www.heralddemocrat.com Open in urlscan Pro
66.148.122.12 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://heralddemocrat.com/
Effective URL:
https://www.heralddemocrat.com/
Submission Tags: analytics-framework
Submission: On April 22 via api (April 22nd 2023, 12:40:45 am UTC) from US — Scanned from DE

Summary HTTP 233 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 57 IPs in 5 countries across 39 domains to perform 233 HTTP transactions. The main IP is 66.148.122.12, located in Seattle, United States and belongs to HOPONE-GLOBAL, US. The main domain is www.heralddemocrat.com.
TLS certificate: Issued by R3 on February 28th 2023. Valid for: 3 months.

This is the only time www.heralddemocrat.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 40	66.148.122.12 66.148.122.12	14361 (HOPONE-GL...) (HOPONE-GLOBAL)
3	2606:4700:10:... 2606:4700:10::ac43:2794	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	207.228.225.157 207.228.225.157	14361 (HOPONE-GL...) (HOPONE-GLOBAL)
20	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	104.17.186.220 104.17.186.220	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::2014	15169 (GOOGLE) (GOOGLE)
11	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
14	20.40.202.28 20.40.202.28	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1	130.211.10.17 130.211.10.17	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	65.9.66.104 65.9.66.104	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:2250:b200:a:e047:752:b361	16509 (AMAZON-02) (AMAZON-02)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
11	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:d::4 2a02:2638:d::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
2	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
2	162.19.138.118 162.19.138.118	16276 (OVH) (OVH)
2	54.246.170.47 54.246.170.47	16509 (AMAZON-02) (AMAZON-02)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 4	2620:100:a005::d 2620:100:a005::d	19750 (AS-CRITEO) (AS-CRITEO)
1	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a02:2638:d::13 2a02:2638:d::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	18.202.146.245 18.202.146.245	16509 (AMAZON-02) (AMAZON-02)
7	3.248.64.182 3.248.64.182	16509 (AMAZON-02) (AMAZON-02)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3	74.119.118.149 74.119.118.149	19750 (AS-CRITEO) (AS-CRITEO)
4	20.150.38.36 20.150.38.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2014	15169 (GOOGLE) (GOOGLE)
3	2600:9000:20e... 2600:9000:20eb:9400:a:deb0:3380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	130.211.115.4 130.211.115.4	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:1901:0:8... 2600:1901:0:8344::	15169 (GOOGLE) (GOOGLE)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
17	2600:9000:225... 2600:9000:2251:d600:1a:5235:f980:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:440... 2606:4700:4400::6812:220a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.120.58.62 34.120.58.62	() ()
2	13.224.192.181 13.224.192.181	() ()
2	2600:9000:249... 2600:9000:2491:5400:1:6448:6d00:93a1	() ()
1	185.64.189.112 185.64.189.112	() ()
233	57

40 66.148.122.12 (Seattle, United States) 1 redirects

ASN14361 (HOPONE-GLOBAL, US)
PTR: sagemt.com

heralddemocrat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.heralddemocrat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
web1.etypeservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::ac43:2794 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 207.228.225.157 (Ashburn, United States)

ASN14361 (HOPONE-GLOBAL, US)

analytics.cherryroad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.186.220 (None, )

ASN13335 (CLOUDFLARENET, US)

www.legacy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

japfg-trending-content.uc.r.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

assets.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 20.40.202.28 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

publisher.etype.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.10.17 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 17.10.211.130.bc.googleusercontent.com

www.justapinch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-104.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:b200:a:e047:752:b361 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.118 (France)

ASN16276 (OVH, FR)
PTR: ns31533569.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.246.170.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-170-47.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:100:a005::d (United States) 2 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:2638:d::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.202.146.245 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-146-245.eu-west-1.compute.amazonaws.com

trends.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.248.64.182 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-64-182.eu-west-1.compute.amazonaws.com

yeet.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trends.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.119.118.149 (United States)

ASN19750 (AS-CRITEO, US)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.150.38.36 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

etypeproductionstorage1.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

japfg-trending-content.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20eb:9400:a:deb0:3380:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.ad-score.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.115.4 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 4.115.211.130.bc.googleusercontent.com

data.ad-score.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:8344:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

lexicon.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2600:9000:2251:d600:1a:5235:f980:93a1 (United States)

ASN16509 (AMAZON-02, US)

live.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:220a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.confiant-integrations.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.58.62 (None, )

ASN- ()

www.americanhometownmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.192.181 (None, )

ASN- ()

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2491:5400:1:6448:6d00:93a1 (None, )

ASN- ()

video.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (None, )

ASN- ()

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	heralddemocrat.com 1 redirects heralddemocrat.com www.heralddemocrat.com	1 MB
24	googlesyndication.com 0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 177 pagead2.googlesyndication.com — Cisco Umbrella Rank: 129	415 KB
20	revcontent.com assets.revcontent.com — Cisco Umbrella Rank: 8927 trends.revcontent.com — Cisco Umbrella Rank: 2610 yeet.revcontent.com — Cisco Umbrella Rank: 9504 img.revcontent.com — Cisco Umbrella Rank: 13291 images.revcontent.com — Cisco Umbrella Rank: 10002 cdn.revcontent.com — Cisco Umbrella Rank: 10383	146 KB
20	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269	224 KB
19	primis.tech live.primis.tech — Cisco Umbrella Rank: 3581 video.primis.tech	715 KB
17	criteo.net static.criteo.net — Cisco Umbrella Rank: 763 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 9652 csm.eu.criteo.net — Cisco Umbrella Rank: 6433	264 KB
14	etype.services publisher.etype.services	105 KB
10	criteo.com 2 redirects rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 12727 ads.eu.criteo.com — Cisco Umbrella Rank: 6413 gum.criteo.com — Cisco Umbrella Rank: 442 cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 7993 mug.criteo.com — Cisco Umbrella Rank: 1686	62 KB
8	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 143	143 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 238	317 KB
5	ad-score.com js.ad-score.com — Cisco Umbrella Rank: 6152 data.ad-score.com — Cisco Umbrella Rank: 5965	158 KB
4	windows.net etypeproductionstorage1.blob.core.windows.net — Cisco Umbrella Rank: 543956	317 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 3166 google-bidout-d.openx.net — Cisco Umbrella Rank: 3148	682 B
3	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1550 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1323 id.crwdcntrl.net — Cisco Umbrella Rank: 2256	12 KB
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1319 id5-sync.com — Cisco Umbrella Rank: 612	18 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	2 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 91 region1.google-analytics.com — Cisco Umbrella Rank: 1718	20 KB
3	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4642	27 KB
2	amazon-adsystem.com c.amazon-adsystem.com	59 KB
2	confiant-integrations.net cdn.confiant-integrations.net — Cisco Umbrella Rank: 1925	105 KB
2	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 4649	315 B
2	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 725 hbopenbid.pubmatic.com	65 KB
2	gstatic.com fonts.gstatic.com	80 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 130 www.google.com — Cisco Umbrella Rank: 16	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	120 KB
2	appspot.com japfg-trending-content.uc.r.appspot.com — Cisco Umbrella Rank: 152613 japfg-trending-content.appspot.com — Cisco Umbrella Rank: 98117	4 KB
2	cherryroad.com analytics.cherryroad.com	2 KB
1	americanhometownmedia.com www.americanhometownmedia.com	103 KB
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 451	395 B
1	33across.com lexicon.33across.com — Cisco Umbrella Rank: 1915	255 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 344	5 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 3353	8 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 3991	2 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 4083	2 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 474	1 KB
1	justapinch.com www.justapinch.com — Cisco Umbrella Rank: 64023	22 KB
1	etypeservices.com web1.etypeservices.com	14 B
1	legacy.com www.legacy.com — Cisco Umbrella Rank: 28137	17 KB
0	rlcdn.com Failed api.rlcdn.com Failed
233	39

	Domain	Requested by
38	www.heralddemocrat.com	www.heralddemocrat.com
20	securepubads.g.doubleclick.net	www.heralddemocrat.com securepubads.g.doubleclick.net www.googletagservices.com
17	live.primis.tech	www.heralddemocrat.com live.primis.tech
16	tpc.googlesyndication.com	securepubads.g.doubleclick.net 0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com tpc.googlesyndication.com
14	publisher.etype.services	www.heralddemocrat.com publisher.etype.services
11	static.criteo.net	securepubads.g.doubleclick.net ads.eu.criteo.com
8	lh3.googleusercontent.com	www.heralddemocrat.com
7	www.googletagservices.com	securepubads.g.doubleclick.net 0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com www.heralddemocrat.com
6	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
6	yeet.revcontent.com	assets.revcontent.com
5	imageproxy.eu.criteo.net	ads.eu.criteo.com
5	assets.revcontent.com	www.heralddemocrat.com assets.revcontent.com
4	images.revcontent.com
4	etypeproductionstorage1.blob.core.windows.net	www.heralddemocrat.com publisher.etype.services
4	gum.criteo.com	2 redirects static.criteo.net
3	js.ad-score.com	assets.revcontent.com js.ad-score.com
3	mug.criteo.com
3	trends.revcontent.com	assets.revcontent.com
3	fonts.googleapis.com	client www.legacy.com live.primis.tech
3	static.addtoany.com	www.heralddemocrat.com static.addtoany.com
2	video.primis.tech
2	c.amazon-adsystem.com	live.primis.tech c.amazon-adsystem.com
2	cdn.confiant-integrations.net	www.googletagmanager.com cdn.confiant-integrations.net
2	data.ad-score.com	js.ad-score.com
2	oajs.openx.net	1 redirects www.heralddemocrat.com
2	id5-sync.com	cdn.id5-sync.com ads.pubmatic.com
2	esp.rtbhouse.com	invstatic101.creativecdn.com
2	fonts.gstatic.com	fonts.googleapis.com
2	0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.googletagmanager.com	www.heralddemocrat.com www.google-analytics.com
2	www.google-analytics.com	www.heralddemocrat.com www.google-analytics.com
2	analytics.cherryroad.com	www.heralddemocrat.com analytics.cherryroad.com
1	hbopenbid.pubmatic.com	live.primis.tech
1	www.americanhometownmedia.com	www.heralddemocrat.com
1	match.adsrvr.org	ads.pubmatic.com
1	id.crwdcntrl.net	ads.pubmatic.com
1	lexicon.33across.com	ads.pubmatic.com
1	www.google.com	tpc.googlesyndication.com
1	cdn.revcontent.com
1	img.revcontent.com
1	japfg-trending-content.appspot.com	www.heralddemocrat.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	csm.eu.criteo.net	ads.eu.criteo.com
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	cat.fr3.eu.criteo.com	ads.eu.criteo.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	ads.pubmatic.com	assets.revcontent.com
1	region1.google-analytics.com	www.googletagmanager.com
1	ads.eu.criteo.com	0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com
1	rtb.nl3.eu.criteo.com	www.heralddemocrat.com
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	www.justapinch.com	www.heralddemocrat.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	web1.etypeservices.com	www.heralddemocrat.com
1	japfg-trending-content.uc.r.appspot.com	www.heralddemocrat.com
1	www.legacy.com	www.heralddemocrat.com www.legacy.com
1	heralddemocrat.com	1 redirects
0	api.rlcdn.com Failed	ads.pubmatic.com
233	63

This site contains links to these domains. Also see Links.

