjh&gdfp_req=1&vrg=202304170101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_h3_left&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&ifi=3&adks=1886291333&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682053995646&lmt=1682053995&dlt=1682053994099&idt=1498&adxs=143&adys=1329&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=299x250&msz=300x250&fws=4&ohw=1600&ga_vid=2014851188.1682053995&ga_sid=1682053996&ga_hid=2088336008&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3aa396fc08152729e5b206dcdfb606b11b42f02af2590f7ac83aecae7117342

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13164
x-xss-protection: 0
google-lineitem-id: 5950877027
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138374399830
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 62ms
62ms Fetch
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3660892537962404&correlator=2778548807914224&eid=31073320%2C31073678&output=ldjh&gdfp_req=1&vrg=202304170101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_h2_right&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C300x250&ifi=4&adks=360704253&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682053995648&lmt=1682053995&dlt=1682053994099&idt=1498&adxs=1157&adys=358&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=300x250&msz=300x250&fws=4&ohw=1600&ga_vid=2014851188.1682053995&ga_sid=1682053996&ga_hid=2088336008&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

738b1fdac3e745e341f46738955c36bd63ea29074de45eb2acaabd787299793f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13127
x-xss-protection: 0
google-lineitem-id: 5950877027
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375537385
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 72ms
70ms Fetch
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3660892537962404&correlator=2778548807914224&eid=31073320%2C31073678&output=ldjh&gdfp_req=1&vrg=202304170101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_h4_right&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&ifi=5&adks=10126175&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682053995650&lmt=1682053995&dlt=1682053994099&idt=1498&adxs=1157&adys=1499&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=300x250&msz=300x250&fws=4&ohw=1600&ga_vid=2014851188.1682053995&ga_sid=1682053996&ga_hid=2088336008&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7285db1c855187b821a318bf729d08dec8c3cb85f19e1597546ca23b128d322

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13137
x-xss-protection: 0
google-lineitem-id: 5950877027
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138374400661
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 100ms
99ms Fetch
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3660892537962404&correlator=2778548807914224&eid=31073320%2C31073678&output=ldjh&gdfp_req=1&vrg=202304170101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_ros_footer&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C970x90&ifi=6&adks=1414856592&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682053995655&lmt=1682053995&dlt=1682053994099&idt=1498&adxs=640&adys=2921&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=4&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=1600x50&msz=1600x50&fws=4&ohw=1600&ga_vid=2014851188.1682053995&ga_sid=1682053996&ga_hid=2088336008&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed94e877dcb52ae51c841443f23b8d94c3246ac18f6bcc2c444c49d212892a8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13142
x-xss-protection: 0
google-lineitem-id: 6142789644
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138414333921
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
71b9f19b7c03d40dfebc9934b0406e71.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A12C 6 KB
3 KB 86ms
15ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://71b9f19b7c03d40dfebc9934b0406e71.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 21 Apr 2023 05:13:15 GMT
expires: Sat, 20 Apr 2024 05:13:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 jegicon.woff
www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/font/ 7 KB
8 KB 162ms
162ms Font
application/font-woff 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/font/jegicon.woff

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

e2d3127da85763e024971c6192f78becbdf85db231b3d088c9f8b3777d444ede

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
referrer-policy: no-referrer
etag: "640fd401-1be8"
x-frame-options: SAMEORIGIN
content-type: application/font-woff
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
content-length: 7144
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 8 KB
828 B 30ms
15ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700%7CQuattrocento

Requested by

Host: www.legacy.com
URL: https://www.legacy.com/widgetloader/widgetLoader.js?type=ROV1&ld=true&ot=1&cnt=4&sw=0&rc=0&aid=2344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

77f1a877bb9db6390e51f4955c0c2c6cdc526fc72e10e71704a458337a84f6d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 21 Apr 2023 05:13:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET 2344
www.legacy.com/api/v1/affiliates/recentobituaries/ 0
0

GET
H2 200 04-20-10-Ar00103003.jpg
www.heralddemocrat.com/wp-content/uploads/2023/04/ 31 KB
32 KB 175ms
161ms Image
image/jpeg 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/04/04-20-10-Ar00103003.jpg

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

c1c42f45da54765aa915024a623907d2385b01f343c09077a5474cdff66b6e26

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 32228
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 20 Apr 2023 10:24:25 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "644112d9-7de4"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Untitled-6-750x563.jpg
www.heralddemocrat.com/wp-content/uploads/2023/04/ 938 KB
940 KB 177ms
164ms Image
image/jpeg 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/04/Untitled-6-750x563.jpg

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

fd568a8b0d074aeadb25ae810b259482006b6a44fcce6027bf37c019942f985d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 960315
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 20 Apr 2023 18:32:36 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "64418544-ea73b"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 04-20-10-Ar00504016-750x600.jpg
www.heralddemocrat.com/wp-content/uploads/2023/04/ 70 KB
71 KB 338ms
325ms Image
image/jpeg 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/04/04-20-10-Ar00504016-750x600.jpg

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

e50d3dd8e1f14b5612ca7799331c4163fd8187a7a5743d263047097dfaba4a8b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 71919
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 20 Apr 2023 10:24:03 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "644112c3-118ef"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 image001-360x180.png
www.heralddemocrat.com/wp-content/uploads/2023/04/ 116 KB
117 KB 340ms
327ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/04/image001-360x180.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

5e8357d1e0fd21e3347d91b411f97accac6a0d35ebbe5ebd786fc83d8e99c473

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 118734
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 20 Apr 2023 20:23:56 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "64419f5c-1cfce"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
259 B 44ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8Y10R17R20&gtm=45je34j0&_p=2088336008&cid=2014851188.1682053995&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBA&_s=1&sid=1682053995&sct=1&seg=0&dl=https%3A%2F%2Fwww.heralddemocrat.com%2F&dt=Herald%20Democrat%20%E2%80%93%20Herald%20Democrat&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8Y10R17R20&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 42ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700%7CQuattrocento

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 02:05:23 GMT
x-content-type-options: nosniff
age: 11272
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Apr 2024 02:05:23 GMT

GET
H2 200 OZpEg_xvsDZQL_LKIF7q4jP3w2j6.woff2
fonts.gstatic.com/s/quattrocento/v17/ 35 KB
35 KB 52ms
17ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/quattrocento/v17/OZpEg_xvsDZQL_LKIF7q4jP3w2j6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700%7CQuattrocento

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe65e8f74381d5afc5a63c298f62b26c4b68531e9e2792e6fa63f4af24842596

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 05:19:52 GMT
x-content-type-options: nosniff
age: 86003
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35872
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:12:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 Apr 2024 05:19:52 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 916B 0
0 46ms
44ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstmH_XPWKGUtTaNady-i_uLTxsQkzmP5qGk8sTLUO4p3q8KCoHoYOjcJ3oF7m2y8W2xDxng2xjcMRl2AuKQjUeYNMV6L6Rk1Y-hlhWr3Bad6Z6eiM613QHmgWW37PO-B2Hq8vwq744SBASTJjg3gPOpmrW098nAUkDlxBfBoH5kuGmh8Xt-itXk_JnnG17Chfa5Pwbu3S7gwzO-joS6a0X5Zu3K1dn8o00X76XH0f6Uq7d9wzrc-CV2gOw29T4Gltzcuq4wOo3CqG8TFGmWunhL4PYPn79a4fy_j8tP3H-JQSgdfb5HiNjbZ-2OFuCRuO_pou_8TmWT6KPpOdqRTIU&sai=AMfl-YQFDiwTEjQTED74roJLJl3FF_ia19Qd_iOY2mziE4PRAYYShuxQMBr2GaIjBT2U3V5HUg-N9QCoJgADjO6QN7duDPIhPVTXMdvv5w6n-Hytl77dovxgMPelLkWKdg9YqXuhWqgTMxPPUUl7Rdk_&sig=Cg0ArKJSzKfq6B0Z8ebuEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 916B 3 KB
2 KB 37ms
9ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 16:45:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 May 2023 16:45:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 916B 159 KB
49 KB 81ms
28ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 1238843511883909433
tpc.googlesyndication.com/simgad/ Frame 916B 50 KB
50 KB 37ms
10ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1238843511883909433

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b808d20a01170f042d1d5dca1f9fced55f903f08d82a7bdc6ab4aefc3c5bb5e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:06:13 GMT
x-content-type-options: nosniff
age: 54422
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50939
x-xss-protection: 0
last-modified: Tue, 14 Dec 2021 16:11:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 19 Apr 2024 14:06:13 GMT

GET
DATA 200
OK truncated
/ Frame 916B 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 110126a419b873d8f9fdbdd1f58256dfd3de83acef773e3b98615553c4a90cc5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F77C 0
0 48ms
47ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstdZ0BIKpMNHs2o59y1PO5DD1SG4StmZmSSoquDLQsNxBzXgwL1dhPdlt6u5jLGxjM1-zPAZDvBUW40mg8azLtBx6IRekZ44UfKJhf526KGojO0tN9zjzYs8AJqDKIbcFnw61gpXc59-ZSMA_f5NM5JEvlR61pZc0bjvT5IlykkckE6hldDBPm_4_tDtFfnQ5YyR5Uc2fumUCeVTvWUiBb2TOaeqwWgxJbUUlCnn50C3b3tKofWPxZf98BhctClTULTx4RFpzCM1mIbqyJhTTj4cK3kUpIFRrLzd1ieb_Fw7jjydMvgYIKX2OSxnopmXx_tOINHuY9slJyRHl-i9VY-ick&sai=AMfl-YRw2u9X-MqEEejhTb_R2mlI_0r_MOsZd2R_Jm7ES-hymlpaNhqW4AMoq4TiHrQqkFbiloweyG-FGzOeysmJNjqsK_49cI-ggZN6eKo4oM5WSxMRAG6JhNoCX1cMRgA_zwI4LdcBfBUm6w-pbTM_&sig=Cg0ArKJSzKuBpM0A7tuSEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame F77C 3 KB
1 KB 18ms
9ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 16:45:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 May 2023 16:45:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F77C 159 KB
49 KB 73ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 10160350795956772724
tpc.googlesyndication.com/simgad/ Frame F77C 51 KB
51 KB 30ms
22ms Image
image/gif 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10160350795956772724

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a111847773603814929227bb267257735082f898c9a07c5744abbc3aa73c7702

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 02:08:50 GMT
x-content-type-options: nosniff
age: 97465
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52046
x-xss-protection: 0
last-modified: Fri, 03 Dec 2021 15:01:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 19 Apr 2024 02:08:50 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1980 0
0 52ms
52ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuXM8KC_XPgtYukDC1-KvUDbzQ0x9ve7CSUi3l-rhPZN__v7KwoB_grmy_kGpGrmBEKAu55l6w8EofKtxcQoOVUBtzCAUEQUNz3xuSyMfr9TsAZRvCWvXAJP76dYG_0l2n693cx-wBtbJmg6WO0I_vKrLu-i0xAH3-FU0Q6jPC3nlQ6q2IPnqpzEAIvt83WkMvxqEd2QHAZSlNthqeRWyDF4O6R6eTfpcfvueUC3j_Y30vW66TrlYG2GtBsC76pnqwPUyIROmVmGcZxv2WXXdZ3jdudlFnslLYmIr_vB-sYj2TrXyFUAJ8V1RNBSNCN3S0RhWY4oHA71cQWsiPzy7n94eMKrw&sai=AMfl-YT0bER_Xv8vNKGVhGGKGMPujPayZZdSLtKLXJ-zE8ItxIRoQEuf5HMv1QeoWw1IYOl6apeE4kIh-FONKUJ527ANeL8R5HEh-wDxxAtR9jqBGPwUiXK5hZG8BQtzpQQ5dGOWTta7qHO6WAPBX1IT&sig=Cg0ArKJSzJKdFhEc2PvjEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 1980 3 KB
1 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 16:45:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 May 2023 16:45:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1980 159 KB
49 KB 71ms
48ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 10648354951277435628
tpc.googlesyndication.com/simgad/ Frame 1980 462 KB
463 KB 25ms
24ms Image
image/gif 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10648354951277435628

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63b5224b366e907b541da4ea4ce7980d8b7534a7379c860b54e7c830486c565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 03:06:50 GMT
x-content-type-options: nosniff
age: 7585
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 473286
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 18:15:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 20 Apr 2024 03:06:50 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 94A5 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuprN1Xw_XzCxl7JyZ-58pn0c7lwtj0iI8-KC6BeryiHCaZGss0MwrD6jJ5EXHpnopSi39NrtWhNRkVbKs8p_FCPhVYHg6Dev4sB6rbGCngXO9crLEPz1j0M5DxNpz_duktSgao--dxsNtWl8zKgdlUp135krACUMTHhEOvYYtKg-gzLaxrdNXEeYtluXZLhDI1hHrBBfMsTN7qsghIFPbXkfFoNRYpNCegUQuEeR1-eqKAR4ktDdiUu881N9CA_6_9ZO9oGWKcXRHx78x564iAWKHn56rAVLNMbSApPl3Aryiw0jQlxtQJcOwPg2G2Mc-9n2CydZFYKS3oKzapBqjv&sai=AMfl-YTUDfCH4Eqnwitqm6TUVx-hm4j6eR-GNov_u_-6uOz4mVcUYK_1LdrTuewxdMWlxwx0SLcAlD6-EFLkjrKSLCWVjKDaFpbXuu95Us9e4LmVfiCz6ujg1NAPjAYJ1oaq8euJJYGz7YNQqRo61IUO&sig=Cg0ArKJSzKGL6WAMV2TeEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 94A5 3 KB
1 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 16:45:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 May 2023 16:45:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 94A5 159 KB
49 KB 49ms
42ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 17735097412991143890
tpc.googlesyndication.com/simgad/ Frame 94A5 303 KB
304 KB 42ms
40ms Image
image/gif 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17735097412991143890