Domain
www.legacy.com
publisher.etype.services
zrecruit.cherryroad-media.com
mainst.cherryroad.com
japfg-trending-content.appspot.com
smeagol.revcontent.com
help.revcontent.com
www.revcontent.com
cherryroad-media.com
www.cherryroad.com

Subject Issuer	Validity	Valid
heralddemocrat.com R3	`2023-02-28` - `2023-05-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-04` - `2023-06-03`	a year	crt.sh
*.cherryroad.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-10` - `2023-11-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.appspot.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
assets.revcontent.com R3	`2023-03-13` - `2023-06-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
publisher.etype.services GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-13` - `2023-07-13`	6 months	crt.sh
web1.etypeservices.com R3	`2023-04-09` - `2023-07-08`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
justapinch.com Go Daddy Secure Certificate Authority - G2	`2023-04-18` - `2024-05-19`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-02-28` - `2023-05-29`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
cdn.prod.uidapi.com R3	`2023-02-25` - `2023-05-26`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-03-30` - `2023-06-28`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-14` - `2023-06-09`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-03-04` - `2023-06-04`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2023-03-20` - `2023-06-18`	3 months	crt.sh
*.id5-sync.com R3	`2023-04-18` - `2023-07-17`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-22` - `2023-06-25`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-26` - `2023-06-29`	3 months	crt.sh
revcontent.com Amazon RSA 2048 M01	`2023-02-14` - `2023-07-16`	5 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.blob.core.windows.net Microsoft Azure TLS Issuing CA 06	`2023-02-18` - `2024-02-13`	a year	crt.sh
*.ad-score.com Go Daddy Secure Certificate Authority - G2	`2022-09-02` - `2023-10-04`	a year	crt.sh
img.revcontent.com R3	`2023-03-13` - `2023-06-11`	3 months	crt.sh
images.revcontent.com R3	`2023-03-06` - `2023-06-04`	3 months	crt.sh
cdn.revcontent.com R3	`2023-03-09` - `2023-06-07`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
lexicon.33across.com GTS CA 1D4	`2023-04-13` - `2023-07-12`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.primis.tech Amazon RSA 2048 M01	`2022-10-24` - `2023-11-22`	a year	crt.sh
*.confiant-integrations.net GTS CA 1P5	`2023-03-27` - `2023-06-25`	3 months	crt.sh
www.americanhometownmedia.com Go Daddy Secure Certificate Authority - G2	`2022-05-12` - `2023-06-13`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://www.heralddemocrat.com/
Frame ID: 09DE1FA165FB109FB8C22766C2DBE710
Requests: 128 HTTP requests in this frame

Frame: https://publisher.etype.services/special-editons/C6FA55C54659D987
Frame ID: EFF95CE81845C86F86330B9CD5EDA2ED
Requests: 18 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: E95E5977941F17DDC59C3201001AF40A
Requests: 1 HTTP requests in this frame

Frame: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1CEAAD86A1D63BB8126518B9AB6E0B5E
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv1gr3rigUz-VEG5pzfmPaXKdXGRIIztux7CoJtK9VDdTFKQBERU1GmYDdc-YFwc-TNu5txLiKBc8PN0wnSFl3fmyiO7lQcW4q890GN0FrM5Pms9p7oUUiOaAXzMTE0Hq96QjIUhjhTgzBzD-Tx1qLUk4HIGfBmwqyVqNIeWPSc1HHgyAd55aZxja3h_f2OnS6Ppbor2jwOrcpkbPK3GVA5shTYr9DSnbleqdyfihd9HPkKQHWO_ql-8xaJxDef-EDPBDZXB22zvTAqRc562zt9f-8DypY7vDorGUkf6fwvLXNlMR3XlwoT3zGn7Eg2y_YT366nxHLdZMyhfgyI8fD77F8&sai=AMfl-YRAccHDXng-MkeRThFTIr3aG35o7d-PMoWmvNSbj41M3vFKsLr0Jv9dfDfEzEe4dcgKl1a4e6gD_8rrmX3RRBl6uBb88DbvS1K_RJU7mjKYneye9cySryNClvnQAIET2w&sig=Cg0ArKJSzD-IARdmZ-7UEAE&uach_m=[UACH]&adurl=
Frame ID: 57AADE86ABC5722C4158CE80D3E8577C
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssCR60IoA15he_LcOB_wNhgldviHMyU-ZUwyQ0Z_HRkF9Oh4GbemZf4y_uaQrpl7Z6xUefZg51dyjh_c4YZs5lvc3PZD1MpBC54UHMemTTOBMOMjlgniWEhb6sfkxD1a2ePCUUs3Ae-Bdv70lxm4ejRomGs3myF-2PXFUNNLfG9ez9Bo5RKBKl51hJ5w61A4klBY2dWA8J-JCGz3ENvNYJ0NKtL-hAcZFCCccvVvH7YAHLDbrvem_oAnztmsvlZ8IxDGA9rgwtEBPk1Q_ZMvkBKMNa_LCeE_rpaEfPX5OY2FJWLL5C1VAnzmLmPRkbmKI9IEiJ6NGXXDQn9mjxABYM-qxI&sai=AMfl-YS9mTMy5ANCVB9hgYYgOsAqp1jlFDz11L5cWK8REVeEv6d1jLZG9SHDrDdkj2nP3RKDFeI5JqXhZPtZpqpnDlQ-z19_o69A-PRXOtjhHE7SiJDnulV6aRKhZ1SdFJbAmr_5K-Pw7EHecojQ_Dg&sig=Cg0ArKJSzBZlQ_dvL9YSEAE&uach_m=[UACH]&adurl=
Frame ID: 41329D712DCC43AC108AD3E63C436332
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsspYHdf88VWD-BmY3xGRYBd2OtpsaT4mVlGwQevPEfTSKDiHxETy8yq87-jVrZWM2EJTnJU39sKH7Z8-JhobFhJBEPV3vfIti1Eg-TLSIhDn8zuYNtqmLwAEg_h8WUTkQo6a6a4gWqdU8ucn2QBiqdWEvyx6AYDxc9jHPxQcHIPuZJO4pkrCJJDx1s69TM3BaHY8mp0tKV-_o2FbQS7va-SK2wRuvYoB_2LysYMfemAsEJwPDTGw89Xl0xIWAfSU8doOZXp4rKDTky_WNi-O0ZrYMSNoACfPvOCkkL5johidKy9H_CzToiXTdyrlrGIcaSC6iu6ifgmgX0hhedHeszvDdMmdA&sai=AMfl-YTDzLHcV91tyC7oOJj0DWGWjf2kZ_gdqzwwBZS4b40jpif5J2dDCIa9FostDDiAWDP1Jq1P1Tc1P1iMatytdGX4x8ss1uUcCSze1NWItxS0-3pVaxCbDYy7ycqG6fg4RWOMtO90N4xe7C5C02c&sig=Cg0ArKJSzLHFezAD_8Q5EAE&uach_m=[UACH]&adurl=
Frame ID: F765C077E568729484808BF7174249B5
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuhRHgLYsoXB8RijdrEIfm06VhPN3JnVN2l6lKUjntyreCtH778g-MGuvwPJhc0CIW9tP4kgLnIQgGSDfmaWRhLEPGNRIM2vpC5eyicnNmw3OqQE0lk35N89_TMec01NRvdgdDAjoetYYi9pgj4Sizwg0NxnomCPOWzllD0EVU_gabrv_WJo5nMop6stB7FHvo038EgZAHeJBlBiDWwYNE5d3iorB2Jpirnq0opifhz39Egb_ONCUdz0-Yvapz4Dx6LMfqQZOsq7SgZ5T6K56P2hgwubmNkc8DQ2t4w91W_BwufHiR_F5itd2Wz1OAChm4LymhxE_wVwa929TtPw4He&sai=AMfl-YQJp1d1RX23O0kKbdI9gNObHeQ8m7Py267ZG_lIZtgTzCHFKLghXNev-c4MCO1iPMrRj6X19VZdKniIHGejEWq7iFWvBKvvC6mTTIurdgwA47d2KuqrhUJdAZ2f1kUZYkxM6zcZczX8y6v3Kqw&sig=Cg0ArKJSzOlAURHOZ15hEAE&uach_m=[UACH]&adurl=
Frame ID: 9A31F90D4434A46079655152F31608FD
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssca75IV7XYtyPtsmWnD2LowNiP2k_8BbTrfbekXwlqASSbZ2X0XnG7VETA-OvW1t8qK_5uzgBlEWvlk-L-LwnRKXlTQSiEHZvjOf6CUrIz-W0RScmm933Fyw_QB3l53TFGddLA0gXyo-c5Uykeq2DTvDWXTxcnACWAhFEGI-3wBQwI3mmzacvZlD5gTlu3CHabqZzPpyJ_4bvvV93jHmJBG2kyh7EY9gpXVUtrtosGsPlgdYnLzx6OWpaTE2_C7xJVTh25xQMLrcggB5wSuL_iXWiyZkmxw9zMgBmBa8ffPA01IqP0j7wV1seMMDcFy83plm3kC4cc8CbYUuOQwSY&sai=AMfl-YQQ-J3ToTjFz1w4qHvS_Eko49ZWs26W1XoXihvgGAT0kLaOzM1QGAIntC3fnxUMqL_UJx6bITgKa64VauvPpob-M84ZaJ_2ysVgHWYrrZPt5cBAGbL6lkHIOQq9bD6GitElSC_TokW7wdMlHNw&sig=Cg0ArKJSzN4XCD5Q9ZDCEAE&uach_m=[UACH]&adurl=
Frame ID: A4A59881ADE3FB77BACC1A86D9D70B49
Requests: 7 HTTP requests in this frame

Frame: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 80ABBA8B0F022F134A530C450DFCDAC3
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEMtBgALGrUIu8h5AAdAk6YDGj_Uo6DdkpU3mw&u=%7CB1qztyg3%2FnaP7W5RWdn%2Bcg8w41BkslWlHEafvrQFaGU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZetDT5vPMn_ZEYZgNxwU-bKOhxqqVnzPEn-gi7Cxt4Ao3-dK85QHHPLVWeT1jWsfkiZSYTGJnSuVxllT2NNzUUHkZsEkvDHvQo9v5Ca-azQCtmAMra-hJk6VL6infGN0BzanldH73zH3osrmdE_rjrnAKfrQVicQUARY3WnQ6tzwdWwrIX1HEMzBKK0huSRgT3dMIGIJ4Mvnnz_s544D4IixsqRFESTZBhmUbLskrLrc5Z98RzNRHwZu5ZRB2BybJ2WrzkKa-BvTiCCny2SFYscPcAkl642j60OboRbe5oosGjNE2EgizlDpJ1Oiu2STLJmOaGuWokY0nVlJwAWSSblecMmu6KGOnRbL2_R9L66ePtMCt1xQssRuRMiM1p4pC0bl5ChyoqmRgMw3rPoXvzFksFla8B-f2-hgfVQTIDxNlUpOYbXVBrsHaoPAXvlHwNONKX_cHmqD1RLVIhgD8fcqGbfmSYM37ujl0khxyTT9rb7FvK9aZShEgivr0oXro0mK8Ij34FiIK2wI06DUFMg7-h8I5LQ-nsJHFFKL4GrLc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC35w5Bi1DZLW1LPmQ7_UPk4Gd6AzJntKxXNWdkfdwwI23ARABIABglYKAgLQHggEXY2EtcHViLTYwNTU4ODIwNjM3OTUzNDnIAQmpAgnD8hxgbLI-4AIAqAMBqgSnAk_QcrpItglybDIbkWZD7klmULVBKcupM-lEPzQnP2OGhiULTQEpV1_Oy3dSlkhtGUOwhVNsPQiK76zsQ8d_vq3WfvAllEmZ5gocb8gtyL8qSFT5nGN5vXeOs8cYqJUXSivNF9nW-Uxell3QdAsMahKoOGU_mrdSGnKPCgfjk8IppScWzW_m9sIthtzU4a2JtblG8NDu6Z4sky7hJl0pEe8GOZGv9bCGijvPKqlKg7PNo_4XrLLTShfuZ3axN5YcxXhdEcsrrUdVrjMg1oSWXmcjplEvAOLmhGTg5GPzgXDoKV_jn2QssxSS67L2mrtvSqiyO-IIUtC_F0BcnSB6-da50NJg2TXJ0BPcpi1hX5uee34lJgLnZpA_VibheAIAT3_shq9bQZXgBAGABtyKgb2Ag8b3tgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3KM5nCEGUcYd3B3H0Zoz1uFNekvw%26client%3Dca-pub-6055882063795349%26adurl%3D
Frame ID: E52E7DBDDD692343155E6E31245D02D9
Requests: 19 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.heralddemocrat.com
Frame ID: D826EA00EB3208E787AC06CCB8E85F52
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: AA2DC54B268C256E276C2BA812D28A4F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 31B266E3D7E5CA622C18A882666D2A59
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5D75B75D72AF1109B5423D8DA6B2D7D2
Requests: 2 HTTP requests in this frame

Frame: https://js.ad-score.com/x.html?v=5b851bf&pid=1000177
Frame ID: E45C850D4C9865C1271BDC803C0F37C8
Requests: 2 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682124044&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Frame ID: DCE3E1B129B44E701858E640CB42089B
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Herald Democrat – Herald Democrat