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

641953b8e5ac35a6a53096b49f37b4d5df4734eb25a270ee3e8d57894f50fe10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 04:47:28 GMT
x-content-type-options: nosniff
age: 260747
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 310783
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 18:14:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 Apr 2024 04:47:28 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9198 0
0 54ms
50ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_MWQfVhUGpSxBwtB89lUvDu13SohCGPHM7e-wnf0EhRoxxGGp8hvDUcoFhYSrcexmk7ZoFiah5lG3lqUSsxx2jP21tCqfdfB4ruDNSzEGSOwveYSVhJd_WlHRszCMb6kffXWFfBW2Jzy3n3tJolomjcvGqlhJWKlL8gBgD0zEUd6JjxJOT2QN2wRSkxlHp1qSm7NQ6Woa7GNizzyGgr__wcMEKAWypMFpqzEbxh-pll1IgEa3QmpeMMWoi2M-1K2NTxz68-Dhoc3S7skM8HPjzfk0Qc3lZnFOGjw6LXhviyKUPoWbO5G8_T0pzHeJAG4iPeZMKiMG8-IEoxxwcUab5Q&sai=AMfl-YTj2TAJEFyRWcjT9avXpf6neBxsV0OG3EXrypHBGci6riqm-lZeIzRXAtrxSSbwEvA3BTH60XZPr62ZnvhdgnRFL-PLirz_gTCgLWjaWJ85n5JWFIV0UAoLKxWce728PAhlCVID13Xj3qqcr57d&sig=Cg0ArKJSzH62DyPgCV7mEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 9198 3 KB
1 KB 45ms
37ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 16:45:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 May 2023 16:45:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9198 159 KB
49 KB 46ms
37ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Apr 2023 05:13:15 GMT

GET
H2 200 2707953191438327426
tpc.googlesyndication.com/simgad/ Frame 9198 50 KB
50 KB 45ms
38ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2707953191438327426

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b808d20a01170f042d1d5dca1f9fced55f903f08d82a7bdc6ab4aefc3c5bb5e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 19 Apr 2023 11:10:55 GMT
x-content-type-options: nosniff
age: 151340
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50939
x-xss-protection: 0
last-modified: Fri, 03 Dec 2021 15:03:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 18 Apr 2024 11:10:55 GMT

GET
DATA 200
OK truncated
/ Frame F77C 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b47ee432dbda4c2c625d166765b2b8ecff93bd756ee9894c462dc55dd318f9f8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1980 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d66a54fc06815fa5e8961b5ae3617c444d063d595e2dcbafa51692d31e24af1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 94A5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf56402c4167ccf7dfd6ba1783ea7d1f1e8268b994e902baea81c08d760141a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9198 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a1a6e42dfb626f8da2deac59ad576d0351ad3fc2a0317af76d8451690e35de5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 202
Accepted event Show response
analytics.cherryroad.com/api/ 2 B
356 B 328ms
142ms XHR
text/plain 207.228.225.157
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.cherryroad.com/api/event
Requested by: Host: analytics.cherryroad.com
URL: https://analytics.cherryroad.com/js/plausible.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 207.228.225.157 Ashburn, United States, ASN14361 (HOPONE-GLOBAL, US),
Reverse DNS
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 21 Apr 2023 05:13:16 GMT
Server: nginx
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 2
x-request-id: F1fbMpcrwXckY6YAAzcy

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/160835/4933/ 210 KB
65 KB 49ms
7ms Script
application/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 223fc8122a307637f83efd6b57fb96e0daf8795aaa98e431e83064efa65b4da3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
content-encoding: gzip
last-modified: Mon, 28 Nov 2022 20:34:20 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=91894
accept-ranges: bytes
content-length: 65523
expires: Sat, 22 Apr 2023 06:44:50 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 916B 0
0 43ms
43ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssvERaudFzgkxUJ0HdVjZOXg8Oo8C_ta_alm2nYtD4eo5vrEWYSWhztWqXCug-El4eV4bnzTe7d28kQrEQ95mieiTA3n39oz0JHn0nOEVcNa1jpxgkQVqGX1S-nvLS6_pTK7G0Dc4vB34S7S7CQ-XswU0F-L3bxQRQ55wiY0KB6iRVLyiRLRbnEet9WWkItvKdfa0jyESY4-mM4EHdxVIbdD8zAQt3Hemy27xtVv5DnyhfFwGVtlro3-yfJR8jqDmvDgKTzdUHj0mm3lyBeL-IB1DT9qEWPojOPKC85ZF4lHHWw_qkSkz_cz4l8crw4Fj_91mcXfAXuiLGD4nVGzLro3Q&sai=AMfl-YQCoq4jiTi26H8XjNdxsCgtm-5uDWIFAJVUweei9mfLW2i--x7h5DkErrwww33IQKE1Yxj7sbY0QsfiUX4qPqbw6U3ZoZS_zbz0ctWfolhH6KXTK8KKzl0I0bWLvUzDBSkk5vcIO54R7l3RBbLD&sig=Cg0ArKJSzOYmb0PmTarZEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Apr 2023 05:13:16 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 94A5 0
0 43ms
43ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsur_ALf0e7i874hPXCVGdTpv2oweU6BpfB7YOqvEsbq_Zpp-zU-DZZNZcP97ATxXmo4nduhCufIr5C2t8eYzMiQTe2JIwMs9pD9xZkUNsHHkLG_VebTMtnp0VyNlMkxyf1HK1L3V84_wjpdrI04Swc3FXNJYFw0HPiyPr-3BduuzDFoMwYkdZFGqp4q6z6ky2nBQ_4EtcKGKvgKj-MEP4kF2G7xkuSox0qbtoRngqdR7a62vHf6PxpMGZ1LOj-MAvG-RqyL-VEZGAZqrKQJAP_75rdRcx5gkzUVUhHegVsM5cI_w0sIBr3IuGQKpv12ZitKWILxKs7oo4atJ8C5jp85Gt0&sai=AMfl-YSDsTpBry8AUGlG9aUmMvFGBxYrl9EDcLV-PuxPTWh4lPREmO0qEijcl8164S4KWv-vGkz1tXTPCvhL3fss4BhcTsJjZwiOUcNSHaENOgczkZ6LoLVaVaBRFO7Bwkyw1iYSvn2kaITPtUnbt9FM&sig=Cg0ArKJSzBys1IlSvkxZEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Apr 2023 05:13:16 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F77C 0
0 47ms
46ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsshStMCep9BF_zgnWeeXZIBN5Dp7wBvqxd0njyeUrMhfKJEy7BHteoJ8YNyHzNU6dAvXxEB8MlttQL5b6IcJj1obzzz9ReL2gDiqEWAilJb4Xh4oKKW6crAKOIPJmyjjTuwA6f7R9R7uRAZn6PxLqU3_AXQ5ZWsylcfXNb6Xf84WU-K_MuOJvS9tiKKPNkX9ZxjYq7_hVQ1jPaBFd22A-NMEtu7iH2kTmVCpjjfaGyh8RKHbQDyxv-o_ogCHaP3gZuWVOrM2pvcwIcd8vSogtv-vMWxiPsaUi9dGmoicNE4UJs-b1nW7fimun1f4jaYkgsgT-ulOaOYRlXpLgbQyV9CejD7DA&sai=AMfl-YRXzo2LwC75pbcp7Tpgd9M6cixBoZ8_bmke5P_Y5rE6vz_0xkmxTEDpoW_ACNonRLJbjVbT1KTKaXTOwlZFj8j6leUwfZAlTYhyinmNkt5nQjHMk_i0vuRS9St0xYcoxdtaT_Qs4pkB3ZUvRuJ4&sig=Cg0ArKJSzPJ2OSKMEHFsEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Apr 2023 05:13:16 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1980 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstUkjrJ84R3TMbnpS7oeMzGwxyfq8Zd_kOuQfm6-H7I7SlYL0fHiS0HEQ-ShonZ7QmFu8AHCJDsHHeVEjFV6a50WCVxofpyaQriKghrEMsCQW02juCrEjHlSB6uq3Rsmeay_p2q6DTWtNoIz4gsrRSuOx8HsDToVigvGScErzquRNLMOiUPW3-0Surj5r_a4eZGDHkbWQmNPqGjTXM6cV4WI5ITd0xVahKDzeakQG5KTxT2IJNwXkePbi5QYbgFKtd3NtEMDQkiMcXENSUneGlcsw4yZq3WoBHLCUwmM9x3KYt4vCEXIuoMHddyZCpONA0mtJxSAX5VbaAgjlBLJXgiiuxllIPj&sai=AMfl-YQpE4tdxj8hmHKSaDVWA8c4_aIBWKJiZmE6TOWnMILrPQUfrO0NDoZaPWWCZiqnGDKJJGuZDkwxyt9OEtFzCZKGvLcYXe9StqAidfY1qqHn01q9LKEkNuvNTWZIq3WpgxdSWXy_iR4x6Ou_NGxW&sig=Cg0ArKJSzEj9Bua-5vWzEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Apr 2023 05:13:16 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9198 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvaZURZjkuc-yvcvOLv8YhcQWRIr77RmQ6iCLeyV1xdAGF9AfeSO4mEAK0TzpS8Ikwcx3-iQ-5KrXuewMqHo1kJWfZZH6ygU0FVZSeyDwuGamsv2ci0HEy76rzLlqOW_PtcnWAYSqGwzmBEfW-GxIkYdMpLNwStkQBOQ3P75o4ppKMklrb7X8vW7rmAWTwz9b5tU0GEcaa07rEWoS67s8deg0ssP1wJiSDuUanNC6DvjnNeLxPo_0eDEHy-9kW7bfG5uF-KDA4y8jmkzP8O229bzxNVzZ2JuZM1lOLCTDdTsrgtEu42rxzje1Sg_s2SLOnAmM4avDCdl27oPYsvHkd-2WSh&sai=AMfl-YRRd_mrngeLWTSOqebk5QNgJ4vO9YeQCBW7xwUKRQFUhwVpykRDynOwqVKSYOn-qNQpsoQWkIgif_lddvBOGeh9WjWmSdN-gW4eDvbBfKHSxEkUpKqmen9L1Ig09pmDaF28b_U_iOPODCR47RQC&sig=Cg0ArKJSzHiw_wDqJ7rxEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Apr 2023 05:13:16 GMT

POST
H/1.1 200
OK eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx Show response
publisher.etype.services/ajax/ Frame A965 2 KB
1 KB 179ms
179ms XHR
text/html 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/ajax/eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx?_method=GetSpecialEditionList&_session=rw
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/ajax/common.ashx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 848024de6bf0935091bf5a92d31838baaaf4ec8712d784d15665adc4f2debbad

Request headers

Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 810
Expires: Fri, 21 Apr 2023 05:13:16 GMT

GET
H2 200 / Show response
trends.revcontent.com/api/demand/ 52 B
303 B 128ms
46ms Fetch
text/html 34.251.239.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/api/demand/?w=275271

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.251.239.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-239-38.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-rc-region: eu-west-1c
date: Fri, 21 Apr 2023 05:13:16 GMT
strict-transport-security: max-age=931536000; includeSubDomains
server: envoy
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 17
content-length: 52

GET
H2 204 sync
trends.revcontent.com/ 0
0 144ms
62ms Fetch 34.251.239.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://trends.revcontent.com/sync
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.251.239.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-239-38.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-rc-region: eu-west-1c
access-control-allow-origin: https://www.heralddemocrat.com
date: Fri, 21 Apr 2023 05:13:16 GMT
access-control-allow-credentials: true
x-envoy-upstream-service-time: 33
server: envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 79ms
56ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304170101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

738e1ec839515be2b8c22effa9d85f3ff28126828cc6b7482df906aa7de7f2df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11192
x-xss-protection: 0

GET
H2 200 tcx-ping.php Show response
japfg-trending-content.appspot.com/ 206 B
284 B 497ms
458ms Script
text/html 2a00:1450:4001:811::2014
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://japfg-trending-content.appspot.com/tcx-ping.php?s=10254&t=Herald%20Democrat%20%E2%80%93%20Herald%20Democrat&h=www.heralddemocrat.com&p=%2F&w=2&a=ldgr4--ldgr9&_debug=1
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 8f6bf9a7e788b82399d4b9969016affff0930e98855abf0a2daf1758b7fd74bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 21 Apr 2023 05:13:16 GMT

POST
H/1.1 200
OK eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx Show response
publisher.etype.services/ajax/ Frame A965 247 B
594 B 151ms
151ms XHR
text/html 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/ajax/eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx?_method=GetPubSpecSecWidConfigOnPublicationId&_session=rw
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/ajax/common.ashx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a44b1d47983a8562bab76664d05f8800b11ee06e0a0a3aaae142ec8c89c0edeb

Request headers

Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 21 Apr 2023 05:13:15 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 286
Expires: Fri, 21 Apr 2023 05:13:16 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 37F5 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 24077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 20 Apr 2023 22:31:59 GMT
expires: Fri, 19 Apr 2024 22:31:59 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5D9E 783 B
1 KB 40ms
17ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4b14e9cdf4004c81725b17904d03f844b9fee6e9ebcdba96bc1620a1b393354c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5nA1WeM0WlszOYMSLmBxzQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-5nA1WeM0WlszOYMSLmBxzQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 21 Apr 2023 05:13:16 GMT
expires: Fri, 21 Apr 2023 05:13:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
trends.revcontent.com/api/delivery/ 11 KB
7 KB 162ms
161ms Fetch
application/json 34.251.239.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/api/delivery/?is_blocked=undefined&w=275271&width=1600&rev_allow_cookies=0&site_url=https%3A%2F%2Fwww.heralddemocrat.com%2F&icr_url=&va=0&time=1682053996336&up=pc&bn=chrome&bv=112&widget_width=1314&style_id=0&idhub[pubcid]=69c2037b-21b8-4b28-8c71-c005817be12b&an=false

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.251.239.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-239-38.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

ee73651d51311ef85ca5d9810ca5ca347137d22390001b85bff3f879edd7489f

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-rc-region: eu-west-1c
date: Fri, 21 Apr 2023 05:13:16 GMT
strict-transport-security: max-age=931536000; includeSubDomains
content-encoding: gzip
server: envoy
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heralddemocrat.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 131

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5D9E 0
0 57ms
41ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304170101&jk=3660892537962404&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3 200 w05zGG9qaosOBIL1Kb6OkKtrB9U8AfHvOijkE_qF5Xk.js Show response
pagead2.googlesyndication.com/bg/ Frame 37F5 36 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w05zGG9qaosOBIL1Kb6OkKtrB9U8AfHvOijkE_qF5Xk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c34e73186f6a6a8b0e0482f529be8e90ab6b07d53c01f1ef3a28e413fa85e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 19 Apr 2023 23:33:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 106807
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14215
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 Apr 2024 23:33:09 GMT

GET
H/1.1 200
OK bx_loader.gif
publisher.etype.services/assets/global/plugin/bxslider/images/ Frame A965 8 KB
9 KB 124ms
124ms Image
image/gif 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://publisher.etype.services/assets/global/plugin/bxslider/images/bx_loader.gif
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:16 GMT
Last-Modified: Fri, 13 Jan 2023 07:43:56 GMT
Server: Microsoft-IIS/10.0
ETag: "c6fe93ca2227d91:0"
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 8581

GET
H/1.1 200
OK thumbnail.jpg
etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-02-28/330584/ Frame A965 75 KB
75 KB 674ms
127ms Image
image/jpeg 20.150.38.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-02-28/330584/thumbnail.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.150.38.36 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b29c0b514b41b8d4516d064df803cc2afa876f3b118b70599f794d38188c0ef9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 21 Apr 2023 05:13:16 GMT
Last-Modified: Tue, 28 Feb 2023 14:57:41 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8DB199C2431A236
Content-Type: .jpg
x-ms-request-id: 74bda224-801e-0069-1b0f-747c7e000000
x-ms-version: 2009-09-19
Content-Length: 76483

GET
H/1.1 200
OK thumbnail.jpg
etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-03-29/335749/ Frame A965 83 KB
83 KB 688ms
134ms Image
image/jpeg 20.150.38.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-03-29/335749/thumbnail.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.150.38.36 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 7c4e8b92a244d393b3e5673b98aad9dc00868ba21251c1729c029407faf75fe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 21 Apr 2023 05:13:17 GMT
Last-Modified: Wed, 29 Mar 2023 21:50:21 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8DB309F9857E62D
Content-Type: .jpg
x-ms-request-id: 440d4d3e-201e-0012-4a0f-743ee2000000
x-ms-version: 2009-09-19
Content-Length: 84948

POST
H2 204 impression
trends.revcontent.com/event/ 0
0 126ms
59ms Fetch 34.251.239.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/event/impression

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.251.239.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-239-38.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-rc-region: eu-west-1c
date: Fri, 21 Apr 2023 05:13:16 GMT
strict-transport-security: max-age=931536000; includeSubDomains
server: envoy
vary: Origin
access-control-allow-origin: https://www.heralddemocrat.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 26

GET
H2 200 brandWidget~feedWidget.delivery.js Show response
assets.revcontent.com/master/ 65 KB
17 KB 13ms
13ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/brandWidget~feedWidget.delivery.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 83f2f162f1f1fd6ca3bfe7bd1898836ecaa17998ad6c7aef61574aeed93d7066

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
content-encoding: gzip
last-modified: Fri, 14 Apr 2023 14:15:06 GMT
server: AmazonS3
x-amz-request-id: 9QCNF1ZB8H7BMTZ7
etag: "616105096e8e3f19c2d714ea283fa7c6"
x-amz-server-side-encryption: AES256
x-hw: 1682053996.cds167.fr8.hn,1682053996.cds327.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 16999
x-amz-id-2: eHXPvAs19mVeDwDqS7+cZ+wFCvumhntRMQz5Mc8i3prWrQnkgJXP7d/Ra7CYadFAt7lRGejzDPhUDc0DF6Cr38ghvTWOCXRH8R72glFup1Y=

GET
H2 200 defaultWidget~feedWidget.delivery.js Show response
assets.revcontent.com/master/ 23 KB
7 KB 14ms
14ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/defaultWidget~feedWidget.delivery.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: ceb731414616837d5947ccd22c0f009ddc9cc7b4730a4932f9debde250e9c471

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
content-encoding: gzip
last-modified: Fri, 14 Apr 2023 14:15:09 GMT
server: AmazonS3
x-amz-request-id: 9QCGKY52RGCAFFHH
etag: "9e580ab6dfd6f2042f90670df9f979b9"
x-amz-server-side-encryption: AES256
x-hw: 1682053996.cds167.fr8.hn,1682053996.cds154.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 7092
x-amz-id-2: WRgNXgs3YvX/5PAtiD4ldJ+Hwg2mZQhizWnvHCn71uuf/Du9aKNlM0GRfT4sEX1lP1vg98OJSI8=

GET
H2 200 feedWidget.delivery.js Show response
assets.revcontent.com/master/ 30 KB
9 KB 14ms
14ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/feedWidget.delivery.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 40151d802d9a94b8b02f5e3a46e99997ef5a258e808a811c0b6d982e6d0d6668

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
content-encoding: gzip
last-modified: Fri, 14 Apr 2023 14:15:07 GMT
server: AmazonS3
x-amz-request-id: RZS4Z6XBSGDHFYW0
etag: "a7d4bc4637b9f5ecf8384512c8e19a27"
x-amz-server-side-encryption: AES256
x-hw: 1682053996.cds167.fr8.hn,1682053996.cds266.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 9188
x-amz-id-2: 2zVQg7Noh6Vj1hvFP+0nTpIbD41QkEhln9aD+8SgF6lz/k2dGhMYfo9ckiMbQiPOfYLcl0R+Pcc=

GET
H2 200 commonModal.delivery.js Show response
assets.revcontent.com/master/ 3 KB
2 KB 15ms
15ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/commonModal.delivery.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: e3b51420d0d2ec905c232e07b8c28926305a18268dbc98e5134b0d172e0f340c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
content-encoding: gzip
last-modified: Fri, 14 Apr 2023 14:15:06 GMT
server: AmazonS3
x-amz-request-id: 9QCW6D1QXRBQ1VH2
etag: "4edf14e0d4b88a88795237f9870e408b"
x-amz-server-side-encryption: AES256
x-hw: 1682053996.cds167.fr8.hn,1682053996.cds002.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 1666
x-amz-id-2: 5xFdIO9/zv5tPcN/Uw4zL+6+g2PU/LL/DraxUi/2Hpzr265g3mhg9SqNPO2TRwoI1rDuhcHWevo=

GET
H2 200 /
img.revcontent.com/ 1 KB
1 KB 367ms
10ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.revcontent.com/?url=https://cdn.revcontent.com/assets/img/full_color.png&static=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: /
Resource Hash: 94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:16 GMT
last-modified: Thu, 02 Jun 2022 15:22:42 GMT
etag: "1654183362"
x-hw: 1682053996.cds328.fr8.hn,1682053996.cds260.fr8.c
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1351

GET
H2 200 rc-logo.png
cdn.revcontent.com/assets/img/ 2 KB
2 KB 45ms
9ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revcontent.com/assets/img/rc-logo.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: /
Resource Hash: f4241710e57486ad91102e31823e855469608e1aea362f1f0e059609c9eb9a56

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:17 GMT
last-modified: Wed, 12 Apr 2023 19:12:49 GMT
etag: "1681326769"
x-hw: 1682053997.cds321.fr8.hn,1682053997.cds337.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=30
accept-ranges: bytes
content-length: 2091

GET
H2 200 63c6a3bfd15776-05990272.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 11 KB
12 KB 52ms
12ms Image
image/jpeg 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/63c6a3bfd15776-05990272.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

Cloudinary /

Resource Hash

1712db2ac9948f052b629d35a83530960b4f24075b69c2a8b3f7323697f20235

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:17 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
server-timing: fastly;dur=3;cpu=1;start=2023-01-17T17:21:17.621Z;desc=hit,rtt;dur=0
content-length: 11699
x-request-id: 35b81a8080cd96feaf3c17b9ea1ea9b9
last-modified: Tue, 17 Jan 2023 13:36:23 GMT
server: Cloudinary
etag: "fba682e55e5aa4ce3c38c5e14920b5b2"
x-hw: 1682053997.cds328.fr8.hn,1682053997.cds246.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 60009489dd1754-56248429.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 8 KB
9 KB 52ms
15ms Image
image/jpeg 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/60009489dd1754-56248429.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

cloudflare /

Resource Hash

43bb13c6acecade74f6b1b1b110da1c15e551193004b317eaf556b894755eec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:17 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
server-timing: cld-cloudflare;dur=453;start=2023-04-12T01:35:07.974Z;desc=miss,rtt;dur=1;cloudinary;dur=57;start=2023-04-12T01:35:08.321Z
content-length: 8462
last-modified: Fri, 12 Nov 2021 04:20:10 GMT
server: cloudflare
etag: "fda2778c3cd2d44a4e122c0920d9b8f1"
x-hw: 1682053997.cds328.fr8.hn,1682053997.cds256.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, no-transform, immutable, max-age=604800
accept-ranges: bytes
cf-ray: 7b67bb1acb29046e-FRA
timing-allow-origin: *

GET
H2 200 15325530070980734337.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 18 KB
18 KB 50ms
15ms Image
image/jpeg 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/15325530070980734337.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

Cloudinary /

Resource Hash

9d3e1247c76eb8b5d2b41912f5217de0671dc1dc4531007be84deef3a243b6e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:17 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
last-modified: Thu, 11 Nov 2021 17:39:08 GMT
server: Cloudinary
etag: "5275faba57e87c0ceaf3be15a11a27e8"
x-hw: 1682053997.cds328.fr8.hn,1682053997.cds132.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=604800
server-timing: fastly;dur=389;cpu=0;start=2022-06-16T05:33:52.765Z;desc=hit,rtt;dur=0
accept-ranges: bytes
timing-allow-origin: *
content-length: 18571

GET
H2 200 c4929f98c743b259243f73187e5aee76.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 13 KB
14 KB 57ms
24ms Image
image/jpeg 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/c4929f98c743b259243f73187e5aee76.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

Cloudinary /

Resource Hash

6f6264f04d843c514e8b7a830c18a6ac059bf15f500ea1b8d37a619e84e71f85

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:17 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
last-modified: Wed, 07 Dec 2022 17:51:00 GMT
server: Cloudinary
etag: "a36491d720b1a3019f083c4e3889349e"
x-hw: 1682053997.cds328.fr8.hn,1682053997.cds248.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=604800
server-timing: fastly;dur=2;cpu=0;start=2022-12-07T17:52:26.082Z;desc=hit,rtt;dur=0
accept-ranges: bytes
timing-allow-origin: *
content-length: 13679

GET jeg-empty.png
www.heralddemocrat.com/wp-content/themes/jnews/assets/img/ 0
0

GET
H2 200 04-20-10-Ar00201004-500x290.jpg
www.heralddemocrat.com/wp-content/uploads/2023/04/ 23 KB
23 KB 154ms
152ms Image
image/jpeg 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/04/04-20-10-Ar00201004-500x290.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

24e9724cc939851092d9cb76ad861c22d438154ca54d019b5de6d6a21ddf4fbf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:17 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 23300
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 20 Apr 2023 10:23:32 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "644112a4-5b04"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 37F5 0
10 B 10ms
10ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ThFCug
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:17 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1980 42 B
174 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv3vL8t7R1IQwvnWesCCeoo7Iox7xWzXiARV8H8opWsKJfaQ4Ds3PQ2r4qcAvdc3JoLtQi8vmE24dkkRAjHSg1I-pJ7tOxSjqtsrWhC_y2shp9y6i9E&sig=Cg0ArKJSzBK3Fw5J_s5bEAE&id=lidar2&mcvt=1004&p=278,436,368,1164&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20230419&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3882773831&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682053995847&rpt=198&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 916B 42 B
108 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstvsBmNr5AHnK_ol1FksBWUdMEj1d0nVkA7-qux2Dl0ErIkl7R4emm8PDRnJySYxAlosNAD5cHv8NoddmmFGcpgOrFpzUa_fw1gwvwVO_243cCds6mH&sig=Cg0ArKJSzOA473Jjg12gEAE&id=lidar2&mcvt=1006&p=398,1157,648,1457&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20230419&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=360704253&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682053995815&rpt=175&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 page-view
yeet.revcontent.com/yeet/events/ Frame 0
0 79ms
61ms Preflight 34.251.239.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/page-view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.251.239.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-239-38.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heralddemocrat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
content-length: 0
date: Fri, 21 Apr 2023 05:13:17 GMT
server: envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time: 27
x-rc-region: eu-west-1c

OPTIONS
H2 200 widget-loaded
yeet.revcontent.com/yeet/events/ Frame 0
0 65ms
47ms Preflight 34.251.239.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/widget-loaded
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.251.239.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-239-38.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heralddemocrat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
content-length: 0
date: Fri, 21 Apr 2023 05:13:17 GMT
server: envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time: 15
x-rc-region: eu-west-1c

POST
H2 204 page-view
yeet.revcontent.com/yeet/events/ 0
0 68ms
68ms Fetch 34.251.239.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/page-view
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.251.239.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-239-38.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

x-rc-region: eu-west-1c
access-control-allow-origin: *
date: Fri, 21 Apr 2023 05:13:17 GMT
x-envoy-upstream-service-time: 37
server: envoy
vary: Origin

POST
H2 204 widget-loaded
yeet.revcontent.com/yeet/events/ 0
0 52ms
51ms Fetch 34.251.239.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/widget-loaded
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.251.239.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-239-38.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

x-rc-region: eu-west-1c
access-control-allow-origin: *
date: Fri, 21 Apr 2023 05:13:17 GMT
x-envoy-upstream-service-time: 19
server: envoy
vary: Origin

GET
H/1.1 200
OK thumbnail.jpg
etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-02-28/330584/ Frame A965 75 KB
75 KB 132ms
132ms Image
image/jpeg 20.150.38.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-02-28/330584/thumbnail.jpg
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/assets/global/plugin/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.150.38.36 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b29c0b514b41b8d4516d064df803cc2afa876f3b118b70599f794d38188c0ef9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 21 Apr 2023 05:13:17 GMT
Last-Modified: Tue, 28 Feb 2023 14:57:41 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8DB199C2431A236
Content-Type: .jpg
x-ms-request-id: 440d4e5c-201e-0012-580f-743ee2000000
x-ms-version: 2009-09-19
Content-Length: 76483

GET
H/1.1 200
OK thumbnail.jpg
etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-03-29/335749/ Frame A965 83 KB
83 KB 139ms
138ms Image
image/jpeg 20.150.38.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-03-29/335749/thumbnail.jpg
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/assets/global/plugin/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.150.38.36 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 7c4e8b92a244d393b3e5673b98aad9dc00868ba21251c1729c029407faf75fe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 21 Apr 2023 05:13:16 GMT
Last-Modified: Wed, 29 Mar 2023 21:50:21 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8DB309F9857E62D
Content-Type: .jpg
x-ms-request-id: 74bda35a-801e-0069-430f-747c7e000000
x-ms-version: 2009-09-19
Content-Length: 84948