Page URL History Show full URLs

https://heralddemocrat.com/ HTTP 301
https://www.heralddemocrat.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

233
Requests

97 %
HTTPS

55 %
IPv6

39
Domains

63
Subdomains

57
IPs

5
Countries

4795 kB
Transfer

11121 kB
Size

23
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.legacy.com/us/obituaries/heralddemocrat/browse
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://publisher.etype.services/Herald-Democrat/Classifieds/V2/Herald-Democrat-Classifieds
Title: Classifieds

Search URL Search Domain Scan URL

URL: https://zrecruit.cherryroad-media.com/
Title: Job Board

Search URL Search Domain Scan URL

URL: https://publisher.etype.services/Herald-Democrat/Classifieds/V2/Herald-Democrat-Legals
Title: Legals

Search URL Search Domain Scan URL

URL: http://mainst.cherryroad.com/
Title: Main St

Search URL Search Domain Scan URL

URL: https://japfg-trending-content.appspot.com/click-dug.php?a=%2F&f=10254&p=/recipes/dessert/dessert-cake/old-timey-caramel-icing.html&s=10000&do=www.heralddemocrat.com
Title: By Renae M. in New Albany, MSOld Timey Caramel Icing

Search URL Search Domain Scan URL

URL: https://japfg-trending-content.appspot.com/click-dug.php?a=%2F&f=10254&p=/recipes/salad/salad-pasta-salad/best-macaroni-salad.html&s=10000&do=www.heralddemocrat.com
Title: By Anne J. in Best Macaroni Salad

Search URL Search Domain Scan URL

URL: https://japfg-trending-content.appspot.com/click-dug.php?a=%2F&f=10254&p=/recipes/bread/other-bread/the-best-crusty-bread-dutch-oven.html&s=10000&do=www.heralddemocrat.com
Title: By Pat D. in Saginaw, MIThe Best Crusty Bread (Dutch Oven)

Search URL Search Domain Scan URL

URL: https://japfg-trending-content.appspot.com/click-dug.php?a=%2F&f=10254&p=/recipes/dessert/cake/oatmeal-cake-12.html&s=10000&do=www.heralddemocrat.com
Title: By Jolayne C. in Americus, GAOatmeal Cake

Search URL Search Domain Scan URL

URL: https://smeagol.revcontent.com/cv/v3/Zj3ZRAjqGAe7BtHkOG8wOkx8suNHiWgZFU2mHQCInEXkaG7bbOoq69YYe2DEA7U7vgQDWTQ1zssgbYY9jdoGjWV8ZWu-fZ6ggepG8uYW3UrL_JvedRM8GDygdscS1e6007Wlmi6YcmSzUcfofHUeo5KFLkBvx2mfC8Q0qkJocF1KM_lzAW3VAj_3TgaVIZjJMeQ6kyfSKa4w8N10Jk5Xu2BAEgbNeQ6wpEySVSj75MCKsin45dVV6aCiHtj-PIxmAKEcCcZOGq-wWNtvuPAnLdZpxQ_hwYCWvIMyFjtbb9LH7UWoByfASZb3OGeJQh0fMt8dV36zohyRwJN4ntEGUcgb7It7yP1vcGYFTfgdC9ddYIJD63zauqTdvDv9y2MPsycYHbiXJCqtRqK9T8yhVUJjjJJdubUy-n6rYkVtM5PYE4--vxcVUj88_nuBM4ZEDMlXBxGnFEOZzgH8YYjMOGC2hqapjXN1xoH5JNDt0DVe0wX9OYn2HJIyq7T15ViwiVKjVqlDvFTBppd6vsaduf96EbYE27PiJd-fTtY_8c7cQ_d2xOfxGjiNqw0nBawb_ADWQMVFAL6_qh56XBL3lum-QSehMRnRVjFLh7pgpiva-l7Vl-mjkX3BbFQkOin3Wk7Dp3pXkwBz7QqK3kHKq4EM3ZxYDjXhrxS_Xl5vEGfLPnl8P5__D8xdH9dMIOf6f_GrOpzooShDSRY4KkcW59-ZCj8unPFG8fJi?p=GgFDMIfajKIGOiRjZTk4Y2E4My1iYWE4LTQ2YTAtODk4YS00NTU1ZWVlMTIxMjVCJDFjZjA4YjhmLTZmOTAtNGE5Zi1iMjE1LTViZmU4ODA5OWExNUoMd2hpdGUtd2Fsa2VyUIPWCljH5hBiEmhlcmFsZGRlbW9jcmF0LmNvbWoHZGVza3RvcIoBAzF4MZABAdgBso7wAaoCDDgwLjI1NS43LjEwOQ
Title: Wollen Sie hundert Jahre alt werden? So reinigen Sie Ihre VenenCardioBalance

Search URL Search Domain Scan URL

URL: https://smeagol.revcontent.com/cv/v3/HZDGMUW8n80P16OWrmkEIuls2ZV_merrDCqWvzOkdQV52Xg92wx89TWpHoph_xMBvdU6ZuokJNp00cgwNay9BKiHABU2pmguu4RQSTaaq7I6Z_QHcbXFhK78iITQtUFqGjaBEC4QaYHUJ2iCd5LffG3c5B-PpfdTHSLKS6OfDDAa5eFxorDHux6wGUgjHJRHkzJ7YA2i8NGtZeuuN_WQcgeVELpRoNmod9Hlb9bNzIsMcdONHclUl30G-ekxnjARw6oDS_sbZexGY3b3lRGdx2UMRecgrvwNSbTR7k-WQVUCGTSGTeab-7ajmjqfI1kSg7MmG_b3mPzwcFH_Vofbl3MdAXQht5CxMZlSDFLh3soVXugYab-y0ghUB5gmvDUpTaVS_svsZU_UtZ4otdCkO7ctziSkQfN64wk3rRG8RH0CdhMmOiwXnAUKmjZDUObVu2-BOXi9DaLz05Z4NU3Y4HxLKl6tNgQD37C15Uhqvx4zuOV43KkvCX-0le6okCTLhnAG04mZU6OZlK2mmB8HmOhv3W8?p=GgFDMIfajKIGOiRjZTk4Y2E4My1iYWE4LTQ2YTAtODk4YS00NTU1ZWVlMTIxMjVCJDFjZjA4YjhmLTZmOTAtNGE5Zi1iMjE1LTViZmU4ODA5OWExNUoMd2hpdGUtd2Fsa2VyUIPWCljH5hBiEmhlcmFsZGRlbW9jcmF0LmNvbWoHZGVza3RvcIoBAzF4MZABAtgBso7wAaoCDDgwLjI1NS43LjEwOQ
Title: She Was a Huge Star Before Her Plastic Sugery, Guess Who She Is!SurelyAwesome

Search URL Search Domain Scan URL

URL: https://smeagol.revcontent.com/cv/v3/HgLcckFW0YCoBVho4w9s7dXBKZ6mhDrEygO4s6cXdbHSc-TLCPbhv4JfY6lrQveA-lo4rVgtztXmVf0DU8EXvqMD3it9Jl2ywgiRJiw3KtlAKVSFrf9nVAz83oIM5CEY5UEsfmx_o4N0lY91HFIfKWgk2iHzpfE8pFdYcfQxYZpARJlUBt2ziliK1n-HRB4S0L_ju9dfMnzSfUjCOz7rqIPnl7T_u2zCJ2ruNCifeCXt6M-Ii84wkrghpyDcFs4oycBqbZQXuSJmx38SbS-gS02kSZL5SLC_J1GijJFiO4pqI16bW0bgZqy6j5AIZoMYP0jmHKExbvRan9avSIVd8f3Ap_BlQy_i-ntxkTvviwyimZgUPjWNp5pfW4EjnPgAtrJzNoPJ_MFgSusylKnn9UasWMsFq4fgsd1Cg2pWaK7ZZnNN8ESYmPj2urCPgme1J8kUZFjviJUZAVJESRXzthBgq18J1uHj5am-q1E7k5f_9UXxwBI1OMNXpFctc5Z5Imcl-x2OiwmCZyi3icuPmzOiq5jWma5kxk3fOfiXbyYSv3cp_KbCWzJAH3Ph_wxm9SVLMnfMpCpqnKgwq9GPZeblC1NPpl3ngmmmWxoxOZhVLGDm2uc2qdUTCgMowxQmpmCHwvDohWl_Slp7mC2WZ-HAlsJGtXjdczK8uecIjKhSHcJhGyFyGhUjw8krhxeHo6vfHw?p=GgFDMIfajKIGOiRjZTk4Y2E4My1iYWE4LTQ2YTAtODk4YS00NTU1ZWVlMTIxMjVCJDFjZjA4YjhmLTZmOTAtNGE5Zi1iMjE1LTViZmU4ODA5OWExNUoMd2hpdGUtd2Fsa2VyUIPWCljH5hBiEmhlcmFsZGRlbW9jcmF0LmNvbWoHZGVza3RvcIoBAzF4MZABA9gBso7wAaoCDDgwLjI1NS43LjEwOQ
Title: Do You Speak English? You May Be Able to Work a USA Job from Home in DEOnline Job | Search Ads

Search URL Search Domain Scan URL

URL: https://smeagol.revcontent.com/cv/v3/UtYBF_mVy2mucoSHKNbWbWKVZn4Uq7v_pPXO8UykKlqYDB_pss1NRitU_zC6GAhztzDGGfEmJlok-cC14ANOobb5kyB3NZT_cG56Ox8hiL7SPs4z5TcDlhQ_ZAXPfi17fZ1NQAU57Aku8uJGAYXCqKkjTDvyqfiZs7R1EvQu7McAkjRx0SfoHuSM_2F0m_zmiywK7MJD3YfbdOsdeicmcg5YD1p-dr5N5Xb2_B3OqEGWA7QsZGVGx5sMowd6A-7szD1UQRG75_YXYRD3mR-JSA4EQl_ZFuMloWU_6zVCf4eU1rqi1Rn8FPW7kplD9PZ-efcSrsZksYKQJkHB_PFCCARW_oGbZiyw4WmpnjGh7qiEvoarIrTJXmfDz1ebKIz1r52uu-Q44crvOoiQrDtliVS8Anrcfv4iLBHm-WMmUEdETRXAbtyL2h4qM176_BZ7C6uU1Xt9ZKy7IJg81YTN8mRrw0UhQjfzCsWoYH4kve3vVlC3BFiMosFdCaga4tOjA_7VDgC1MJ65_9OfHkB5EdAkC41MC4OFR3TS1cJpMUF4dE4F2HRmKNsoBcFZmiWz8booCK0IdirxdEZhKIIMzTCoCZ3DjtJbVCFEtn2CtZQIhMm3qS1vx_Lyq9KM2t2PLpiTjAWvR_Ci_zt5FppmsigD7TFvNX7Gjjz1WVAYhBWc8P0zEQ?p=GgFDMIfajKIGOiRjZTk4Y2E4My1iYWE4LTQ2YTAtODk4YS00NTU1ZWVlMTIxMjVCJDFjZjA4YjhmLTZmOTAtNGE5Zi1iMjE1LTViZmU4ODA5OWExNUoMd2hpdGUtd2Fsa2VyUIPWCljH5hBiEmhlcmFsZGRlbW9jcmF0LmNvbWoHZGVza3RvcIoBAzF4MZABBNgBso7wAaoCDDgwLjI1NS43LjEwOQ
Title: Top 15 Der Gefährlichsten Tiere Der Welt, Nummer 1 Wird Sie überraschenActunimo.com

Search URL Search Domain Scan URL

URL: https://help.revcontent.com/en/knowledge/revcontent-privacy-policy
Title: Revcontent's Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.revcontent.com/popup?utm_source=ads&utm_medium=organic&utm_term=signup
Title: Increase Your Engagement Now!