GET
H/1.1 200
OK controls.png
publisher.etype.services/assets/global/plugin/bxslider/images/ Frame A965 3 KB
3 KB 124ms
124ms Image
image/png 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://publisher.etype.services/assets/global/plugin/bxslider/images/controls.png
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 257206c4fd6bcee36927eb0ef2ba087b5dfc6c9a18df7f8553878bf847616226

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 05:13:16 GMT
Last-Modified: Fri, 13 Jan 2023 07:43:57 GMT
Server: Microsoft-IIS/10.0
ETag: "49e6ddca2227d91:0"
X-Powered-By: ASP.NET
Content-Type: image/png
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 2806

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
44ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304170101&jk=3660892537962404&bg=!NTalNmLNAAYfNdXmPzU7ADkAdvg8Wt1aXlRjfisybbcNCRLeJ7xAEaXeGaUC3PIu7tZdZOwUwNb0YtGKU6x-ee4TCH1GHv1qkMUCAAAAc1IAAAACaAEHmQLW9TWT_UO1MxQ87xc1ug_Uk2ZnPNJ8FbK1k-hpncY-EgyTZCCyYzyzRegWFgZN0qwGsT_aTwKZt9w0S5I_aEzAwa1NP2RSsZHU8PUw66-Dg-xS1pV5RXXA5MflOBS0ZstJQDHb7l7XJPlSBdeOOVNH9M_O9goYyL6oARRKNPFC9oFbrpU1RT-MCExkN-ePdKasS61rUn6tmoY2URmJhJF4OqNo7Nr2uMOdGVLJ3KZp4fWsyqSA--3cOQOawNOmwyERL9fD2MIUq0_wYzdwiDct04e9wXco2DVYs-zCk1-5uAcouXN00RKI8f1CWJEz7Rk_agMkhJpksJaFwQO8I43csnkKc2B_QrjmZlztZsK5vHvgeeX7fTjAkJCKg578ohXsvPo6P27nMTQrbETj79_pqwgRdkKK5XKun_kjmiT3NVRsjNT8edMRAFhDTwI64mSVvZIaMbTwpEEskrNtm4LPDoHAl2HdOpaTIfjArw-joNxRnp9hOVo-o5ZpTe3OfZKzjQLBG-H6vlqMgB1XFneDFnmBBE7IvRuNWsEDAgCAnc9Hc3CJadinEJduarXLiHsbtpugwy8i9neg7i65SgBbLocfX-hpgpB7k-Jb5tFd-5cJx9Vt8mLJ3swptS8EOHDKscIN_A3ntnEw96Dg6KnbjxJRP2TfENM9Zg-Ia87aQRShtpge5jRywIPPDh1OWq2nleAa7aYsN5ZE1Xgl7nFndoCxX3iS-eaVEaNzJ_5xGyANRNOdW0QahA-bg7emmjid79UkBTL5icQkMW8iCc20TIwSI3VMERMedXvB7ilGujNnC5301aXMXToETOhQt4ajjyy8FnwEc_7HyyuWSWEEd2Y36ljRyHsqgy-GQC8hEqdjOA3azU_ynGUv0MFNMfrHRUbFaeB-Dg9eAdr1T-zsihJhzyV6RDmuBpegKrBgTfdcMQq4vgEaX3TUIcijsTae7E6qlFMG
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 49 B
255 B 161ms
98ms XHR
application/json 2600:1901:0:8344::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0013300001kQgaMAAS&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:8344:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 21 Apr 2023 05:13:18 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H2 200 json Show response
gum.criteo.com/sid/ 2 B
381 B 41ms
14ms XHR
application/json 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&domain=www.heralddemocrat.com&cw=1&lsw=1

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:18 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 265739
expires: 0

POST
H/1.1 200 1285.json Show response
id5-sync.com/g/v2/ 216 B
632 B 69ms
8ms XHR
application/json 162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/1285.json

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.116 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

Resource Hash

41b749324906ffd96f5b69d383542ed6b3e29f54572ce63243449ee7253b0ff2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.heralddemocrat.com
date: Fri, 21 Apr 2023 05:13:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 200 id Show response
id.crwdcntrl.net/ 43 B
322 B 109ms
34ms XHR
application/json 54.194.98.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.98.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-98-250.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:18 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache
x-server: 10.45.8.185
access-control-allow-credentials: true
content-length: 43
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
395 B 103ms
32ms XHR
application/json 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: acdfeef4dbf434400b81b41be1a48d2fa4413cfe10c69e6c51c54eb0e0bc0028

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 21 Apr 2023 05:13:18 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Sun, 21 May 2023 05:13:18 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 75ms
13ms Preflight
application/json 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&domain=www.heralddemocrat.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.heralddemocrat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 21 Apr 2023 05:13:17 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 227526
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 liveView.php Show response
live.primis.tech/live/ 46 KB
17 KB 71ms
20ms Script
text/javascript 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3aa0ccb74a520019e2601fc9cad1e98c2846dc3e9fab60e74d8f28683bcef3b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-id: 2q8T5O2eML294LwgVf3Z9ctQxYVrCA9chuzP2J_13_flsKq34a7lVg==

GET
H2 200 config.js Show response
cdn.confiant-integrations.net/yjsuMg1kkWeWHf5qo2WHhexYOVs/gpt_and_prebid/ 145 KB
32 KB 46ms
17ms Script
text/javascript 2606:4700:4400::6812:220a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/yjsuMg1kkWeWHf5qo2WHhexYOVs/gpt_and_prebid/config.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KV4F27B
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90ace795b6c423dc484fcbc9a1ca50a93ccc8aa1576281614140267e3dd8972f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 21 Apr 2023 02:54:54 GMT
server: cloudflare
x-amz-request-id: J1MFHFSGNNFB4YFF
age: 897
etag: W/"674300a84e601e449245cca393fff4b9"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 7bb32320cb2b9bb3-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Yq2LcixLp4p+BDm7njzJlsR8gcwBDcTcPkBsCoNGb+nnZ/Dc0IvNlGMee6/MO7x3Pd5G78xn4rA=

GET
H2 200 wrap.js Show response
cdn.confiant-integrations.net/gptprebidnative/202304111045/ 239 KB
74 KB 20ms
19ms Script
application/javascript 2606:4700:4400::6812:220a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/gptprebidnative/202304111045/wrap.js
Requested by: Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/yjsuMg1kkWeWHf5qo2WHhexYOVs/gpt_and_prebid/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90db7c2929c1f8fa3cb7be282e5c88ce131312749bb86d8eed33f6757e57f772

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Apr 2023 14:47:39 GMT
server: cloudflare
x-amz-request-id: 7KA7AB5SEV1SWNRV
age: 821389
etag: W/"7371672e2ad6b3b9469c4dc5cc2f6c08"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 7bb323210b5e9bb3-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ENgkodvMDHOTTA0yZRUYHj7QXAdbJ4BqKcGUFdfw89GHCqgJMdztmk3q9TqV8BxOrs73Gb0VbGgPKz8baFvsUw==

GET
H2 200 diberp-tcx-v7.13.0.js Show response
www.americanhometownmedia.com/static/ 328 KB
103 KB 70ms
8ms Script
text/javascript 34.120.58.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.americanhometownmedia.com/static/diberp-tcx-v7.13.0.js
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.58.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 62.58.120.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c02ccf4ffd38f6e1602a17e22029a37e1827a19cc5b202d5268c4f9c9336a38d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:02:49 GMT
content-encoding: gzip
age: 631
x-guploader-uploadid: ADPycdsHLiJFal63sUTcpfqRBcmiEcZS-yaTH3BkMkTUF1_iJJIjJkBnvpDtuMNxyGFbxEJ8ucg_qQwHyiJrd9kFoVqgQA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104504
last-modified: Mon, 29 Aug 2022 14:20:21 GMT
server: UploadServer
etag: "f085c7609fb7c47fb72fd768d721373e"
vary: Accept-Encoding,Origin
x-goog-generation: 1661782821233427
x-goog-hash: crc32c=qwVX7w==, md5=8IXHYJ+3xH+3L9do1yE3Pg==
content-type: text/javascript
cache-control: public, max-age=31536000
x-goog-stored-content-length: 104504
accept-ranges: bytes
expires: Sat, 20 Apr 2024 05:02:49 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 74 KB
25 KB 94ms
94ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1623762a38857b185cce336b6fc44bd9c13a84e5045db279000982c8a3cfb7fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25079
x-xss-protection: 0
server: cafe
etag: 805 / 19468 / 31074053 / config-hash: 13555417812552352376
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 21 Apr 2023 05:13:20 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame E487 5 KB
2 KB 21ms
21ms Script
text/javascript 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682054000&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 231daa492803e1de08abfb57859afb4557e0000b482ad58260426678853a9a93

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-id: 2qLDIF7nhgPvVbk9GN9bG3VP-RFXdH-QgHHMYA2mVV6TfO2F7P9jww==

GET
H2 200 iab_consent_sdk.v1.0.js Show response
live.primis.tech/content/ClientDetections/ Frame E487 19 KB
8 KB 19ms
18ms Script
application/javascript 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682054000&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified: Wed, 12 Feb 2020 15:01:36 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"5e441350-4be0"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: oBA-eEqfRCUap88oWHNE0lvEgH8sKPzt60-J95K9sdcR0K4WDrWM2A==
expires: Sat, 20 Apr 2024 05:13:20 GMT

GET
H2 200 DetectGDPR2.v1.1.js Show response
live.primis.tech/content/ClientDetections/ Frame E487 9 KB
4 KB 22ms
21ms Script
application/javascript 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR2.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682054000&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"6024fccc-228f"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: w31pWOgCj5AGnfH04OalTBkS7ONt5QkHHlrh10bXx3eU-nhgGciKfw==
expires: Sat, 20 Apr 2024 05:13:20 GMT

GET
H2 200 DetectGDPR.v1.1.js Show response
live.primis.tech/content/ClientDetections/ Frame E487 8 KB
3 KB 20ms
19ms Script
application/javascript 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682054000&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"6024fccc-1ef8"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: -ssPDB8-9uVEdB6ZT-D7tYt8Isjo7so9PeIwZX-sebhcFCriF9KU2A==
expires: Sat, 20 Apr 2024 05:13:20 GMT

GET
H2 200 hls.0.12.4_3.min.js Show response
live.primis.tech/content/video/hls/ Frame E487 258 KB
116 KB 20ms
19ms Script
application/javascript 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682054000&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified: Wed, 23 Mar 2022 12:48:36 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"623b1724-409bc"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: 7SDZQ-THnbv0RKd8iKHPKT3POVRDk8REp9VlsSK7Q4PhIerbGe2w-g==
expires: Sat, 20 Apr 2024 05:13:20 GMT

GET
H2 200 prebidVid.7.16.0_8.min.js Show response
live.primis.tech/content/prebid/ Frame E487 514 KB
259 KB 45ms
44ms Script
application/javascript 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682054000&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 9ac5a7ed180980e32f7784d9aca819bc93d7906f2d17f24070433983b5f4728d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified: Thu, 16 Mar 2023 15:23:59 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"6413348f-809c9"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: 3KmolHtvFkRHWTBB50aaMpfky8Z9p0QYBnkUTPTPSf7WSJ2MeyfD_w==
expires: Sat, 20 Apr 2024 05:13:20 GMT

GET
H2 200 liveVideo.php Show response
live.primis.tech/live/ Frame E487 591 KB
228 KB 54ms
54ms Script
text/html 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32315F30387D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A2b%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682054000&csuuid=64421b70cd330&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682054000734&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682054000&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 7c207b8751962b075dece0af331d49d5b0bc7da86cd13df0c2dabe08007cbf24

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:19 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
x-amz-cf-id: Gnu4-YP25iuCEBJ03pUUamhMp7irDI4XcHlYuR8v4he1M7cNDia3JQ==

GET
H2 200 arj Show response
justapinch-com-d.openx.net/w/1.0/ 174 B
595 B 111ms
37ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://justapinch-com-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.heralddemocrat.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=df46e310-53d0-4a95-8d78-b47d4a02737e%2C7fbb7ae7-4237-4119-96ec-307b48f400bb&nocache=1682054000905&gdpr_consent=&gdpr=0&schain=1.0%2C1!americanhometownmedia.com%2C00084%2C1%2C%2C%2C&aus=300x250%7C300x250&divids=ahm_widg_id_7%2Cahm_widg_id_13&aucs=%2C&auid=558229079%2C558229079
Requested by: Host: www.americanhometownmedia.com
URL: https://www.americanhometownmedia.com/static/diberp-tcx-v7.13.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: c44efbaab5184754c309dcd0f271735760057b8c4046d3dc2ddfa00708e57a79

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:21 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 93 B
631 B 117ms
79ms XHR
application/json 216.52.2.91
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.13.0-pre
Requested by: Host: www.americanhometownmedia.com
URL: https://www.americanhometownmedia.com/static/diberp-tcx-v7.13.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.91 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 66983f82afc927b5daa9f297b9a2640adce1d799d79ea65106a7229b55bf07af

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 21 Apr 2023 05:13:20 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://www.heralddemocrat.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

GET
H2 200 primisslate.css
live.primis.tech/content/video/css/ 18 KB
7 KB 18ms
18ms Stylesheet
text/css 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/css/primisslate.css
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32315F30387D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A2b%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682054000&csuuid=64421b70cd330&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4081306e365ebaa5a82ac37991f041a39b5e20cbd5722b4b7e055a330ad33e02

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified: Mon, 17 Apr 2023 10:52:24 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"643d24e8-4688"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: nKxMHXFpgW74GBDcxGQ9K4wzSksSYypF9LKL2yDpRox_4fvkeyyUpw==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame E487 226 KB
56 KB 54ms
8ms Script
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32315F30387D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A2b%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682054000&csuuid=64421b70cd330&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 49262cbd305b40a32de0c41a27e4a5aafc65927c0b7f0e6163e0e5b3739eab85

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:04:12 GMT
content-encoding: gzip
via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront), 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
last-modified: Wed, 19 Apr 2023 20:25:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P3
age: 549
x-amz-server-side-encryption: AES256
etag: W/"d0373f28cbce103f094bc2631a9c8dd5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: M_mYEYqv4-xQeYdZeIyi4c3hp6XNuGLG3ztdWue3tHUNX556BRrLug==