Search URL Search Domain Scan URL

URL: https://help.revcontent.com/en/knowledge/fake-news-complaints
Title: Submit a Report

Search URL Search Domain Scan URL

URL: https://cherryroad-media.com/community-rules/
Title: Community Rules

Search URL Search Domain Scan URL

URL: https://www.cherryroad.com/cookie-policy/
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://cherryroad-media.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://cherryroad-media.com/terms-of-service/
Title: Terms of Service

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://heralddemocrat.com/ HTTP 301
https://www.heralddemocrat.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 137

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.heralddemocrat.com%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.heralddemocrat.com%2F&rid=esp&cc=1

Request Chain 165

https://gum.criteo.com/sid/json?origin=publishertagids&domain=heralddemocrat.com&sn=ChromeSyncframe&so=0&topUrl=www.heralddemocrat.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=dToGGXxnKzBlQnN0TzlVdTgxbWszbFdkRVZES2VXT1YyTzgvSE9JRW5BTWJpZWh5anVZNWZHdlVJeW1ZN1pXS0k4OExzNDcrVis0YnhXZDJtRnBvWk40YzdWcGpPUmVGYWgwOTdubUxqeWhOanRGM0FWRTc5UnRFTUFFZjV4QlFoeFVjVi9YMlRsUGdVVVhtTU1GVmpjWlowZlJoVk4vZWVNRGJqa1hXYlpYTGdudzMwaFdNSktKSHVrWUE3ZFBFc2RYa3NhaW04L01iNFFmczdzY3kzUG9tZXIwcFFpNHFYQkNBdzZUcGVrVlNaMkJCQzNFQ3NkdXg5TGN0RmVaNFFYVmtFbTJKdndtRkd6aVA5M2I2Vm5EV09YM2xhYW9TUURIY0tGbjRyK0NETTEvaz18&cppv=2

Request Chain 205

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&domain=www.heralddemocrat.com&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=g5JfUHxFSWtGTHgvMEZBQm5rN2dOQ004NkRUR2tOZjMyVFdKOVIxTE1QVDljYXlSWllWcDZ3Wmp6R1Q1L2tBZW1PYW9Pc0I1K0tMTnlaMDFuM1lVVVR4N3NMUkhod2hPZ1VORzFhQnN0anpITEYzOFU5U3ZlSFpqYmdFbkN5Wkkwdkx5a0NUcVBHa3oyd3h2RWtSZEVCakNvTkRCaUVZa3BFaTRJY2NWRXVFQ1RRcFFSQ3U0ZDB6L1NXcVJvam9ib1NNdmQ4Q2FRdmFxL3pIeE05cGFJRC9PZUlTNERad1VvM29mNWF1MzFJU1R4QWVEYVN1VzhKeXVSUk85cG5tQjlMLzBaN05jQnE2c25pNGVvMVBpdTJLSWdkbGhzNFpORkhVVlh2bC95UXFGVjYwcz18&cppv=2

233 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.heralddemocrat.com/
Redirect Chain

https://heralddemocrat.com/
https://www.heralddemocrat.com/

138 KB
28 KB

2540ms
2341ms

Document
text/html

66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

bad8eb282257b8c03cd4d06ee89dbfcb7f49e7e81019c4bc52c20c461f51a1e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
content-type: text/html; charset=UTF-8
date: Sat, 22 Apr 2023 00:40:36 GMT
link: <https://www.heralddemocrat.com/wp-json/>; rel="https://api.w.org/" <https://www.heralddemocrat.com/wp-json/wp/v2/pages/851>; rel="alternate"; type="application/json" <https://www.heralddemocrat.com/>; rel=shortlink
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
referrer-policy: no-referrer
server: nginx/1.18.0 (Ubuntu)
strict-transport-security: max-age=5184000
vary: Accept-Encoding
x-content-type-options: nosniff
x-default-cache: default_cache
x-fastcgi-cache: MISS
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

content-length: 178
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
content-type: text/html
date: Sat, 22 Apr 2023 00:40:34 GMT
location: https://www.heralddemocrat.com/
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
referrer-policy: no-referrer
server: nginx/1.18.0 (Ubuntu)
strict-transport-security: max-age=5184000
x-content-type-options: nosniff
x-default-cache: default_cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 Georgia-Regular-font.ttf
www.heralddemocrat.com/wp-content/uploads/2021/05/ 140 KB
140 KB 177ms
175ms Font
application/octet-stream 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2021/05/Georgia-Regular-font.ttf

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7d0bb20c632bb59e81a0885f573bd2173f71f73204de9058feb68ce032227072

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
last-modified: Wed, 25 May 2022 10:00:14 GMT
server: nginx/1.18.0 (Ubuntu)
referrer-policy: no-referrer
etag: "628dfe2e-22e74"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
content-length: 142964
x-xss-protection: 1; mode=block

GET
H2 200 style.min.css
www.heralddemocrat.com/wp-includes/css/dist/block-library/ 93 KB
13 KB 403ms
400ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Mar 2023 02:51:32 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640e8fb4-172a9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 classic-themes.min.css
www.heralddemocrat.com/wp-includes/css/ 217 B
893 B 403ms
401ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/css/classic-themes.min.css?ver=1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Mar 2023 02:51:32 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640e8fb4-d9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.css
www.heralddemocrat.com/wp-content/plugins/paid-memberships-pro/css/ 18 KB
4 KB 403ms
401ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/paid-memberships-pro/css/frontend.css?ver=2.6.6

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

9ab2aae1e13e9678b5ff7477eb2376325e1793cd3dceeed0b980d6c59522828c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 10 Jun 2022 20:52:57 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62a3af29-481e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pmpromc.css
www.heralddemocrat.com/wp-content/plugins/pmpro-mailchimp/css/ 220 B
876 B 404ms
402ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/pmpro-mailchimp/css/pmpromc.css?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ca7a013acd7bc1d7d1af8726274c7c9248318846ac1eed864faf22656ba4d6f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 10 Jun 2022 20:53:08 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62a3af34-dc"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js_composer.min.css
www.heralddemocrat.com/wp-content/plugins/js_composer/assets/css/ 452 KB
44 KB 404ms
402ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.10.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

6a2d500d4ac0bba5317698b68c383179098a0ad47879f56de7318ceb37fba68e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 02:13:59 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd867-70ee5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addtoany.min.css
www.heralddemocrat.com/wp-content/plugins/add-to-any/ 1 KB
1 KB 404ms
402ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 04 Oct 2022 13:08:31 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"633c304f-5ef"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/ 588 KB
92 KB 404ms
403ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

feb53de7103cfe17c2e2a4468dfd1c7c54250b52f433f033b16f1dc89e4d5de5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd401-9309a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js-composer-frontend.css
www.heralddemocrat.com/wp-content/themes/jnews/assets/css/ 3 KB
996 B 405ms
403ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/css/js-composer-frontend.css?ver=1.0.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

1c468f25c66a9aeaa637ca5244f64ec7f967734b2dc2aa92b667cf5316155e81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd401-bb7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scheme.css
www.heralddemocrat.com/wp-content/themes/jnews/data/import/newspaper/ 6 KB
2 KB 405ms
403ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/data/import/newspaper/scheme.css?ver=1.0.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

3a3b8f1947675166325e8785c1058e7d8a2a1946f33a67e0fedb5c0b0ec2a16d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd400-1644"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 theme.min.css
www.heralddemocrat.com/wp-content/themes/jnews-child/dist/ 208 KB
29 KB 405ms
404ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/theme.min.css?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ae5e8b709455fcc6d0c794c6dcdadef5d38438725e865856d35d6a117ce8b525

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 12 Aug 2022 15:43:42 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62f6752e-33f7a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 home_page.min.css
www.heralddemocrat.com/wp-content/themes/jnews-child/dist/ 5 KB
2 KB 406ms
404ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/home_page.min.css?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ed0791d2019df55609fed92dbd4d8ecef07c3e556aca283d7a8e1aabdfbdfef4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 20 Jul 2022 17:53:00 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62d840fc-144a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
www.heralddemocrat.com/wp-includes/js/jquery/ 88 KB
31 KB 406ms
405ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Mar 2023 02:51:32 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640e8fb4-15e54"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.heralddemocrat.com/wp-includes/js/jquery/ 11 KB
5 KB 406ms
405ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-2bd8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 155ms
53ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c5cc47eb8499efe3f4353bc50b38690756e78da21b0e158e14293b39c5ef812

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 81140
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 11 Jan 2023 01:11:30 GMT
server: cloudflare
etag: W/"c04-5f1f2ae2e431b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=172800
cf-ray: 7bb9d106693468ef-FRA

GET
H2 200 addtoany.min.js Show response
www.heralddemocrat.com/wp-content/plugins/add-to-any/ 129 B
839 B 176ms
175ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 04 Oct 2022 13:08:31 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"633c304f-81"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 script.min.js Show response
www.heralddemocrat.com/wp-content/themes/jnews-child/dist/ 2 KB
1 KB 407ms
406ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/script.min.js?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b6dcca3034056688691afb759a5900f22c16648c2f09bbc17b02afbf859d2de6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:37 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Jun 2022 15:55:01 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62a75dd5-649"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK plausible.js Show response
analytics.cherryroad.com/js/ 1 KB
2 KB 1116ms
118ms Script
application/javascript 207.228.225.157
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.cherryroad.com/js/plausible.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.228.225.157 Ashburn, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

Software

nginx /

Resource Hash

7eec3429c76cb48e5fd457c5afb71b7cf34bc4298d53023bae8aea715443b4a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:39 GMT
x-content-type-options: nosniff
Server: nginx
Content-Type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 1332

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 74 KB
25 KB 177ms
72ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce963f2d47c360c2932938a9a9b6292c4dd9f093921138500d0e23e5276eb9ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25055
x-xss-protection: 0
server: cafe
etag: 284 / 19469 / m202304180101 / config-hash: 6342739278968460252
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 Herald-Democrat.jpg
www.heralddemocrat.com/wp-content/uploads/2023/01/ 29 KB
29 KB 516ms
515ms Image
image/jpeg 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/01/Herald-Democrat.jpg

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

06bfcbc62a8a2e2a624c3d07e3d173518339143afa1d033e6fa49f4e57a7a398

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 29440
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 24 Jan 2023 18:30:43 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "63d023d3-7300"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Best-of-Texoma.png
www.heralddemocrat.com/wp-content/uploads/2022/09/ 47 KB
48 KB 515ms
515ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2022/09/Best-of-Texoma.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

62c929161d0af43697d1f251fc65b5cea61d58a66b9398d8d49a8ab32b8e6e72

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 47909
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 29 Sep 2022 15:40:10 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6335bc5a-bb25"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jeg-empty.png
www.heralddemocrat.com/wp-content/themes/jnews/assets/img/ 70 B
763 B 516ms
516ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/img/jeg-empty.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 70
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "640fd401-46"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 widgetLoader.js Show response
www.legacy.com/widgetloader/ 48 KB
17 KB 534ms
429ms Script
application/x-javascript 104.17.186.220
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.legacy.com/widgetloader/widgetLoader.js?type=ROV1&ld=true&ot=1&cnt=4&sw=0&rc=0&aid=2344
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.186.220 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: cc96316279ecefc83cf5e0bb54101accebdffbc3c22bedfe2f0a73f1ed5e1c75

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires: Sun, 23 Apr 2023 00:39:55 GMT
date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: User-Agent, Accept-Encoding,Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cf-ray: 7bb9d1067a953a66-FRA
content-length: 17467
x-ua-compatible: IE=edge

GET
H2 200 trxtwo.php Show response
japfg-trending-content.uc.r.appspot.com/ 12 KB
4 KB 274ms
158ms Script
text/html 2a00:1450:4001:80e::2014
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://japfg-trending-content.uc.r.appspot.com/trxtwo.php?s=10254&v=1&q=4&i=21
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 7c5b6397ca47829cc420415b26c0fbf518592591ee01e9c11c7267b96a32f579

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 delivery.js Show response
assets.revcontent.com/master/ 161 KB
51 KB 136ms
43ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/delivery.js
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 37f770cae50011794159525cc18fb5acecb9cc1d1fc4bfe7145c24547ae0ff45

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2023 18:37:17 GMT
server: AmazonS3
x-amz-request-id: 8ZEJ22PC9R29Q77V
etag: "6f9cdc7e257255ad6b1b8693c13ab675"
x-amz-server-side-encryption: AES256
x-hw: 1682124038.cds279.fr8.hn,1682124038.cds146.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 51668
x-amz-id-2: TF4sXHuuNxPMzE8hZ9LCvA8j0BNuHHLmbNaUofsXB4Y7OwSHJp5avt+hFW24D36UR0XsVGkDJgB/wWyl9k2ssg==

GET
H2 200 toolbar.min.js Show response
www.heralddemocrat.com/wp-content/plugins/accessibility-toolbar/dist/ 523 KB
182 KB 186ms
186ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/accessibility-toolbar/dist/toolbar.min.js?ver=1.4.5