GET
H3 200 css
fonts.googleapis.com/ 1 KB
422 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins&display=swap

Requested by

Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32315F30387D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A2b%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682054000&csuuid=64421b70cd330&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00573904e0947050a672688a2de7001e7919dee72aeaca2ca76a019769bf779a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 21 Apr 2023 05:13:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 21 Apr 2023 04:00:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 21 Apr 2023 05:13:21 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame E487 21 KB
5 KB 42ms
41ms XHR
application/json 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTtyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNwFuNzNvOTVwODAlYwpjNTxkOTE5OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcFNEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRZrFyUWzcZnzfkWXcaq01gSTNNRFU1TVRerE9Un3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq4T1RNNE1EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXuNrx0kTxRBS2ZRLzF4ZTqkqENlZDNbYWJ2QTZNqEQ3Rx9DnGZBMzcDQ0NnVxRwOC1INzcRR0EzqzyxX2NioaRyoaRsnWQ9MTx5MDM5OSZ2nWRsY29hqGVhqF9xZXNwPUNfo3RbZXNjnW4eQ29in2yyplZ2nWRsY29hqGVhqF90nXRfZT1DoG90nGVmpGyhK0Nio2gcZXMzqzyxX2NioaRyoaRsZHVlYXRco249MTE1JaBfYWNyoWVhqFN0pzVuoVR5pGU9MlZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9NDAjJax9MwI1JaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMTVGMmAmODqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUkLwI5OTMzZ2ViTG9hZm05LwQ5MSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0ElYvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDIkYwpjY2QmMmAzY2J1p3Rypw0kNwtlMDU0MDAkMDA5JzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32315F30387D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A2b%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682054000&csuuid=64421b70cd330&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 240290cd38055bbba64d7120e6410e71a15a9ecc390248e5609f37f5b088d6fa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 5179
x-amz-cf-id: 8D98gPlYo5Y-P4zcAycU3dT-4_SwldRJtAeiPYNgYXtJY9qsc6294g==

GET
H2 200 liveView.php
live.primis.tech/live/ 0
420 B 22ms
21ms Image
text/html 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTUjJaNypaZypyRcoWU9MTY4MwA1NDAjMCZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTE0NTM1JaN0YT0jJat9NDAjJax9MwI1JaZcZF9jYXNmRG9gYWyhPXq3ql5bZXJuoGRxZW1iY3JuqC5wo20zp3VvSWQ9q3q3LzuypzFfZGRyoW9wpzF0LzNioSZxZWJ1Z0yhZz9loWF0nW9hPSZcp0FjpD0jJaNxn3Y9JaJcPTZDNwx3NwY1NTM3NDYkNmQ3MmqDNmM2QwMkN0I1NDMjN0Q3QwY0MmImMDMlMmMlRDMjMmQlRDMlMmE1RwMjMmt3RDqCNmMmMTM3MmImNTM2MmxmMwM3N0Q3QwQmMmUmNmqEN0I1MmY0MmM2NDMmNEM2RDY4NxM2MmZENDY3MmVBNDp1MwZDNwI1NmM5NxE2MmZENDYmMDRDNxQ0RTp2NwI1MTNEM0Q3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmQmMDMjN0Q3QwU5MmImMwM1N0Q3QwY2MmE3RDqCNEMmNmM4MmxmODqERxVGRSZxnWFcZD0zqXNypxyjQWRxpw0lYTAkJTNBNGEjJTNBMzIyM0EyM0E0JaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwEkMv4jLwU2MTUhMTIkJTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02NDQlMWI3MGNxMmMjJzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTAzY2NjYT0jJzNwpGFDo25mZW50PSZwYaVmqGVlPTE2ODIjNTQjMDEjMDAzqWyxPVNyn2yhZG9TUGkurWVlNwQ0MwFvNmBxYzFxZSZjqWJVpzj9nHR0pHMyM0EyMxYyMxZ3q3phnGVlYWkxZGVgo2NlYXQhY29gJTJGJzZfo2F0U3RuqHVmPWZuoHNyJzVcZHNjPXBlZWJcZA==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-id: BAMkAwhXoLU_yzOB-YciUPObzADQkag-E7ll_TbjRGa1TZP0o26xkw==

GET
H2 200 vid61a6cb95c802b705919199.jpg
video.primis.tech/uploads/cn18/video/users/converted/22235/video_5df2c67d5a683172725343/ 18 KB
18 KB 68ms
9ms Image
image/jpeg 2600:9000:2491:9c00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn18/video/users/converted/22235/video_5df2c67d5a683172725343/vid61a6cb95c802b705919199.jpg?cbuster=1666108075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:9c00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4929f18e1eea49cce7af27cf1da1cbbc1b9b7fb7c990699de53ba8d52f990cdd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 17:54:40 GMT
via: 1.1 65cfe14afe351aff9537ad2d153c9b7a.cloudfront.net (CloudFront), 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
x-amz-cf-pop: DFW56-P2, FRA56-P7
age: 40721
x-cache: Hit from cloudfront
content-length: 18254
last-modified: Wed, 01 Dec 2021 01:12:14 GMT
server: nginx
etag: "474363664493a2b542d5f6d420903c11"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: P8Uu3GJkbaguujUWymiUfSHAAONgCd5_6b5yzfTPn8I8wffLFQ3FuQ==
expires: Fri, 21 Apr 2023 17:54:40 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame E487 69 KB
9 KB 51ms
49ms XHR
application/json 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTtyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNwFuNzNvOTVwODAlYwpjNTxkOTE5OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcFNEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRZrFyUWzcZnzfkWXcaq01gSTNNRFU1TVRerE9Un3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq4T1RNNE1EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXuNrx0kTxRBS2ZRLzF4ZTqkqENlZDNbYWJ2QTZNqEQ3Rx9DnGZBMzcDQ0NnVxRwOC1INzcRR0EzqzyxX2NioaRyoaRsnWQ9MTx5MDM5OSZ2nWRsY29hqGVhqF9xZXNwPUNfo3RbZXNjnW4eQ29in2yyplZ2nWRsY29hqGVhqF90nXRfZT1DoG90nGVmpGyhK0Nio2gcZXMzqzyxX2NioaRyoaRsZHVlYXRco249MTE1JaBfYWNyoWVhqFN0pzVuoVR5pGU9MSZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9MmQmJax9MTxmJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMTVGMmAmODqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUkLwI5OTMzZ2ViTG9hZm05LwQ5MSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0ElYvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDIkYwpjY2QmMmAzY2J1p3Rypw0kNwtlMDU0MDAkMDE3JzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32315F30387D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A2b%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682054000&csuuid=64421b70cd330&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a7bfe74e6643f22462b0bffc103f5924bfa37af73591083bbde3d7f55481ce51

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 9118
x-amz-cf-id: JTs6Q3WNNxXQVlX-sOEihsFCKM5x0dU8Au_ODtStUALKXcvSI8jzYw==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame E487 37 KB
7 KB 45ms
44ms XHR
application/json 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTtyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNwFuNzNvOTVwODAlYwpjNTxkOTE5OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcFNEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRZrFyUWzcZnzfkWXcaq01gSTNNRFU1TVRerE9Un3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq4T1RNNE1EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXuNrx0kTxRBS2ZRLzF4ZTqkqENlZDNbYWJ2QTZNqEQ3Rx9DnGZBMzcDQ0NnVxRwOC1INzcRR0EzqzyxX2NioaRyoaRsnWQ9MTx5MDM5OSZ2nWRsY29hqGVhqF9xZXNwPUNfo3RbZXNjnW4eQ29in2yyplZ2nWRsY29hqGVhqF90nXRfZT1DoG90nGVmpGyhK0Nio2gcZXMzqzyxX2NioaRyoaRsZHVlYXRco249MTE1JaBfYWNyoWVhqFN0pzVuoVR5pGU9MSZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9MmQmJax9MTxmJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMTVGMmAmODqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUkLwI5OTMzZ2ViTG9hZm05LwQ5MSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0ElYvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDIkYwpjY2QmMmAzY2J1p3Rypw0kNwtlMDU0MDAkMDE4JzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32315F30387D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A2b%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682054000&csuuid=64421b70cd330&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 9db5fc91e31f36b34b2872f37d8c00d7a81b0db6e80ab6a27d7d6481fce74761

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 6236
x-amz-cf-id: 5lILwAz8VeoIGaYKJUiwQK9oxIIKdAtprpJQvchPsWAEdyOmBr9hyg==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame E487 21 KB
5 KB 49ms
48ms XHR
application/json 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTtyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNwFuNzNvOTVwODAlYwpjNTxkOTE5OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcFNEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRZrFyUWzcZnzfkWXcaq01gSTNNRFU1TVRerE9Un3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq4T1RNNE1EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXuNrx0kTxRBS2ZRLzF4ZTqkqENlZDNbYWJ2QTZNqEQ3Rx9DnGZBMzcDQ0NnVxRwOC1INzcRR0EzqzyxX2NioaRyoaRsnWQ9MTx5MDM5OSZ2nWRsY29hqGVhqF9xZXNwPUNfo3RbZXNjnW4eQ29in2yyplZ2nWRsY29hqGVhqF90nXRfZT1DoG90nGVmpGyhK0Nio2gcZXMzqzyxX2NioaRyoaRsZHVlYXRco249MTE1JaBfYWNyoWVhqFN0pzVuoVR5pGU9MlZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9MmQmJax9MTxmJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMTVGMmAmODqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUkLwI5OTMzZ2ViTG9hZm05LwQ5MSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0ElYvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDIkYwpjY2QmMmAzY2J1p3Rypw0kNwtlMDU0MDAkMDE4JzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32315F30387D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A2b%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682054000&csuuid=64421b70cd330&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 44de1b7c3efbd0c3f9a573f62af8215f2991437a4e832730be17f5f1edbe7503

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 5190
x-amz-cf-id: U6JVBCoGLfFQpBlpgdCtcu2zsxf8g3tEKPq2ces_SIzmXSrx1IIjwA==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame E487 70 KB
9 KB 57ms
57ms XHR
application/json 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTtyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNwFuNzNvOTVwODAlYwpjNTxkOTE5OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcFNEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRZrFyUWzcZnzfkWXcaq01gSTNNRFU1TVRerE9Un3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq4T1RNNE1EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXuNrx0kTxRBS2ZRLzF4ZTqkqENlZDNbYWJ2QTZNqEQ3Rx9DnGZBMzcDQ0NnVxRwOC1INzcRR0EzqzyxX2NioaRyoaRsnWQ9MTx5MDM5OSZ2nWRsY29hqGVhqF9xZXNwPUNfo3RbZXNjnW4eQ29in2yyplZ2nWRsY29hqGVhqF90nXRfZT1DoG90nGVmpGyhK0Nio2gcZXMzqzyxX2NioaRyoaRsZHVlYXRco249MTE1JaBfYWNyoWVhqFN0pzVuoVR5pGU9MlZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9MmQmJax9MTxmJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMTVGMmAmODqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUkLwI5OTMzZ2ViTG9hZm05LwQ5MSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0ElYvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDIkYwpjY2QmMmAzY2J1p3Rypw0kNwtlMDU0MDAkMDE4JzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32315F30387D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A2b%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682054000&csuuid=64421b70cd330&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 50e01e4932f05f74d6cc7745f5135caf8bfcc7cb9b0ffa76a0aa91a228dc9fdd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 8779
x-amz-cf-id: I0WCRxocRQ4sky77UagFvTkxm3CUwakJt9V6SERyNDm8A9x0lXE03w==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame E487 6 KB
3 KB 414ms
396ms XHR
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:22 GMT
x-amz-version-id: BeoItWAXLH_Ztd131J1ILFBRpuOxsQkH
content-encoding: gzip
via: 1.1 bfad099b4e1fa2ec7d21876e0293dc20.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Thu, 13 Apr 2023 22:29:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: GpsslKFTafTVFhE5_wbOAb3n3ky8PjdjQTJrkE8tWE7r7gD3davWtg==

GET
H2 200 liveInternalSsp.php Show response
live.primis.tech/live/ Frame E487 25 B
494 B 323ms
323ms XHR
text/html 2600:9000:2251:3e00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveInternalSsp.php?sspData=%7B%22enc%22%3Atrue%2C%22data%22%3A%22%5C%22JTqCJTIlqzVlJTIlJTNBJTIlqzVlXmEhNSUlMvUlQlUlMz1coxJcZCUlMvUmQTAyMxMyMwJvqXc6ZXIyMwIyM0EyN0IyMwJwo3VhqCUlMvUmQTAyMxMyMwJ0nXRfZUkyovUlMvUmQTEjMCUlQlUlMapyMwIyM0ElMDAyMxMyMwJbJTIlJTNBMTYjJTqEJTJDJTIlq2yxqGtyMwIyM0EmNDMyMxMyMwJbZWyanHQyMwIyM0EkOTMyMxMyMwJmpGFwZUyxJTIlJTNBJTIlNTtjNTpyMwIyMxMyMwJmpGFwZVR5pGUyMwIyM0EyMwJ2YXN0JTIlJTJDJTIlqzyxZW9QoGFwZW1yoaRUrXByJTIlJTNBMlUlQlUlMzyjJTIlJTNBJTIlMzEjMSUmQTRuMCUmQTJvJTNBJTNBNCUlMvUlQlUlMzqyo0yxJTIlJTNBNTpyMxMyMwJuoHBbYTJHZW8yMwIyM0EyMwJERSUlMvUlQlUlMzRyqzywZXR5pGUyMwIyM0ElJTJDJTIlqHu0RGV2nWNyqHyjZSUlMvUmQSUlMzRyp2g0o3AyMwIyMxMyMwJvpz93p2VlJTIlJTNBJTIlY2ulo21yJTIlJTJDJTIlo3MyMwIyM0EyMwJXnW5xo3qmJTIlJTJDJTIlqHu0T3MyMwIyM0EyMwJ3nW5xo3qmJTIlJTJDJTIlZGV2nWNyTW9xZWjyMwIyM0EyMwIyMwIyMxMyMwJip1ZypaNco24yMwIyM0EyMwIkMC4jJTIlJTJDJTIlZGV2nWNyTWFhqWZuY3R1pzVlJTIlJTNBJTIlJTIlJTJDJTIlZGV2nWNyQ29xZU5uoWUyMwIyM0EyMwIyMwIyMxMyMwJ1p2VlQWqyoaQyMwIyM0EyMwJNo3ccoGkuJTJGNS4jJTIjKFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCxyMwBBpHBfZVqyYxgcqCUlRwUmNl4mNvUlMCuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolxyMwBDnHJioWUyMxYkMTIhMC41NwE1LwElMSUlMFNuZzFlnSUlRwUmNl4mNvUlMvUlQlUlMzkuqCUlMvUmQSUlMwUkLwI5OTMyMwIyMxMyMwJfo24yMwIyM0EyMwI5LwQ5MSUlMvUlQlUlMzFjpE5uoWUyMwIyM0EyMwIyMwIyMxMyMwJupHBJZCUlMvUmQSUlMvUlMvUlQlUlMzymQXBjJTIlJTNBMCUlQlUlMzFjpEJ1ozRfZUyxJTIlJTNBJTIlnHR0pHMyM0EyMxYyMxZ3q3phnGVlYWkxZGVgo2NlYXQhY29gJTJGJTIlJTJDJTIlYXBjU3RipzVVpzjyMwIyM0EyMwIyMwIyMxMyMwJupHBQpzy2YWN5UG9fnWN5JTIlJTNBJTIlJTIlJTJDJTIlYXBjSXNQYWyxJTIlJTNBJTIlJTIlJTJDJTIlYXBjRGV2ZWkipGVlJTIlJTNBJTIlJTIlJTJDJTIlnWZuJTIlJTNBJTIlJTIlJTJDJTIlnWZ2JTIlJTNBJTIlJTIlJTJDJTIlYXR0plUlMvUmQTAyMxMyMwJupHBWZXJmnW9hJTIlJTNBJTIlJTIlJTJDJTIlpzVzZXJlZXIyMwIyM0EyMwJbqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYyMwIyMxMyMwJjYWqyJTIlJTNBJTIlnHR0pHMyM0EyMxYyMxZ3q3phnGVlYWkxZGVgo2NlYXQhY29gJTJGJTIlJTJDJTIlZ2RjpvUlMvUmQTEyMxMyMwJaZHBlQ29hp2VhqCUlMvUmQSUlMvUlMvUlQlUlMzymV2VQYXNmR2RjpvUlMvUmQSUlMwAyMwIyMxMyMwJwY3BuJTIlJTNBMCUlQlUlMzNwpGFDo25mZW50JTIlJTNBJTIlJTIlJTJDJTIlZG9gYWyhJTIlJTNBJTIlq3q3LzuypzFfZGRyoW9wpzF0LzNioSUlMvUlQlUlMaqyYaNcqGUyMwIyM0EyMwJ3q3php2VenW5xol5wo20yMwIyMxMyMwJmZWN1pzUyMwIyM0EkJTJDJTIlZ2ViU291pzNyJTIlJTNBJTIlSVAyMwIyMxMyMwJwo3BjYSUlMvUmQTAyMxMyMwJ1qWyxJTIlJTNBJTIlNwQ0MwFvNmBwZDMmMCUlMvUlQlUlMzJfo2NeQaJuozRmJTIlJTNBJTVCJTVEJTJDJTIlZXu0VXNypxyxplUlMvUmQSU1QvU3QvUlMaNiqXJwZSUlMvUmQSUlMzyxNS1mrW5wLzNioSUlMvUlQlUlMaVcZHMyMwIyM0EyNUIyN0IyMwJcZCUlMvUmQSUlMwAyMwIyMxMyMwJuqHyjZSUlMvUmQTEyMxMyMwJyrHQyMwIyM0EyN0IyMwJfnW5eVHyjZSUlMvUmQTAyN0QyN0QyNUQyN0QyMxMyN0IyMwJmo3VlY2UyMwIyM0EyMwJjqWJwnWQho3JaJTIlJTJDJTIlqWyxplUlMvUmQSU1QvU3QvUlMzyxJTIlJTNBJTIlNmp5MDxjZwQgODQ1Mv00NDp3LTxmMTYgZwE2MGMlN2U5MTImJTIlJTJDJTIlYXR5pGUyMwIyM0EkJTqEJTVEJTqEJTVEJTJDJTIloXJunWRBoGkiq2VxJTIlJTNBMCUlQlUlMzRyYaVaSW5zo3JgYXRco24yMwIyM0EyMwIyMwIyMxMyMwJmnXRySWQyMwIyM0EkMTQ1MmUyMxMyMwJjqWJfnXNbZXJJZCUlMvUmQTIlMwM1JTJDJTIlp2NbYWyhJTIlJTNBJTqCJTIlqzVlJTIlJTNBJTIlMS4jJTIlJTJDJTIlY29gpGkyqGUyMwIyM0EkJTJDJTIloz9xZXMyMwIyM0EyNUIyN0IyMwJup2xyMwIyM0EyMwJuoWVlnWNuozuioWV0o3qhoWVxnWEhY29gJTIlJTJDJTIlp2yxJTIlJTNBJTIlMDAjODQyMwIyMxMyMwJbpCUlMvUmQTEyN0QyMxMyN0IyMwJup2xyMwIyM0EyMwJjpzygnXMhqGVwnCUlMvUlQlUlMaNcZCUlMvUmQSUlMwIlMwM1JTIlJTJDJTIlnHAyMwIyM0EkJTqEJTVEJTqEJTJDJTIlpzVanW9hJTIlJTNBJTIlRyIyMwIyMxMyMwJwYW1jYWyaoaMyMwIyM0EyN0IyMwI4MmQ1NSUlMvUmQSU3QvUlMaRlYWNeZXIyMwIyM0EyMwJwYW1jYWyaoxZlZXFDYXAyM0QjJTI1MxYjJTI2Y2FgpGFcZ25JZCUmRDtmNDU1JTI2p3BuY2UlQWRJZCUmRDE3MwU3MDM0JTIlJTJDJTIlpHJyYzyxTaNmpEyhZGV4JTIlJTNBMCUlQlUlMaNjYWNyMxFxSWQyMwIyM0EyMwIkNmI1NmAmNCUlMvUlQlUlMzRyYWjyMwIyM0EyN0IyMwJcp1J0YxRyYWjyMwIyM0EjJTJDJTIlpaRvRGVuoEyxJTIlJTNBJTIlJTIlJTJDJTIlpaRvU2VuqEyxJTIlJTNBJTIlJTIlJTqEJTJDJTIlpaRvV1NyYXQyMwIyM0EyMwIyMwIyMxMyMwJwYW1jYWyaoxyxJTIlJTNBODM0NTUyMxMyMwJwYW1jYWyaoyNwo3ByJTIlJTNBJTIlpHVvoGywJTIlJTJDJTIlnW50ZXJhYWkCqXyypyVcZCUlMvUmQSUlMvUlMvUlQlUlMzVcZE5uoWUyMwIyM0EyMwJ5YWuiol5wo20yMwIyMxMyMwJuZFVmZXJJZCUlMvUmQTMkMDMkJTJDJTIlYzNuqCUlMvUmQSUlMvUlMvUlQlUlMzJup2VGoG9ipvUlMvUmQTAhODQyMxMyMwJyrHQyMwIyM0EyN0IyMwJjYXJ0ozVlJTIlJTNBJTIlMTI4JTIlJTJDJTIlpzV2U2uupzUyMwIyM0EyMwIkLwAjJTIlJTJDJTIlpGkuY2VgZW50SWQyMwIyM0EyMwI4YTx2OTU4MwAkN2Y3ZzRvZTZuZGRwMzI2NWNuMDAkMCUlMvUlQlUlMzFjpEyxJTIlJTNBJTIlOGE5NwxjNTMjMTqzN2ZxYzUjZTVxYmJuZzRyZDAjMGQyMwIyMxMyMwJjqWJJZCUlMvUmQSUlMyBlnW1cp1R3o0uCJTIlJTqEJTJDJTIlYaV5ZXJVnWQyMwIyM0EyMwIyMwIyMxMyMwJlZWZypzVhY2VJZCUlMvUmQTEyMxMyMwJvnWRzoG9ipvUlMvUmQSUlMwAhODQyMwIyMxMyMwJmY2uunW4yMwIyM0EyN0IyMwJ2ZXIyMwIyM0EyMwIkLwAyMwIyMxMyMwJwo21joGV0ZSUlMvUmQTEyMxMyMwJho2RyplUlMvUmQSU1QvU3QvUlMzFmnSUlMvUmQSUlMzFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMwIyMxMyMwJmnWQyMwIyM0EyMwIjMDA4NCUlMvUlQlUlMzujJTIlJTNBMSU3RCUlQlU3QvUlMzFmnSUlMvUmQSUlMaBlnW1cpl50ZWNbJTIlJTJDJTIlp2yxJTIlJTNBJTIlMwIlMmUyMwIyMxMyMwJbpCUlMvUmQTEyN0QyNUQyN0QyN0QyN0QyMxMyMwJjoGFwZW1yoaRDYXQyMwIyM0EyNUIyMwJJQUIkMSUlMvU1RCUlQlUlMaBfYXyvYWNeoWV0nG9xJTIlJTNBJTVCNvU1RCUlQlUlMz5uqzyaYXRipxkuozq1YWqyJTIlJTNBJTIlZW4yMwIyMxMyMwJjYWqyY2F0JTIlJTNBJTVCJTIlSUFCMTEyMwIyNUQyMxMyMwJwo250ZW50Y2F0JTIlJTNBJTVCJTIlSUFCOCUlMvU1RCU3RA%3D%3D%5C%22%22%7D
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3e00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1d16d42e33c80a00df5f4c6a514edbfaa985a2cdf0d33b4f76f90a6625b773b7

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:20 GMT
content-encoding: gzip
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-id: 4ybdIXnik8bWAMLtiYJVhEub5uh0vpWuuJa4nFN3X_hGTpV-y0VTTA==

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame E487 0
121 B 263ms
32ms XHR
text/plain 185.64.189.112

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.heralddemocrat.com
date: Fri, 21 Apr 2023 05:13:21 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 vid61a6cb95c802b705919199.jpg
video.primis.tech/uploads/cn18/video/users/converted/22235/video_5df2c67d5a683172725343/ 18 KB
18 KB 9ms
8ms Image
image/jpeg 2600:9000:2491:9c00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn18/video/users/converted/22235/video_5df2c67d5a683172725343/vid61a6cb95c802b705919199.jpg?cbuster=1666108075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:9c00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4929f18e1eea49cce7af27cf1da1cbbc1b9b7fb7c990699de53ba8d52f990cdd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 17:54:40 GMT
via: 1.1 65cfe14afe351aff9537ad2d153c9b7a.cloudfront.net (CloudFront), 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
x-amz-cf-pop: DFW56-P2, FRA56-P7
age: 40721
x-cache: Hit from cloudfront
content-length: 18254
last-modified: Wed, 01 Dec 2021 01:12:14 GMT
server: nginx
etag: "474363664493a2b542d5f6d420903c11"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: jwxVPKQ7pk6fB1e1HtZ4mDs5SrEoHXcS1CMD6ZIJRRglcaQNReGOFw==
expires: Fri, 21 Apr 2023 17:54:40 GMT

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ Frame E487 49 B
101 B 97ms
96ms XHR
application/json 2600:1901:0:8344::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0015a00002l61KYAAY&gdpr=0
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:8344:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 21 Apr 2023 05:13:22 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H2 200 id Show response
id.crwdcntrl.net/ Frame E487 43 B
322 B 34ms
33ms XHR
application/json 54.194.98.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.98.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-98-250.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:22 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache
x-server: 10.45.16.189
access-control-allow-credentials: true
content-length: 43
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame E487 63 B
394 B 32ms
32ms XHR
application/json 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=j6w8ta9&fmt=json
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: a44c67ad48150dc4745ca595da26655daae23bfa31d299a7517c33748d508cae

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 21 Apr 2023 05:13:22 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Sun, 21 May 2023 05:13:22 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 83CA 16 KB
6 KB 7ms
7ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=170273
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Fri, 21 Apr 2023 05:13:22 GMT
expires: Sun, 23 Apr 2023 04:31:15 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 83CA 5 KB
6 KB 66ms
13ms Script
text/html 185.64.189.115

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=2553576&p=156595&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2192b4fcaa60abe4ae7f94ac0d23a0d15af7615475e0c6343e279b584841141c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Fri, 21 Apr 2023 05:13:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame DFA2
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:8c8f6442-1b72-4000-af2e-9f2e78b015b4&gdpr=0&gdpr_consent=

42 B
403 B

43ms
14ms

Document
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:8c8f6442-1b72-4000-af2e-9f2e78b015b4&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Fri, 21 Apr 2023 05:13:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Fri, 21 Apr 2023 05:13:22 GMT
Expires: Fri, 21 Apr 2023 05:13:21 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 830 785530e master cdg-pixel-x27 config_version:"unknown"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:8c8f6442-1b72-4000-af2e-9f2e78b015b4&gdpr=0&gdpr_consent=

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame CD37
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5514073096729613439

42 B
0

19ms
19ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5514073096729613439
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Fri, 21 Apr 2023 05:13:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5514073096729613439
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET usersync.aspx
dis.criteo.com/dis/ Frame 51FA 0
0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 46A8
Redirect Chain

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588524360191072

42 B
0

19ms
19ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588524360191072
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Fri, 21 Apr 2023 05:13:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Content-Length: 0
Date: Fri, 21 Apr 2023 05:13:22 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588524360191072
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 7D5D
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JkMIbiEVC249TwVqJ08ROXMUDmk9Elo_IUIgiQKV

42 B
421 B

62ms
19ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JkMIbiEVC249TwVqJ08ROXMUDmk9Elo_IUIgiQKV
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Fri, 21 Apr 2023 05:13:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Fri, 21 Apr 2023 05:13:22 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JkMIbiEVC249TwVqJ08ROXMUDmk9Elo_IUIgiQKV
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET

dcm
aax-eu.amazon-adsystem.com/s/ Frame 8D00
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent=&dcc=t

0
0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6152
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3862291109529903718&gdpr=0&gdpr_consent=

42 B
218 B

37ms
15ms

Document
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3862291109529903718&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Fri, 21 Apr 2023 05:13:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