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a3024b9f4a8863af77a271745a863f6241c1724ba82c88ee694792de008b556a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:33:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fced8-82c62"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.adrotate.clicktracker.js Show response
www.heralddemocrat.com/wp-content/plugins/adrotate/library/ 365 B
981 B 370ms
369ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 13 Mar 2023 23:44:21 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fb555-16d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 comment-reply.min.js Show response
www.heralddemocrat.com/wp-includes/js/ 3 KB
2 KB 359ms
357ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/comment-reply.min.js?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-ba5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hoverIntent.min.js Show response
www.heralddemocrat.com/wp-includes/js/ 1 KB
1 KB 359ms
357ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-5db"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 imagesloaded.min.js Show response
www.heralddemocrat.com/wp-includes/js/ 5 KB
2 KB 360ms
358ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-15fd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/ 298 KB
86 KB 366ms
364ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/frontend.min.js?ver=1.0.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

48b2d240737cceb970b7b3ef8b86aef31f321c9d51f0af1fa1f4c68544e5d498

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd401-4a9ae"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js_composer_front.min.js Show response
www.heralddemocrat.com/wp-content/plugins/js_composer/assets/js/dist/ 20 KB
6 KB 177ms
176ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.10.0

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

bf817ee4b2d4e9d98e05e1382d295f8f10fef43770cd4e291d924a5d0afc8cc2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 14 Mar 2023 02:13:59 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"640fd867-4e52"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cr_dep_best_of_widget.js Show response
www.heralddemocrat.com/wp-content/plugins/cr-dep-best-of-wp-plugin//scripts/ 1 KB
1 KB 176ms
176ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/cr-dep-best-of-wp-plugin//scripts/cr_dep_best_of_widget.js?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

e13491499f5b076127246b7d73d8a4e086307134f138d0bf66655bd26eacc7a0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 09 Aug 2022 17:58:01 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62f2a029-4eb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.heralddemocrat.com/wp-includes/js/ 18 KB
6 KB 179ms
178ms Script
application/javascript 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 09:59:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"628dfdf6-48b9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 print.css
www.heralddemocrat.com/wp-content/plugins/paid-memberships-pro/css/ 86 B
800 B 180ms
179ms Stylesheet
text/css 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/plugins/paid-memberships-pro/css/print.css?ver=2.6.6

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

914cb6fe13efdf97379c1a2910d677144821201ff3f41b67a5a6ddb367e1a27b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 10 Jun 2022 20:52:57 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62a3af29-56"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 128ms
40ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 22 Apr 2023 00:35:44 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 294
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Sat, 22 Apr 2023 02:35:44 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 130 KB
48 KB 142ms
53ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KV4F27B

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

45439318544880a448bb71da9bf7d24ddb5809e3695d4e497caae0a9d11a3546

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49070
x-xss-protection: 0
last-modified: Sat, 22 Apr 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H/1.1 200
OK C6FA55C54659D987 Show response
publisher.etype.services/special-editons/ Frame EFF9 4 KB
2 KB 570ms
159ms Document
text/html 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d8056ed4e882c666568970242dabfeed4f2a11aa04be86649a35bcebf03a9604

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private
Content-Encoding: gzip
Content-Length: 1440
Content-Type: text/html; charset=utf-8
Date: Sat, 22 Apr 2023 00:40:38 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

GET
H2 200 red-blob.png
www.heralddemocrat.com/wp-content/uploads/2021/06/ 2 KB
3 KB 515ms
514ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2021/06/red-blob.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/theme.min.css?ver=6.1.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a4935d49528d0a5a6b2444b81c23246aac70cb7a9a7d64e2da2af33aac28611f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 2154
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 10:00:14 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "628dfe2e-86a"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 grey-blob.png
www.heralddemocrat.com/wp-content/uploads/2021/06/ 5 KB
6 KB 517ms
516ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2021/06/grey-blob.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/theme.min.css?ver=6.1.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7d46496177f660fe1c4d3b3be0361fefa1a4fc87665736441f5234ea8ee9c762

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 4996
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 May 2022 10:00:14 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "628dfe2e-1384"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 ADA-Compliant-Logo.png
web1.etypeservices.com/wp-content/uploads/2021/11/ 14 B
14 B 574ms
203ms Image
text/html 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web1.etypeservices.com/wp-content/uploads/2021/11/ADA-Compliant-Logo.png
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews-child/dist/theme.min.css?ver=6.1.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),
Reverse DNS: sagemt.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5316717f872a3b46022c0c6b37009e1a18df8809a0cd70a58d8c47fd97f9919c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "636661f9-e"
content-length: 14
content-type: text/html

GET
H2 200 fontawesome-webfont.woff2
www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/font/ 75 KB
76 KB 511ms
511ms Font
application/octet-stream 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/font/fontawesome-webfont.woff2

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
referrer-policy: no-referrer
etag: "640fd401-12d68"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
content-length: 77160
x-xss-protection: 1; mode=block

GET
H2 200 sm.24.html Show response
static.addtoany.com/menu/ Frame E95E 677 B
538 B 52ms
51ms Document
text/html 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.24.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 923472
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 7bb9d106c97c68ef-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 22 Apr 2023 00:40:38 GMT
etag: W/"2a5-5edb40e6d10d8"
last-modified: Fri, 18 Nov 2022 00:47:55 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
H3 200 core.26680508.js Show response
static.addtoany.com/menu/modules/ 69 KB
25 KB 96ms
51ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.26680508.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73cfb0ed71e314a835831530e27ba1fde5609b224781f7dbc2dd3eb9a08603cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 481566
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 11 Jan 2023 01:11:29 GMT
server: cloudflare
etag: W/"11452-5f1f2ae24215b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 7bb9d1071b083689-FRA

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/ 398 KB
124 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df3f86e8cb9abbc7c08d77f3d0b9a74eb950a97edd59710f2020e8b1b2e7a241

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 20:51:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13765
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126571
x-xss-protection: 0
server: cafe
etag: 16530882680372410927
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 20 Apr 2024 20:51:13 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 900 B
423 B 156ms
74ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.heralddemocrat.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92fb9569dc9bbfdd1c4cc92443f58ad7f167ea26698b6cfd2afc27f23557d08f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
955 B 141ms
50ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans|PT+Serif

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cb9e7539afdf5b96eccf097a28a406f593159775c07d4f0b028c09db443c1ce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 22 Apr 2023 00:30:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 137ms
49ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heralddemocrat.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
11 KB 185ms
185ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3060451837005996&correlator=1432775623427257&eid=31073866%2C31074068&output=ldjh&gdfp_req=1&vrg=202304180101&ptt=17&impl=fifs&iu_parts=21843165966%3A116205717%2CCherryRoad_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=1&adks=4239096872&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682124038661&lmt=1682124038&dlt=1682124037081&idt=1315&adxs=1157&adys=1665&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=300x250&msz=300x250&fws=4&ohw=1600&ga_vid=106191227.1682124039&ga_sid=1682124039&ga_hid=1960640960&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2087d0750293c6ee9a2bb1b1df55a845f6addb0c6d215092bcd1a4dfcf8abe05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10732
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 105ms
105ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3060451837005996&correlator=1432775623427257&eid=31073866%2C31074068&output=ldjh&gdfp_req=1&vrg=202304180101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_h1_leaderboard&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x90%7C728x90&ifi=2&adks=3882773831&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682124038669&lmt=1682124038&dlt=1682124037081&idt=1315&adxs=143&adys=275&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=1314x50&msz=1314x50&fws=4&ohw=1600&ga_vid=106191227.1682124039&ga_sid=1682124039&ga_hid=1960640960&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de092bee981aade8e5bedc65b9f6e38c9a0b7db53e554f12a036f067b86fff41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13185
x-xss-protection: 0
google-lineitem-id: 5948923905
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375429349
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 85ms
85ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3060451837005996&correlator=1432775623427257&eid=31073866%2C31074068&output=ldjh&gdfp_req=1&vrg=202304180101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_h3_left&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&ifi=3&adks=1886291333&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682124038671&lmt=1682124038&dlt=1682124037081&idt=1315&adxs=143&adys=1195&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=299x250&msz=300x250&fws=4&ohw=1600&ga_vid=106191227.1682124039&ga_sid=1682124039&ga_hid=1960640960&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

887bb62bab2d179bce1b0ef1e8c12265f2463e09cce7545b050c8a41e0dd683c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13108
x-xss-protection: 0
google-lineitem-id: 5950877027
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375537385
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 128ms
128ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3060451837005996&correlator=1432775623427257&eid=31073866%2C31074068&output=ldjh&gdfp_req=1&vrg=202304180101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_h2_right&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C300x250&ifi=4&adks=360704253&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682124038673&lmt=1682124038&dlt=1682124037081&idt=1315&adxs=1157&adys=355&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=300x250&msz=300x250&fws=4&ohw=1600&ga_vid=106191227.1682124039&ga_sid=1682124039&ga_hid=1960640960&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

973c2aee9822dcd6504deaaf2e24275f342ffc6d3c96c355131ca9522781ef38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13147
x-xss-protection: 0
google-lineitem-id: 5950877027
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138374400661
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 94ms
94ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3060451837005996&correlator=1432775623427257&eid=31073866%2C31074068&output=ldjh&gdfp_req=1&vrg=202304180101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_h4_right&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&ifi=5&adks=10126175&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682124038674&lmt=1682124038&dlt=1682124037081&idt=1315&adxs=1157&adys=1385&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=300x250&msz=300x250&fws=4&ohw=1600&ga_vid=106191227.1682124039&ga_sid=1682124039&ga_hid=1960640960&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c30edd1e3fde9c8a555315e8cce5e33027106a88e68a55e43c56c07cc960dced

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13164
x-xss-protection: 0
google-lineitem-id: 5950877027
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138374399830
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 117ms
116ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3060451837005996&correlator=1432775623427257&eid=31073866%2C31074068&output=ldjh&gdfp_req=1&vrg=202304180101&ptt=17&impl=fifs&iu_parts=22655122517%2Cheralddem_ros_footer&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C970x90&ifi=6&adks=1414856592&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682124038676&lmt=1682124038&dlt=1682124037081&idt=1315&adxs=640&adys=2803&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.heralddemocrat.com%2F&frm=20&vis=1&psz=1600x50&msz=1600x50&fws=4&ohw=1600&ga_vid=106191227.1682124039&ga_sid=1682124039&ga_hid=1960640960&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37d4dd1da7b54cca0e037199ad20d322f930a64ab589246c5307d36bf917c2b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13169
x-xss-protection: 0
google-lineitem-id: 5948923905
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138374396458
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1CEA 6 KB
3 KB 190ms
48ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 00:40:38 GMT
expires: Sun, 21 Apr 2024 00:40:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK bootstrap.min.css
publisher.etype.services/assets/global/plugin/bootstrap/css/ Frame EFF9 118 KB
19 KB 155ms
155ms Stylesheet
text/css 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/bootstrap/css/bootstrap.min.css
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:42:46 GMT
Server: Microsoft-IIS/10.0
ETag: "05f8ba02227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 19629

GET
H/1.1 200
OK jquery.bxslider.css
publisher.etype.services/assets/global/plugin/bxslider/css/ Frame EFF9 5 KB
1 KB 157ms
155ms Stylesheet
text/css 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 894011cff758a43f1db57b26424ea2befcdc85b25e09c91e139040a22cb10e7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:43:55 GMT
Server: Microsoft-IIS/10.0
ETag: "80efabc92227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 1213

GET
H/1.1 200
OK jquery.min.js Show response
publisher.etype.services/assets/global/plugin/ Frame EFF9 95 KB
33 KB 312ms
154ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/jquery.min.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3ae5d8b5a2806b811378107313b19f0b05baae4b2bbe85e19e9cd223391a0fe3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:41:43 GMT
Server: Microsoft-IIS/10.0
ETag: "8055fe7a2227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 33844

GET
H/1.1 200
OK bootstrap.min.js Show response
publisher.etype.services/assets/global/plugin/bootstrap/js/ Frame EFF9 36 KB
10 KB 460ms
151ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/bootstrap/js/bootstrap.min.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:42:55 GMT
Server: Microsoft-IIS/10.0
ETag: "80a9e8a52227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 9839

GET
H/1.1 200
OK jquery.bxslider.js Show response
publisher.etype.services/assets/global/plugin/bxslider/js/ Frame EFF9 64 KB
14 KB 460ms
152ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/assets/global/plugin/bxslider/js/jquery.bxslider.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3f84897d884f47f9c98b1656962479b41fde99934e6a3abae8128995b7d81f7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Jan 2023 07:44:00 GMT
Server: Microsoft-IIS/10.0
ETag: "0e0a6cc2227d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 14163

GET
H/1.1 200
OK js_Common.js Show response
publisher.etype.services/Scripts/ Frame EFF9 24 KB
6 KB 462ms
154ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/Scripts/js_Common.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 38587d14ecdbee0b173c6773618ab712a02d30f4e8effa50d4ce23dbdafb2cc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 13:38:40 GMT
Server: Microsoft-IIS/10.0
ETag: "0f0d87cf93ad91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 6307

GET
H/1.1 200
OK js_SpecialSectionWidget.js Show response
publisher.etype.services/Scripts/ Frame EFF9 8 KB
2 KB 467ms
156ms Script
application/x-javascript 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/Scripts/js_SpecialSectionWidget.js
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b637638d704015822114b8c9c1f726b106517e106b5fca956dcf4ea3148126ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 13:38:49 GMT
Server: Microsoft-IIS/10.0
ETag: "803a3682f93ad91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 1206

GET
H/1.1 200
OK common.ashx Show response
publisher.etype.services/ajax/ Frame EFF9 3 KB
2 KB 479ms
165ms Script
text/plain 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/ajax/common.ashx
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d9788f957a0264a11cf4beeac5436e49aa2b908d80c60bcf6681a4e4e8113318

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:38 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
Cache-Control: private
Content-Length: 1354
Expires: Sat, 22 Apr 2023 00:41:39 GMT

GET
H/1.1 200
OK eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx Show response
publisher.etype.services/ajax/ Frame EFF9 3 KB
2 KB 613ms
153ms Script
text/plain 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/ajax/eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/special-editons/C6FA55C54659D987
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e6347309453f94375e038094fca0441218e992441dfb54ed0fbc4a047d45db22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:38 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
Cache-Control: private
Content-Length: 1339
Expires: Sat, 22 Apr 2023 00:40:39 GMT

GET
H2 200 jegicon.woff
www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/font/ 7 KB
8 KB 176ms
176ms Font
application/font-woff 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/font/jegicon.woff

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

e2d3127da85763e024971c6192f78becbdf85db231b3d088c9f8b3777d444ede

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
last-modified: Tue, 14 Mar 2023 01:55:13 GMT
server: nginx/1.18.0 (Ubuntu)
referrer-policy: no-referrer
etag: "640fd401-1be8"
x-frame-options: SAMEORIGIN
content-type: application/font-woff
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
content-length: 7144
x-xss-protection: 1; mode=block

GET
H2 200 wmWIZGJCog-VXLO2Q_beeCR-uankRpvTpKVwY-75AbpE54omXeeE5eA29y4vHw7Osplbm_SCeK89yePev-4jrso3dcfQ5w=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 10 KB
10 KB 144ms
40ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wmWIZGJCog-VXLO2Q_beeCR-uankRpvTpKVwY-75AbpE54omXeeE5eA29y4vHw7Osplbm_SCeK89yePev-4jrso3dcfQ5w=w450-h375-c-rj-l75

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e0bd9a0af247ad557033faa1be6b8215f90f28b5df15739fe0b83fae77c06a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 22:19:17 GMT
x-content-type-options: nosniff
age: 8481
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10362
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 22 Apr 2023 22:19:17 GMT

GET
H2 200 GS7jdHTDoxXVT7zaudKL1UxA0bM5ICn-7csnvwf7qQ-4_YVu2L1EsQwCYMJAO-9KwzZM4aPsJj8uo6RmOnUQX4rDVL0u_CJx6-7orQ=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 1 KB
1 KB 152ms
48ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/GS7jdHTDoxXVT7zaudKL1UxA0bM5ICn-7csnvwf7qQ-4_YVu2L1EsQwCYMJAO-9KwzZM4aPsJj8uo6RmOnUQX4rDVL0u_CJx6-7orQ=s42-p-rj-l68-e365

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

02ba6c6f3adf2b8aaa6246cf43e4b79eefcb1aa49038b9ced172c372e2d2d938

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 22:19:17 GMT
x-content-type-options: nosniff
age: 8481
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1091
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=31536000, no-transform
timing-allow-origin: *
expires: Sat, 20 Apr 2024 22:19:17 GMT

GET
H2 200 0fLizYgNBHeAUXLYUDX8T5PK_-Qv81OKzgSwGoiqOSjcDROBj_Lj0LcS-0OC_MD8EnYb4QzR-Gpu6Y_I5QN1gggAUZAwXQ-gep68sYLkx2s=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 43 KB
43 KB 156ms
52ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0fLizYgNBHeAUXLYUDX8T5PK_-Qv81OKzgSwGoiqOSjcDROBj_Lj0LcS-0OC_MD8EnYb4QzR-Gpu6Y_I5QN1gggAUZAwXQ-gep68sYLkx2s=w450-h375-c-rj-l75

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1973666a4ddb21add1ff61c23ce96b22fd006aaa4e022928a9022a10a199dcb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43653
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Apr 2023 00:40:38 GMT

GET
H2 200 XZhgU9i7LCAqFpziXKC599qH5lNCcfmZjD3_7ZyXduPuZixZmNpnyODf9hacriod23xbLdY3Q6SaWm_ublmacaS1hDZk-UjUUqvCmw=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 1 KB
1 KB 209ms
105ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XZhgU9i7LCAqFpziXKC599qH5lNCcfmZjD3_7ZyXduPuZixZmNpnyODf9hacriod23xbLdY3Q6SaWm_ublmacaS1hDZk-UjUUqvCmw=s42-p-rj-l68-e365

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4e255bf15c20710f222ca1d08563a34917faee659bebac5511ccce57a8285b44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1180
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=31536000, no-transform
timing-allow-origin: *
expires: Sun, 21 Apr 2024 00:40:38 GMT

GET
H2 200 zy5hk_6dlkr1fCHwdZgKoMXQJWhBwYXVMmY1NUX5CuGEZ1ifkmhHuBXYuctFK9rBOR0Ifq8_XzYiRJ7Lvm4cSehRQwNitCs=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 42 KB
42 KB 211ms
107ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/zy5hk_6dlkr1fCHwdZgKoMXQJWhBwYXVMmY1NUX5CuGEZ1ifkmhHuBXYuctFK9rBOR0Ifq8_XzYiRJ7Lvm4cSehRQwNitCs=w450-h375-c-rj-l75

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

eb71fa34962dd68703df6691338fa645cf32299171e17c74be69c55812efbe3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42859
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Apr 2023 00:40:38 GMT

GET
H2 200 XxO8GpIQcgkWV58x8I1AfLHGUPze_MrecTf8CQ1lsrc2xJVLhdcYSMI-E4GM4QKntQuVSbrtrtVrmZUWvLzp0RvBiu6VAlcOQ0tnQGE=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 1 KB
1 KB 131ms
130ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XxO8GpIQcgkWV58x8I1AfLHGUPze_MrecTf8CQ1lsrc2xJVLhdcYSMI-E4GM4QKntQuVSbrtrtVrmZUWvLzp0RvBiu6VAlcOQ0tnQGE=s42-p-rj-l68-e365

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a19a356741e542145b8c793af8228b24fe2a829d0c23c77c3c104b192c1c45bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=31536000, no-transform
timing-allow-origin: *
expires: Sun, 21 Apr 2024 00:40:38 GMT

GET
H2 200 YZ9MH2wdlJdCYw83__WEwmWJNDdmDC-G1gxTRgzM9uRH676tU-vbYTf3Y-Rawash8vdXgAF_uHV2Z0sNg2KTbHcovY1TKpc=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 44 KB
44 KB 113ms
112ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/YZ9MH2wdlJdCYw83__WEwmWJNDdmDC-G1gxTRgzM9uRH676tU-vbYTf3Y-Rawash8vdXgAF_uHV2Z0sNg2KTbHcovY1TKpc=w450-h375-c-rj-l75

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6c958b3ea583cf0a2e50ee6ad6e8ef42ddd4b8269d760492fbd6d6dcc956d51d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:21:47 GMT
x-content-type-options: nosniff
age: 11931
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44577
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 22 Apr 2023 21:21:47 GMT

GET
H2 200 4gffykdJl-LDj6JedsrqWqMnUtjA4ettukBlAIr1tIizpxQEFxmVGikaNUjgS0RbQxgGDH2rJEpNPKqLRGh42SMyQEm0S9BakYfmmk0=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 962 B
1 KB 112ms
111ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/4gffykdJl-LDj6JedsrqWqMnUtjA4ettukBlAIr1tIizpxQEFxmVGikaNUjgS0RbQxgGDH2rJEpNPKqLRGh42SMyQEm0S9BakYfmmk0=s42-p-rj-l68-e365

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

50c9201fab5a8a851d4a225b1fdb97338c461b2aaee7357c235f26dfa7126168

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 22:26:34 GMT
x-content-type-options: nosniff
age: 8044
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 962
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=31536000, no-transform
timing-allow-origin: *
expires: Sat, 20 Apr 2024 22:26:34 GMT

GET
H2 200 css
fonts.googleapis.com/ 9 KB
875 B 52ms
51ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700%7CQuattrocento

Requested by

Host: www.legacy.com
URL: https://www.legacy.com/widgetloader/widgetLoader.js?type=ROV1&ld=true&ot=1&cnt=4&sw=0&rc=0&aid=2344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5c3bceacb23c3345b1c2131cb8ebc3ceda1d45d87cbf069f2d93b12ff9d7d9ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 22 Apr 2023 00:40:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET 2344
www.legacy.com/api/v1/affiliates/recentobituaries/ 0
0

GET
H2 200 sprite_icons_6dc7d94.png
www.justapinch.com/images/ 22 KB
22 KB 149ms
40ms Image
image/png 130.211.10.17
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.justapinch.com/images/sprite_icons_6dc7d94.png
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.10.17 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 17.10.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 48ea5787f01c0678de86c7861e830f03a3163a2d3a25ddb8fe3b343725dfeabd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 19:20:41 GMT
via: 1.1 google
last-modified: Wed, 19 Apr 2023 17:35:37 GMT
server: nginx
age: 105598
x-who: gcloud-web-1
content-type: image/png
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22292
expires: Fri, 19 Apr 2024 19:20:41 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
226 B 47ms
47ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1960640960&t=pageview&_s=1&dl=https%3A%2F%2Fwww.heralddemocrat.com%2F&ul=en-us&de=UTF-8&dt=Herald%20Democrat%20%E2%80%93%20Herald%20Democrat&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAEABAAAAACAAI~&jid=94484447&gjid=1801412840&cid=106191227.1682124039&tid=UA-214788847-46&_gid=311552647.1682124039&_r=1&_slc=1&z=1049239101

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5eb922e5a926ca6554d08b48be54d8c48200c31cf48a6af3f283b2fe87116943

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 57AA 0
0 77ms
77ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv1gr3rigUz-VEG5pzfmPaXKdXGRIIztux7CoJtK9VDdTFKQBERU1GmYDdc-YFwc-TNu5txLiKBc8PN0wnSFl3fmyiO7lQcW4q890GN0FrM5Pms9p7oUUiOaAXzMTE0Hq96QjIUhjhTgzBzD-Tx1qLUk4HIGfBmwqyVqNIeWPSc1HHgyAd55aZxja3h_f2OnS6Ppbor2jwOrcpkbPK3GVA5shTYr9DSnbleqdyfihd9HPkKQHWO_ql-8xaJxDef-EDPBDZXB22zvTAqRc562zt9f-8DypY7vDorGUkf6fwvLXNlMR3XlwoT3zGn7Eg2y_YT366nxHLdZMyhfgyI8fD77F8&sai=AMfl-YRAccHDXng-MkeRThFTIr3aG35o7d-PMoWmvNSbj41M3vFKsLr0Jv9dfDfEzEe4dcgKl1a4e6gD_8rrmX3RRBl6uBb88DbvS1K_RJU7mjKYneye9cySryNClvnQAIET2w&sig=Cg0ArKJSzD-IARdmZ-7UEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 57AA 3 KB
2 KB 72ms
40ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11757
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 05 May 2023 21:24:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 57AA 159 KB
49 KB 142ms
54ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 1238843511883909433
tpc.googlesyndication.com/simgad/ Frame 57AA 50 KB
50 KB 128ms
41ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1238843511883909433