AN-X-Request-Uuid: 07682e66-8dec-46ce-822b-1eb155daa612
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Fri, 21 Apr 2023 05:13:22 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3862291109529903718&gdpr=0&gdpr_consent=
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 81.95.5.40; 81.95.5.40; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame F25E
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7224366928707844239&gdpr=0&gdpr_consent=

42 B
316 B

59ms
14ms

Document
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7224366928707844239&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Fri, 21 Apr 2023 05:13:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Date: Fri, 21 Apr 2023 05:13:22 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7224366928707844239&gdpr=0&gdpr_consent=
Server: nginx
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET sync
sync.srv.stackadapt.com/ Frame 10B7 0
0

GET

pm
match.prod.bidr.io/cookie-sync/ Frame BACE
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1

0
0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6019
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZEIbcgAES1niMgAp&gdpr=1&gdpr_consent=&_test=ZEIbcgAES1niMgAp

0
0

13ms
13ms

Document
text/html

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZEIbcgAES1niMgAp&gdpr=1&gdpr_consent=&_test=ZEIbcgAES1niMgAp
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 21 Apr 2023 05:13:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Fri, 21 Apr 2023 05:13:22 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZEIbcgAES1niMgAp&gdpr=1&gdpr_consent=&_test=ZEIbcgAES1niMgAp
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-hhn-etou8220026-HHN
x-timer: S1682054003.658579,VS0,VE0

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame C55A 43 B
369 B 39ms
15ms Document
image/gif 35.186.193.173

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Fri, 21 Apr 2023 05:13:21 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H/1.1 200
OK cookiesync
core.iprom.net/ Frame 205D 43 B
279 B 102ms
35ms Document
image/gif 195.5.165.20

General

Check archive.org

Show headers Download Go to

Full URL: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.5.165.20 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Length: 43
Content-Type: image/gif
Date: Fri, 21 Apr 2023 05:13:22 GMT
Vary: Accept-Encoding
X-adserver-worker: avatar-bd4094ff8faa@version_1.550v2
X-core-time: 0ms
X-server-arch: v2

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 4DF5
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
225 B

24ms
14ms

Document
text/html

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 21 Apr 2023 05:13:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Fri, 21 Apr 2023 05:13:22 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET i.match
a.tribalfusion.com/ Frame DFF9 0
0

GET bridge
cm.adgrx.com/ Frame E651 0
0

GET usersyncsupply
cm-supply-web.gammaplatform.com/adx/ Frame BF84 0
0

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 83CA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=juFWWf1-SRSUfGbsojLFhg%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

8ms
7ms

Image
text/html

23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:22 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=170273
accept-ranges: bytes
content-length: 5554
expires: Sun, 23 Apr 2023 04:31:15 GMT

Redirect headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 83CA 49 B
265 B 116ms
32ms Image
image/gif 34.247.20.4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=8EE15659-FD7E-4914-947C-66ECA232C586&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.20.4 -, , ASN (),
Reverse DNS
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:22 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.23.93
content-length: 49
expires: 0

GET
H2

204

ids
idsync.frontend.weborama.fr/ Frame 83CA
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=2734721765
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=8EE15659-FD7E-4914-947C-66ECA232C586

0
284 B

39ms
16ms

Image
text/plain

34.111.131.239

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=8EE15659-FD7E-4914-947C-66ECA232C586
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.111.131.239 -, , ASN (),
Reverse DNS
Software: Weborama Collect Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:22 GMT
via: 1.1 google
last-modified: Fri, 21 Apr 2023 05:13:22 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=8EE15659-FD7E-4914-947C-66ECA232C586
date: Fri, 21 Apr 2023 05:13:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET match
a.audrte.com/ Frame 83CA 0
0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 83CA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEVFMTU2NTktRkQ3RS00OTE0LTk0N0MtNjZFQ0EyMzJDNTg2&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
245 B

38ms
19ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Fri, 21 Apr 2023 05:13:22 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 83CA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEB3SPWQScCUMy5zpFjDhtuc&google_cver=1

42 B
300 B

39ms
20ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEB3SPWQScCUMy5zpFjDhtuc&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Fri, 21 Apr 2023 05:13:22 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 21 Apr 2023 05:13:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEB3SPWQScCUMy5zpFjDhtuc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 83CA 43 B
612 B 58ms
15ms Image
image/gif 35.204.74.118

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 -, , ASN (),

Reverse DNS

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:22 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Thu, 20 Apr 2023 05:13:22 GMT

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 83CA
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5714937427250808965

0
0

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 83CA 70 B
264 B 34ms
32ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 21 Apr 2023 05:13:22 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 83CA
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-VXYSme9E2uXqZPgeZuN3dp.nhZQGPrk-~A&gdpr=0

0
260 B

54ms
13ms

Image
text/plain

198.47.127.20

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-VXYSme9E2uXqZPgeZuN3dp.nhZQGPrk-~A&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Server: 198.47.127.20 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:21 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-VXYSme9E2uXqZPgeZuN3dp.nhZQGPrk-~A&gdpr=0
date: Fri, 21 Apr 2023 05:13:22 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 8EE15659-FD7E-4914-947C-66ECA232C586
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 83CA 43 B
426 B 100ms
31ms Image
image/gif 2a05:d018:d29:3602:ea30:652:4665:4067

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/8EE15659-FD7E-4914-947C-66ECA232C586?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3602:ea30:652:4665:4067 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:22 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET

sync
x.bidswitch.net/ul_cb/ Frame 83CA
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=

0
0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 83CA 0
187 B 56ms
13ms Image
text/plain 98.98.134.241

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 -, , ASN (),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Fri, 21 Apr 2023 05:13:22 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET current
pubmatic-match.dotomi.com/match/bounce/ Frame 83CA 0
0

GET cs
ad.turn.com/r/ Frame 83CA 0
0

GET

getuid
secure.adnxs.com/ Frame 83CA
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID

0
0

GET pubmaticmatch
match.adsby.bidtheatre.com/ Frame 83CA 0
0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 17ms
16ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.heralddemocrat.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 17ms
16ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heralddemocrat.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:13:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET ads
securepubads.g.doubleclick.net/gampad/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.legacy.com
URL: https://www.legacy.com/api/v1/affiliates/recentobituaries/2344?num=4&photoFirst=False&obittype=1&random=False&callback=legacy.recentObituaries.renderTemplate

Domain: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews/assets/img/jeg-empty.png

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=13781

Domain: dis.criteo.com
URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@

Domain: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=8EE15659-FD7E-4914-947C-66ECA232C586&redir=true&gdpr=0&gdpr_consent=&dcc=t

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=

Domain: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1

Domain: a.tribalfusion.com
URL: https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Domain: cm.adgrx.com
URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=

Domain: cm-supply-web.gammaplatform.com
URL: https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel

Domain: a.audrte.com
URL: https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=8EE15659-FD7E-4914-947C-66ECA232C586

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5714937427250808965

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=

Domain: pubmatic-match.dotomi.com
URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=8EE15659-FD7E-4914-947C-66ECA232C586&gdpr=0&gdpr_consent=

Domain: ad.turn.com
URL: https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID

Domain: match.adsby.bidtheatre.com
URL: https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3660892537962404&correlator=2072530883568798&eid=31073320%2C31073678&output=ldjh&gdfp_req=1&vrg=202304170101&ptt=17&impl=fifs&iu_parts=281191609%3A22655122517%2Ctrx_cherryroad%2Cheralddemocrat.com&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250%2C320x50%7C300x250&fluid=height%2Cheight&ifi=7&adks=1498280685%2C425470763&sfv=1-0-40&prev_scp=slotName%3Dldgr4%26pubDom%3Dheralddemocrat.com%26atab%3Dtrue%26frstlk%3Dtrue%7CslotName%3Dldgr9%26pubDom%3Dheralddemocrat.com%26atab%3Dtrue%26frstlk%3Dtrue&eri=1&sc=1&cookie=ID%3Da0db146708e1b26a%3AT%3D1682053995%3AS%3DALNI_MYYlaWW6pJGHe57zHDsSiwTBKzKoA&gpic=UID%3D00000bedf31901e9%3AT%3D1682053995%3ART%3D1682053995%3AS%3DALNI_MbIJio4Ke1u1WVfuZFVDEiWeeFa4g&abxe=1&dt=1682054002614&lmt=1682054002&dlt=1682053994099&idt=1498&adxs=816%2C143&adys=2450%2C1926&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=5%7C6&ucis=7%7C8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=300x250%7C300x-1&msz=300x-1%7C300x-1&fws=4%2C4&ohw=1600%2C1600&ga_vid=2014851188.1682053995&ga_sid=1682053996&ga_hid=2088336008&ga_fc=true

Verdicts & Comments Add Verdict or Comment

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.heralddemocrat.com/	1969-12-31 23:59:59	Name: pmpro_visit Value: 1
.heralddemocrat.com/	1970-01-20 11:15:40	Name: _gid Value: GA1.2.1088860483.1682053995
.heralddemocrat.com/	1970-01-20 11:14:14	Name: _gat Value: 1
www.heralddemocrat.com/	1970-01-20 20:50:13	Name: adatb_user Value: {%22options%22:{%22contrast%22:{%22label%22:%22Default%22%2C%22class%22:%22ll-at-contrast-default%22}%2C%22fontSize%22:{%22label%22:%22Default%22%2C%22class%22:%22ll-at-fontsize-default%22}%2C%22fontFamily%22:{%22label%22:%22Default%22%2C%22class%22:%22ll-at-fontfamily-default%22}%2C%22clickTTS%22:{%22enabled%22:false}}%2C%22uid%22:%22uqk69z5w3eba0hjixu4h%22}
.publisher.etype.services/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 5bbd621acd36f18803fd29a703f639494e179539fc2e5f5f03c3eb5c7f6779e3
.heralddemocrat.com/	1970-01-20 20:50:13	Name: _ga_8Y10R17R20 Value: GS1.1.1682053995.1.0.1682053995.0.0.0
.heralddemocrat.com/	1970-01-20 20:50:13	Name: _ga Value: GA1.1.2014851188.1682053995
.doubleclick.net/	1970-01-20 20:35:49	Name: IDE Value: AHWqTUkdBvOIf_oCx4nuba5oeQmQz6GoOEpnOP1n4-MyQSWuyp2jq4qLWwTReMZFl84
www.heralddemocrat.com/	1970-01-20 11:57:26	Name: _pbjs_userid_consent_data Value: 3524755945110770
.heralddemocrat.com/	1970-01-20 15:33:25	Name: _pubcid Value: 69c2037b-21b8-4b28-8c71-c005817be12b
.doubleclick.net/	1970-01-20 11:14:14	Name: test_cookie Value: CheckForPermission
.heralddemocrat.com/	1970-01-20 20:35:49	Name: __gads Value: ID=a0db146708e1b26a:T=1682053995:S=ALNI_MYYlaWW6pJGHe57zHDsSiwTBKzKoA
.heralddemocrat.com/	1970-01-20 20:35:49	Name: __gpi Value: UID=00000bedf31901e9:T=1682053995:RT=1682053995:S=ALNI_MbIJio4Ke1u1WVfuZFVDEiWeeFa4g
www.heralddemocrat.com/	1970-01-20 11:14:17	Name: _lr_retry_request Value: true
www.heralddemocrat.com/	1970-01-20 11:57:25	Name: _lr_env_src_ats Value: false
www.heralddemocrat.com/	1970-01-20 12:40:37	Name: pbjs-unifiedid Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222023-04-21T05%3A13%3A18%22%7D
.openx.net/	1970-01-20 19:59:50	Name: i Value: 92dea51c-e890-0bb2-11da-652883499ade\|1682054000
.lijit.com/	1970-01-20 19:59:50	Name: ljt_reader Value: GhB5pBZHBntw0xceQ9SYWO36

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://web1.etypeservices.com/wp-content/uploads/2021/11/ADA-Compliant-Logo.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.legacy.com/api/v1/affiliates/recentobituaries/2344?num=4&photoFirst=False&obittype=1&random=False&callback=legacy.recentObituaries.renderTemplate Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
javascript	error	URL: https://www.heralddemocrat.com/ Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=13781' from origin 'https://www.heralddemocrat.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=13781 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=8EE15659-FD7E-4914-947C-66ECA232C586&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