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b808d20a01170f042d1d5dca1f9fced55f903f08d82a7bdc6ab4aefc3c5bb5e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:06:13 GMT
x-content-type-options: nosniff
age: 124465
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50939
x-xss-protection: 0
last-modified: Tue, 14 Dec 2021 16:11:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 19 Apr 2024 14:06:13 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4132 0
0 78ms
77ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssCR60IoA15he_LcOB_wNhgldviHMyU-ZUwyQ0Z_HRkF9Oh4GbemZf4y_uaQrpl7Z6xUefZg51dyjh_c4YZs5lvc3PZD1MpBC54UHMemTTOBMOMjlgniWEhb6sfkxD1a2ePCUUs3Ae-Bdv70lxm4ejRomGs3myF-2PXFUNNLfG9ez9Bo5RKBKl51hJ5w61A4klBY2dWA8J-JCGz3ENvNYJ0NKtL-hAcZFCCccvVvH7YAHLDbrvem_oAnztmsvlZ8IxDGA9rgwtEBPk1Q_ZMvkBKMNa_LCeE_rpaEfPX5OY2FJWLL5C1VAnzmLmPRkbmKI9IEiJ6NGXXDQn9mjxABYM-qxI&sai=AMfl-YS9mTMy5ANCVB9hgYYgOsAqp1jlFDz11L5cWK8REVeEv6d1jLZG9SHDrDdkj2nP3RKDFeI5JqXhZPtZpqpnDlQ-z19_o69A-PRXOtjhHE7SiJDnulV6aRKhZ1SdFJbAmr_5K-Pw7EHecojQ_Dg&sig=Cg0ArKJSzBZlQ_dvL9YSEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 4132 3 KB
1 KB 201ms
200ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11757
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 05 May 2023 21:24:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4132 159 KB
49 KB 176ms
112ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 2707953191438327426
tpc.googlesyndication.com/simgad/ Frame 4132 50 KB
50 KB 175ms
88ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2707953191438327426

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b808d20a01170f042d1d5dca1f9fced55f903f08d82a7bdc6ab4aefc3c5bb5e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 19 Apr 2023 11:10:55 GMT
x-content-type-options: nosniff
age: 221383
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50939
x-xss-protection: 0
last-modified: Fri, 03 Dec 2021 15:03:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 18 Apr 2024 11:10:55 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F765 0
0 79ms
79ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsspYHdf88VWD-BmY3xGRYBd2OtpsaT4mVlGwQevPEfTSKDiHxETy8yq87-jVrZWM2EJTnJU39sKH7Z8-JhobFhJBEPV3vfIti1Eg-TLSIhDn8zuYNtqmLwAEg_h8WUTkQo6a6a4gWqdU8ucn2QBiqdWEvyx6AYDxc9jHPxQcHIPuZJO4pkrCJJDx1s69TM3BaHY8mp0tKV-_o2FbQS7va-SK2wRuvYoB_2LysYMfemAsEJwPDTGw89Xl0xIWAfSU8doOZXp4rKDTky_WNi-O0ZrYMSNoACfPvOCkkL5johidKy9H_CzToiXTdyrlrGIcaSC6iu6ifgmgX0hhedHeszvDdMmdA&sai=AMfl-YTDzLHcV91tyC7oOJj0DWGWjf2kZ_gdqzwwBZS4b40jpif5J2dDCIa9FostDDiAWDP1Jq1P1Tc1P1iMatytdGX4x8ss1uUcCSze1NWItxS0-3pVaxCbDYy7ycqG6fg4RWOMtO90N4xe7C5C02c&sig=Cg0ArKJSzLHFezAD_8Q5EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame F765 3 KB
1 KB 201ms
201ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11757
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 05 May 2023 21:24:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F765 159 KB
49 KB 174ms
122ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 10452876685829993085
tpc.googlesyndication.com/simgad/ Frame F765 40 KB
40 KB 238ms
151ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10452876685829993085

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f21d87c10fd5940b334a21b0ca3367f6edd187a6ecc9ad948b4f6f98b48a8517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 09:32:39 GMT
x-content-type-options: nosniff
age: 140879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40684
x-xss-protection: 0
last-modified: Mon, 13 Dec 2021 21:17:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 19 Apr 2024 09:32:39 GMT

GET
DATA 200
OK truncated
/ Frame 57AA 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 262fcdee1605cfee27fac58bdbc04d8ba97a35337cbea504325e253d0a4400d3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4132 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d10ccf46066bf30af1e2cd7b7f53cf8bc1738c076244616cbf8ec0df3d35cf1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F765 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f479e238230ab4cbe95bfa44e8efa6d8e7a23bcf28689f64b72052bf2f007094

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9A31 0
0 77ms
76ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuhRHgLYsoXB8RijdrEIfm06VhPN3JnVN2l6lKUjntyreCtH778g-MGuvwPJhc0CIW9tP4kgLnIQgGSDfmaWRhLEPGNRIM2vpC5eyicnNmw3OqQE0lk35N89_TMec01NRvdgdDAjoetYYi9pgj4Sizwg0NxnomCPOWzllD0EVU_gabrv_WJo5nMop6stB7FHvo038EgZAHeJBlBiDWwYNE5d3iorB2Jpirnq0opifhz39Egb_ONCUdz0-Yvapz4Dx6LMfqQZOsq7SgZ5T6K56P2hgwubmNkc8DQ2t4w91W_BwufHiR_F5itd2Wz1OAChm4LymhxE_wVwa929TtPw4He&sai=AMfl-YQJp1d1RX23O0kKbdI9gNObHeQ8m7Py267ZG_lIZtgTzCHFKLghXNev-c4MCO1iPMrRj6X19VZdKniIHGejEWq7iFWvBKvvC6mTTIurdgwA47d2KuqrhUJdAZ2f1kUZYkxM6zcZczX8y6v3Kqw&sig=Cg0ArKJSzOlAURHOZ15hEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 9A31 3 KB
1 KB 202ms
201ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11758
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 05 May 2023 21:24:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9A31 159 KB
49 KB 185ms
156ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 17671567747972392758
tpc.googlesyndication.com/simgad/ Frame 9A31 158 KB
159 KB 214ms
169ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17671567747972392758

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a496b3850a900261527dc99f349035244c8c2c492eccc4a7f7e60114de039692

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 15:35:00 GMT
x-content-type-options: nosniff
age: 119138
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 162253
x-xss-protection: 0
last-modified: Fri, 03 Dec 2021 14:55:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 19 Apr 2024 15:35:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A4A5 0
0 78ms
78ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssca75IV7XYtyPtsmWnD2LowNiP2k_8BbTrfbekXwlqASSbZ2X0XnG7VETA-OvW1t8qK_5uzgBlEWvlk-L-LwnRKXlTQSiEHZvjOf6CUrIz-W0RScmm933Fyw_QB3l53TFGddLA0gXyo-c5Uykeq2DTvDWXTxcnACWAhFEGI-3wBQwI3mmzacvZlD5gTlu3CHabqZzPpyJ_4bvvV93jHmJBG2kyh7EY9gpXVUtrtosGsPlgdYnLzx6OWpaTE2_C7xJVTh25xQMLrcggB5wSuL_iXWiyZkmxw9zMgBmBa8ffPA01IqP0j7wV1seMMDcFy83plm3kC4cc8CbYUuOQwSY&sai=AMfl-YQQ-J3ToTjFz1w4qHvS_Eko49ZWs26W1XoXihvgGAT0kLaOzM1QGAIntC3fnxUMqL_UJx6bITgKa64VauvPpob-M84ZaJ_2ysVgHWYrrZPt5cBAGbL6lkHIOQq9bD6GitElSC_TokW7wdMlHNw&sig=Cg0ArKJSzN4XCD5Q9ZDCEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame A4A5 3 KB
1 KB 202ms
202ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11758
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 05 May 2023 21:24:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A4A5 159 KB
49 KB 151ms
133ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 10160350795956772724
tpc.googlesyndication.com/simgad/ Frame A4A5 51 KB
51 KB 180ms
136ms Image
image/gif 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10160350795956772724

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a111847773603814929227bb267257735082f898c9a07c5744abbc3aa73c7702

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 02:08:50 GMT
x-content-type-options: nosniff
age: 167508
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52046
x-xss-protection: 0
last-modified: Fri, 03 Dec 2021 15:01:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 19 Apr 2024 02:08:50 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 127ms
39ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700%7CQuattrocento

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 02:05:23 GMT
x-content-type-options: nosniff
age: 81316
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Apr 2024 02:05:23 GMT

GET
H2 200 OZpEg_xvsDZQL_LKIF7q4jP3w2j6.woff2
fonts.gstatic.com/s/quattrocento/v17/ 35 KB
35 KB 183ms
96ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/quattrocento/v17/OZpEg_xvsDZQL_LKIF7q4jP3w2j6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700%7CQuattrocento

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe65e8f74381d5afc5a63c298f62b26c4b68531e9e2792e6fa63f4af24842596

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heralddemocrat.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 05:19:52 GMT
x-content-type-options: nosniff
age: 156047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35872
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:12:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 Apr 2024 05:19:52 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 199 KB
71 KB 62ms
61ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8Y10R17R20&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a37f6c35c3eb52f46cbad934c7a64d94b9ed1786d8fc9671fe5ca56e114d5554

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 73060
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 22 Apr 2023 00:40:38 GMT

GET
H2 200 04-21-10-Ar00103004.jpg
www.heralddemocrat.com/wp-content/uploads/2023/04/ 20 KB
21 KB 177ms
176ms Image
image/jpeg 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/04/04-21-10-Ar00103004.jpg

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

81ecd4f7facf042dacdb4deb6c8c0a59c754020f06ca6c4213f9c33643b0d5e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 20784
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 21 Apr 2023 10:11:55 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6442616b-5130"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 04-21-10-Ar00102002.jpg
www.heralddemocrat.com/wp-content/uploads/2023/04/ 73 KB
74 KB 177ms
176ms Image
image/jpeg 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/04/04-21-10-Ar00102002.jpg

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

dd9ff4bfbcdd3096c997eb5ae460fe3552bb9d996abbebb5a2593b8ea4f47bea

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 74961
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 21 Apr 2023 10:11:49 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "64426165-124d1"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 04-21-10-Ar00504021-750x676.jpg
www.heralddemocrat.com/wp-content/uploads/2023/04/ 62 KB
63 KB 179ms
179ms Image
image/jpeg 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/04/04-21-10-Ar00504021-750x676.jpg

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

f8f2b389514a4b3a7890080628385477f284769b09be4a00b756dda6edebbbc5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 63492
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 21 Apr 2023 10:11:34 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "64426156-f804"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1-500x277.png
www.heralddemocrat.com/wp-content/uploads/2023/04/ 240 KB
241 KB 352ms
351ms Image
image/png 66.148.122.12
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heralddemocrat.com/wp-content/uploads/2023/04/1-500x277.png

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.148.122.12 Seattle, United States, ASN14361 (HOPONE-GLOBAL, US),

Reverse DNS

sagemt.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

adc178fc2c26de13d7fc1c436e99b9ba26303bde50e2f5bb40c238122bb41491

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
x-content-type-options: nosniff
strict-transport-security: max-age=5184000
content-length: 246140
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 21 Apr 2023 02:58:14 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6441fbc6-3c17c"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=()
x-default-cache: default_cache
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame 9A31 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 761ce3cb409f2a9e87e09ed474ef8415f905a1361068e6ac754bb564bcf2258b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A4A5 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4eaf8e39bc362427b1ae1a37b25eabad34b53bc421ab2ee053d379c03900beb5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 131ms
47ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16731
x-jsd-version: master
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230042-FRA, cache-yyz4568-YYZ
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fnaqioc4Y8u13UHvnl6jp%2Bcg9JtMGYaczLDMuSk46i9wkWPqihhK9t9q9j7hPRI2fyUiWyikppGXK44Lxx%2Btnf8aKHh68ZuyHfunPvWlu%2BF4b6AkGtqgJ4wlfxbEo%2FYhPEpz%2FC6CZ4ip55OVkiA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7bb9d10c3df63616-FRA