71b9f19b7c03d40dfebc9934b0406e71.safeframe.googlesyndication.com
a.audrte.com
a.tribalfusion.com
aax-eu.amazon-adsystem.com
ad.turn.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
analytics.cherryroad.com
ap.lijit.com
api.rlcdn.com
assets.revcontent.com
c.amazon-adsystem.com
cdn.confiant-integrations.net
cdn.revcontent.com
cm-supply-web.gammaplatform.com
cm.adgrx.com
cm.g.doubleclick.net
cms.quantserve.com
core.iprom.net
cr.frontend.weborama.fr
csync.loopme.me
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
etypeproductionstorage1.blob.core.windows.net
fonts.googleapis.com
fonts.gstatic.com
gum.criteo.com
hbopenbid.pubmatic.com
heralddemocrat.com
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
images.revcontent.com
img.revcontent.com
ipac.ctnsnet.com
japfg-trending-content.appspot.com
japfg-trending-content.uc.r.appspot.com
justapinch-com-d.openx.net
lexicon.33across.com
lh3.googleusercontent.com
live.primis.tech
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pr-bh.ybp.yahoo.com
publisher.etype.services
pubmatic-match.dotomi.com
region1.google-analytics.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
static.addtoany.com
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.mathtag.com
sync.srv.stackadapt.com
tpc.googlesyndication.com
trends.revcontent.com
um.simpli.fi
ups.analytics.yahoo.com
video.primis.tech
web1.etypeservices.com
www.americanhometownmedia.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.heralddemocrat.com
www.justapinch.com
www.legacy.com
x.bidswitch.net
yeet.revcontent.com
a.audrte.com
a.tribalfusion.com
aax-eu.amazon-adsystem.com
ad.turn.com
api.rlcdn.com
cm-supply-web.gammaplatform.com
cm.adgrx.com
dis.criteo.com
match.adsby.bidtheatre.com
match.prod.bidr.io
pubmatic-match.dotomi.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
sync.srv.stackadapt.com
www.heralddemocrat.com
www.legacy.com
x.bidswitch.net
104.17.187.220
130.211.10.17
142.250.185.162
15.197.193.217
151.101.66.49
151.139.128.10
162.19.138.116
185.29.134.248
185.64.189.110
185.64.189.112
185.64.189.115
185.64.190.80
185.89.210.153
193.0.160.131
195.5.165.20
198.47.127.20
20.150.38.36
20.40.202.28
2001:4860:4802:34::36
207.228.225.157
213.155.156.167
216.52.2.91
23.35.236.201
2600:1901:0:8344::
2600:9000:2251:3e00:1a:5235:f980:93a1
2600:9000:2491:9c00:1:6448:6d00:93a1
2606:4700:10::6816:46c5
2606:4700:4400::6812:220a
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:803::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2014
2a00:1450:4001:811::2002
2a00:1450:4001:811::2014
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:827::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::2004
2a00:1450:4001:830::2001
2a02:2638:3::c
2a05:d018:d29:3602:ea30:652:4665:4067
3.71.149.231
34.111.129.221
34.111.131.239
34.120.58.62
34.247.20.4
34.251.239.38
35.186.193.173
35.204.74.118
35.214.153.92
35.244.159.8
52.222.208.154
54.194.98.250
66.148.122.12
85.114.159.93
98.98.134.241
00573904e0947050a672688a2de7001e7919dee72aeaca2ca76a019769bf779a
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06bfcbc62a8a2e2a624c3d07e3d173518339143afa1d033e6fa49f4e57a7a398
110126a419b873d8f9fdbdd1f58256dfd3de83acef773e3b98615553c4a90cc5
154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67
1623762a38857b185cce336b6fc44bd9c13a84e5045db279000982c8a3cfb7fe
1712db2ac9948f052b629d35a83530960b4f24075b69c2a8b3f7323697f20235
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1c468f25c66a9aeaa637ca5244f64ec7f967734b2dc2aa92b667cf5316155e81
1cea05c9dc43838e32fcb06ae84779481540258aeb6dad99e552de9b9ffbf184
1d16d42e33c80a00df5f4c6a514edbfaa985a2cdf0d33b4f76f90a6625b773b7
2192b4fcaa60abe4ae7f94ac0d23a0d15af7615475e0c6343e279b584841141c
21a4e261b3c98c9ab9cf3de0ad7c1d1ce420fd0c09f62c5a3b31adbae7bb7bdd
223fc8122a307637f83efd6b57fb96e0daf8795aaa98e431e83064efa65b4da3
231daa492803e1de08abfb57859afb4557e0000b482ad58260426678853a9a93
240290cd38055bbba64d7120e6410e71a15a9ecc390248e5609f37f5b088d6fa
24e9724cc939851092d9cb76ad861c22d438154ca54d019b5de6d6a21ddf4fbf
257206c4fd6bcee36927eb0ef2ba087b5dfc6c9a18df7f8553878bf847616226
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c5cc47eb8499efe3f4353bc50b38690756e78da21b0e158e14293b39c5ef812
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
38587d14ecdbee0b173c6773618ab712a02d30f4e8effa50d4ce23dbdafb2cc3
3a3b8f1947675166325e8785c1058e7d8a2a1946f33a67e0fedb5c0b0ec2a16d
3ae5d8b5a2806b811378107313b19f0b05baae4b2bbe85e19e9cd223391a0fe3
3f84897d884f47f9c98b1656962479b41fde99934e6a3abae8128995b7d81f7b
3f99e71207592a89cebf173253549f4e82709ea220748baee0b8028e2afd390c
40151d802d9a94b8b02f5e3a46e99997ef5a258e808a811c0b6d982e6d0d6668
4081306e365ebaa5a82ac37991f041a39b5e20cbd5722b4b7e055a330ad33e02
41b749324906ffd96f5b69d383542ed6b3e29f54572ce63243449ee7253b0ff2
432acd8192429c035f55370ab0501a7f58d69456a10b0a1bc213bd3efb6d2946
43bb13c6acecade74f6b1b1b110da1c15e551193004b317eaf556b894755eec4
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44de1b7c3efbd0c3f9a573f62af8215f2991437a4e832730be17f5f1edbe7503
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48b2d240737cceb970b7b3ef8b86aef31f321c9d51f0af1fa1f4c68544e5d498
48ea5787f01c0678de86c7861e830f03a3163a2d3a25ddb8fe3b343725dfeabd
49262cbd305b40a32de0c41a27e4a5aafc65927c0b7f0e6163e0e5b3739eab85
4929f18e1eea49cce7af27cf1da1cbbc1b9b7fb7c990699de53ba8d52f990cdd
4a1a6e42dfb626f8da2deac59ad576d0351ad3fc2a0317af76d8451690e35de5
4b14e9cdf4004c81725b17904d03f844b9fee6e9ebcdba96bc1620a1b393354c
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
50c9201fab5a8a851d4a225b1fdb97338c461b2aaee7357c235f26dfa7126168
50e01e4932f05f74d6cc7745f5135caf8bfcc7cb9b0ffa76a0aa91a228dc9fdd
5316717f872a3b46022c0c6b37009e1a18df8809a0cd70a58d8c47fd97f9919c
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
53a17958431b40d88f256147f2b657856b13d823f79065ed7a11aaee68e24d68
54e1e7b31a27697d16378b2e355e964e291da7ed6d1fde664b5e028c86c425f3
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56fd5ee440c344b3a073e361fcc3c24a528d3b0331ea2ef892e7f10c3f4e52a4
578403fd9e618f355ffe407d546a33ca8440136e6689e3ceda0aaef98fa3f13b
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970
5c846f6051d59669f2cab4c1aca826b54eb30846136c2da7966882c486a554b6
5e8357d1e0fd21e3347d91b411f97accac6a0d35ebbe5ebd786fc83d8e99c473
5eb922e5a926ca6554d08b48be54d8c48200c31cf48a6af3f283b2fe87116943
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62c929161d0af43697d1f251fc65b5cea61d58a66b9398d8d49a8ab32b8e6e72
63b5224b366e907b541da4ea4ce7980d8b7534a7379c860b54e7c830486c565e
641953b8e5ac35a6a53096b49f37b4d5df4734eb25a270ee3e8d57894f50fe10
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
66983f82afc927b5daa9f297b9a2640adce1d799d79ea65106a7229b55bf07af
67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429
6a2d500d4ac0bba5317698b68c383179098a0ad47879f56de7318ceb37fba68e
6c958b3ea583cf0a2e50ee6ad6e8ef42ddd4b8269d760492fbd6d6dcc956d51d
6d149b991e26ec034a23eddd868d330077badf66fe3afe93bc976a65662b1fdc
6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a
6f6264f04d843c514e8b7a830c18a6ac059bf15f500ea1b8d37a619e84e71f85
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
738b1fdac3e745e341f46738955c36bd63ea29074de45eb2acaabd787299793f
738e1ec839515be2b8c22effa9d85f3ff28126828cc6b7482df906aa7de7f2df
73cfb0ed71e314a835831530e27ba1fde5609b224781f7dbc2dd3eb9a08603cd
77f1a877bb9db6390e51f4955c0c2c6cdc526fc72e10e71704a458337a84f6d2
7c207b8751962b075dece0af331d49d5b0bc7da86cd13df0c2dabe08007cbf24
7c4e8b92a244d393b3e5673b98aad9dc00868ba21251c1729c029407faf75fe4
7d0bb20c632bb59e81a0885f573bd2173f71f73204de9058feb68ce032227072
7d46496177f660fe1c4d3b3be0361fefa1a4fc87665736441f5234ea8ee9c762
7d66a54fc06815fa5e8961b5ae3617c444d063d595e2dcbafa51692d31e24af1
7eec3429c76cb48e5fd457c5afb71b7cf34bc4298d53023bae8aea715443b4a9
83f2f162f1f1fd6ca3bfe7bd1898836ecaa17998ad6c7aef61574aeed93d7066
848024de6bf0935091bf5a92d31838baaaf4ec8712d784d15665adc4f2debbad
8621c908bc4b9e1cfdfa5066ab78bc730fcc9d766069a94d6dee83d9432bd5a9
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
894011cff758a43f1db57b26424ea2befcdc85b25e09c91e139040a22cb10e7f
8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f6bf9a7e788b82399d4b9969016affff0930e98855abf0a2daf1758b7fd74bb
90ace795b6c423dc484fcbc9a1ca50a93ccc8aa1576281614140267e3dd8972f
90db7c2929c1f8fa3cb7be282e5c88ce131312749bb86d8eed33f6757e57f772
914cb6fe13efdf97379c1a2910d677144821201ff3f41b67a5a6ddb367e1a27b
92fb9569dc9bbfdd1c4cc92443f58ad7f167ea26698b6cfd2afc27f23557d08f
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9ab2aae1e13e9678b5ff7477eb2376325e1793cd3dceeed0b980d6c59522828c
9ac5a7ed180980e32f7784d9aca819bc93d7906f2d17f24070433983b5f4728d
9bf56402c4167ccf7dfd6ba1783ea7d1f1e8268b994e902baea81c08d760141a
9d3e1247c76eb8b5d2b41912f5217de0671dc1dc4531007be84deef3a243b6e2
9db5fc91e31f36b34b2872f37d8c00d7a81b0db6e80ab6a27d7d6481fce74761
a111847773603814929227bb267257735082f898c9a07c5744abbc3aa73c7702
a19a356741e542145b8c793af8228b24fe2a829d0c23c77c3c104b192c1c45bc
a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a
a3024b9f4a8863af77a271745a863f6241c1724ba82c88ee694792de008b556a
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a44b1d47983a8562bab76664d05f8800b11ee06e0a0a3aaae142ec8c89c0edeb
a44c67ad48150dc4745ca595da26655daae23bfa31d299a7517c33748d508cae
a4935d49528d0a5a6b2444b81c23246aac70cb7a9a7d64e2da2af33aac28611f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a7285db1c855187b821a318bf729d08dec8c3cb85f19e1597546ca23b128d322
a7bfe74e6643f22462b0bffc103f5924bfa37af73591083bbde3d7f55481ce51
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
acdfeef4dbf434400b81b41be1a48d2fa4413cfe10c69e6c51c54eb0e0bc0028
ae5e8b709455fcc6d0c794c6dcdadef5d38438725e865856d35d6a117ce8b525
b19897128e6aa39128ab5fe0fc2b66e5acb18a3b7f25e6d8846dd66ff493109c
b29c0b514b41b8d4516d064df803cc2afa876f3b118b70599f794d38188c0ef9
b3aa396fc08152729e5b206dcdfb606b11b42f02af2590f7ac83aecae7117342
b47ee432dbda4c2c625d166765b2b8ecff93bd756ee9894c462dc55dd318f9f8
b637638d704015822114b8c9c1f726b106517e106b5fca956dcf4ea3148126ad
b6dcca3034056688691afb759a5900f22c16648c2f09bbc17b02afbf859d2de6
b798ef77c3558af3959789f8f6233a7f75ff146fc58f8e84711269273fd96b44
b808d20a01170f042d1d5dca1f9fced55f903f08d82a7bdc6ab4aefc3c5bb5e5
b9b96598f0b6470d52fd17071c222db4789317b004831514068e5595f05eb91c
bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776
bf817ee4b2d4e9d98e05e1382d295f8f10fef43770cd4e291d924a5d0afc8cc2
c02ccf4ffd38f6e1602a17e22029a37e1827a19cc5b202d5268c4f9c9336a38d
c1c42f45da54765aa915024a623907d2385b01f343c09077a5474cdff66b6e26
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c34e73186f6a6a8b0e0482f529be8e90ab6b07d53c01f1ef3a28e413fa85e579
c44efbaab5184754c309dcd0f271735760057b8c4046d3dc2ddfa00708e57a79
c7b35faae42c46d4a913d6e41156eee44be4f4b7cb84871c95752c901b801e74
ca7a013acd7bc1d7d1af8726274c7c9248318846ac1eed864faf22656ba4d6f3
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
ceb731414616837d5947ccd22c0f009ddc9cc7b4730a4932f9debde250e9c471
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d9788f957a0264a11cf4beeac5436e49aa2b908d80c60bcf6681a4e4e8113318
e13491499f5b076127246b7d73d8a4e086307134f138d0bf66655bd26eacc7a0
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e2d3127da85763e024971c6192f78becbdf85db231b3d088c9f8b3777d444ede
e3aa0ccb74a520019e2601fc9cad1e98c2846dc3e9fab60e74d8f28683bcef3b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b51420d0d2ec905c232e07b8c28926305a18268dbc98e5134b0d172e0f340c
e50d3dd8e1f14b5612ca7799331c4163fd8187a7a5743d263047097dfaba4a8b
e9d9c73303f3f01bf623e1a7f11a44b2d1a9c1c0ed263cbde30afbbc786e6fa8
eb71fa34962dd68703df6691338fa645cf32299171e17c74be69c55812efbe3c
eba2d386b23a126e2b122d66babab2f09b90adc529493a03f76753771a5ee34b
ed0791d2019df55609fed92dbd4d8ecef07c3e556aca283d7a8e1aabdfbdfef4
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
ed94e877dcb52ae51c841443f23b8d94c3246ac18f6bcc2c444c49d212892a8b
ee73651d51311ef85ca5d9810ca5ca347137d22390001b85bff3f879edd7489f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4241710e57486ad91102e31823e855469608e1aea362f1f0e059609c9eb9a56
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47
fd568a8b0d074aeadb25ae810b259482006b6a44fcce6027bf37c019942f985d
fe65e8f74381d5afc5a63c298f62b26c4b68531e9e2792e6fa63f4af24842596
feb53de7103cfe17c2e2a4468dfd1c7c54250b52f433f033b16f1dc89e4d5de5
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

www.heralddemocrat.com Open in urlscan Pro 66.148.122.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

230 Requests

90 %HTTPS

39 %IPv6

57 Domains

81 Subdomains

51 IPs

5 Countries

5624 kBTransfer

11241 kBSize

18 Cookies

20 Outgoing links

Page URL History

Redirected requests

230 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.heralddemocrat.com Open in urlscan Pro
66.148.122.12 Public Scan

Screenshot
Live screenshot

Full Image

230
Requests

90 %
HTTPS

39 %
IPv6

57
Domains

81
Subdomains

51
IPs

5
Countries

5624 kB
Transfer

11241 kB
Size

18
Cookies

230 HTTP transactions
5 data transactions