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 59 KB
17 KB 146ms
53ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d961a31d3d2fdb93a35a4024f9878b2ed896cd86a084ceb8df6af3bc53e29125

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 06 Apr 2023 12:00:04 GMT
server: cloudflare
x-amz-request-id: RJG8P9KGT25NARJA
age: 2988
etag: W/"110f0c3c343ee36404c8a2300f4755c3"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7bb9d10c4adb37c6-FRA
x-amz-id-2: p9caGrESjWYwkHsxUB/95tSAMOAWdfigQO7CUyIVO+HkWK6LxeSkGY+AhjJC0xfpQ02CliLtx7w=

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
2 KB 129ms
40ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 23:51:04 GMT
via: 1.1 google
age: 2975
x-guploader-uploadid: ADPycdu5UZ4BAuDKTiXp0YvVrPofJ9mzxdJNZt8lfeR4FCfbAaLTlCD5WDwExbZ91qA8JvLy0SjTo2RFeH98g-Rh4VUw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1258
last-modified: Fri, 29 Jul 2022 16:55:09 GMT
server: UploadServer
etag: "f5bc066f146e3dbb049aa6c86c7012e6"
x-goog-generation: 1659113709880056
x-goog-hash: crc32c=6QojvA==, md5=9bwGbxRuPbsEmqbIbHAS5g==
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 1258
accept-ranges: bytes
expires: Sat, 22 Apr 2023 00:51:04 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 37 KB
11 KB 153ms
43ms Script
text/javascript 65.9.66.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-104.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e9d3165c73a7f6243cdf07498cf37514d3128c1de540fa02d8a6d6c5fdf09db1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 01:26:46 GMT
content-encoding: gzip
via: 1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified: Wed, 22 Mar 2023 22:36:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 83634
x-amz-server-side-encryption: AES256
etag: W/"4fd6c99ca40fed5d11cbd9e1b76a92f1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: zc2f-8rqJosdvLAZMtN0PUjqQAnmAyOG8V_PKuf7ExLf6KzbhjTC8g==

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 160ms
40ms Script
text/javascript 2600:9000:2250:b200:a:e047:752:b361
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:a:e047:752:b361 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 03:09:51 GMT
Via: 1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
Last-Modified: Mon, 23 Jan 2023 04:07:36 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 78603
x-amz-server-side-encryption: AES256
ETag: "aded621b17723f487b3c9d0e43cf2f94"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1859
X-Amz-Cf-Id: M3mCbaChD8okzSRe5Q2w_hfk1Ckhyc8jQgLvwYGOJgKIRQ4nxHl24A==

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 129ms
39ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 07:00:45 GMT
content-encoding: gzip
age: 63594
x-guploader-uploadid: ADPycdvJ9f2JAcW_u33Wuncj8S73-G6Q6wRUusXGmU1oTYHkwdtBIiLp1LRa7LAdcbtsWxYQGd2x5956XBCXTVQq42M4_Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Sat, 20 Apr 2024 07:00:45 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 168ms
82ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-9c21"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 23 Apr 2023 00:40:39 GMT

GET
H2 200 container.html Show response
0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 80AB 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 00:40:38 GMT
expires: Sun, 21 Apr 2024 00:40:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 80AB 0
0 86ms
85ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CODlFBi1DZLW1LPmQ7_UPk4Gd6AzJntKxXNWdkfdwwI23ARABIABglYKAgLQHggEXY2EtcHViLTYwNTU4ODIwNjM3OTUzNDnIAQmpAgnD8hxgbLI-4AIAqAMBqgSkAk_QcrpItglybDIbkWZD7klmULVBKcupM-lEPzQnP2OGhiULTQEpV1_Oy3dSlkhtGUOwhVNsPQiK76zsQ8d_vq3WfvAllEmZ5gocb8gtyL8qSFT5nGN5vXeOs8cYqJUXSivNF9nW-Uxell3QdAsMahKoOGU_mrdSGnKPCgfjk8IppScWzW_m9sIthtzU4a2JtblG8NDu6Z4sky7hJl0pEe8GOZGv9bCGijvPKqlKg7PNo_4XrLLTShfuZ3axN5YcxXhdEcsrrUdVrjMg1oSWXmcjplEvAOLmhGTg5GPzgXDoKV_jn2QssxSS67L2mrtvSqiyO-IIUtC_F0BcnSB6u9SYQlXvRSZ2TAd_dhDHp5KKccgvCBpl0lgC8NReZi4YytVolRDgBAGABtyKgb2Ag8b3tgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTYwNTU4ODIwNjM3OTUzNDkY_ety&sigh=j7XNEMh7YVs&uach_m=[UACH]&cid=CAQSTABygQiDORO7xmbg_I-QkZ_zjvyWwMHBoLKNxICsN0cblPofRqIZUz1YcafTT-In3Vhow4sUpB4bF_kjR3bR2NXTBTtnOiUZ-2GlqhEYAQ
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 80AB 0
0 153ms
42ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k6W_EMc1rAL6AZ2DYgICAAAAhw5UQdNzwQXT8PmJpk5SNhAGLUNkDCoWuUlQAzL1QwAAEgAACgpBUVVCQVFFQkFR&wp=ZEMtBgALGrUIu8h5AAdAk6YDGj_Uo6DdkpU3mw

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 155220
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame E52E 161 KB
53 KB 341ms
106ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEMtBgALGrUIu8h5AAdAk6YDGj_Uo6DdkpU3mw&u=%7CB1qztyg3%2FnaP7W5RWdn%2Bcg8w41BkslWlHEafvrQFaGU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZetDT5vPMn_ZEYZgNxwU-bKOhxqqVnzPEn-gi7Cxt4Ao3-dK85QHHPLVWeT1jWsfkiZSYTGJnSuVxllT2NNzUUHkZsEkvDHvQo9v5Ca-azQCtmAMra-hJk6VL6infGN0BzanldH73zH3osrmdE_rjrnAKfrQVicQUARY3WnQ6tzwdWwrIX1HEMzBKK0huSRgT3dMIGIJ4Mvnnz_s544D4IixsqRFESTZBhmUbLskrLrc5Z98RzNRHwZu5ZRB2BybJ2WrzkKa-BvTiCCny2SFYscPcAkl642j60OboRbe5oosGjNE2EgizlDpJ1Oiu2STLJmOaGuWokY0nVlJwAWSSblecMmu6KGOnRbL2_R9L66ePtMCt1xQssRuRMiM1p4pC0bl5ChyoqmRgMw3rPoXvzFksFla8B-f2-hgfVQTIDxNlUpOYbXVBrsHaoPAXvlHwNONKX_cHmqD1RLVIhgD8fcqGbfmSYM37ujl0khxyTT9rb7FvK9aZShEgivr0oXro0mK8Ij34FiIK2wI06DUFMg7-h8I5LQ-nsJHFFKL4GrLc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC35w5Bi1DZLW1LPmQ7_UPk4Gd6AzJntKxXNWdkfdwwI23ARABIABglYKAgLQHggEXY2EtcHViLTYwNTU4ODIwNjM3OTUzNDnIAQmpAgnD8hxgbLI-4AIAqAMBqgSnAk_QcrpItglybDIbkWZD7klmULVBKcupM-lEPzQnP2OGhiULTQEpV1_Oy3dSlkhtGUOwhVNsPQiK76zsQ8d_vq3WfvAllEmZ5gocb8gtyL8qSFT5nGN5vXeOs8cYqJUXSivNF9nW-Uxell3QdAsMahKoOGU_mrdSGnKPCgfjk8IppScWzW_m9sIthtzU4a2JtblG8NDu6Z4sky7hJl0pEe8GOZGv9bCGijvPKqlKg7PNo_4XrLLTShfuZ3axN5YcxXhdEcsrrUdVrjMg1oSWXmcjplEvAOLmhGTg5GPzgXDoKV_jn2QssxSS67L2mrtvSqiyO-IIUtC_F0BcnSB6-da50NJg2TXJ0BPcpi1hX5uee34lJgLnZpA_VibheAIAT3_shq9bQZXgBAGABtyKgb2Ag8b3tgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3KM5nCEGUcYd3B3H0Zoz1uFNekvw%26client%3Dca-pub-6055882063795349%26adurl%3D

Requested by

Host: 0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com
URL: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4d4094f9b3927a97d1f9f14bad56c02d92b436b6aa1e59bb6cefdf6a17e0ba38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 00:40:38 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=qu3yRD8hHs2gVfI5jXtRAjgPNzQItgTlwjeP3IdcIH9UoWMESIv5fnSYxCwkKk6xK1Khg5n_xvCPW1x4EO9cpwhZ0UyctrO4tehA-ORpxF9p4fPbHnITeIxAksHfTY87-5T3Tyw3KKpDWhqkYri7a_cC6Yz8wsk3ZR8TmiucVU_ELEgU2Y6RGCrexr7DyvOoNkCrzQl9fj_TinvrbT0CzKHWE5PvDyXfltHmBRe0pls9aN7tVAcI2kmvx1j0naylR295xA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 49158640
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 80AB 3 KB
1 KB 180ms
177ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: 0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com
URL: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11758
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 05 May 2023 21:24:41 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 80AB 19 KB
8 KB 163ms
161ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com
URL: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 16:45:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28534
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 05 May 2023 16:45:05 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 80AB 24 KB
7 KB 165ms
163ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com
URL: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 19 Apr 2023 23:41:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 176343
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 18 Apr 2024 23:41:36 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 80AB 159 KB
49 KB 119ms
116ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com
URL: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Apr 2023 00:40:39 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
259 B 160ms
46ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8Y10R17R20&gtm=45je34j0&_p=1960640960&cid=106191227.1682124039&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBA&_s=1&sid=1682124039&sct=1&seg=0&dl=https%3A%2F%2Fwww.heralddemocrat.com%2F&dt=Herald%20Democrat%20%E2%80%93%20Herald%20Democrat&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8Y10R17R20&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:39 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 57AA 0
0 77ms
76ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstbq8ipPr9yKqMYjiOXSqgIu7wCzaLgfoeAV2648B7Z_JHfeNwHIpA4KjWnPXxPiPyr4TUpb6AfVFLRCugzUJmAbaI7LqqbxHF8nPG18Tzk2867Mu5kRG85iPlOXMTHRMO5T7WaEKNm13bm-fmp52fsSmxYmhD47Rn9larlPFhZYvFNgNuee92tjdiXu7xM5PU-MTwUZuIYmVh8HYlxScfbdBWBuKzFwUnZsg1OqbiwZZk5Md3yKLakZjEogTuo8nFp1K_VTEkxK2qe5RLEfqhuaPfZdGcalZ8tMGmLlHgeYflJQkGOk06bzCEFzUGyn0hU96ObvpYOtTBCdZbiI2Of0FZcSA&sai=AMfl-YR7tNY1qUCey8RItdOtzlSkL9RUU-VKXsrmiXj8kmITFXijo7FEY4XB4d8noWWO-64zgeH-v8yKhtnrYs8JQ1ez9uwX8ZLndo94zcKDn-Z6_xrS5-dhs1r_x4f8B0pJcw&sig=Cg0ArKJSzFk31mzu-EfuEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:39 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4132 0
0 77ms
77ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstsCQNPqdGRotcxr1zMaBvoe_oiIWbssyanhDikid4KwvVcXATVvDOzrr5HFoMEz1Km3kOLInaL9Oojh0M5PQjByTmopelp3oOIdqJjzsbE13uXT8WMI_kFbHwR3nPOrCFXPnrLGWXJfMIP7zATrRIWkCFUNwXkB4gEN_GwSTFJQ1Ax0Ekr1gHCr817UWQeHBzVzAXYJhe7qC_oNY0Law5DLQINE02mq0z2eHjdU2SCkiQ1mPOyVTpebeqM_GXWTBQqzANVnjMX4cMqH_7VPIq8jYqjqQviqVI3RJBe2rJKr2hnnvWqEz52B3kMx3_RSSAZ0frBRpUyL5bRloAoBmd7SN48VQ&sai=AMfl-YRedIDLbYUMQnid9NOLR6VewTaNxI0-XwZSzRiMFe-dISmraF5Z-hjuWPqTBqnA0fnjRHiMVI4qnLORmrdZPjB4M5nJ3BSoUyzPZ6M-bDqPNMd9bShVcVP7hNkGJz4a4-BQ9SirQFKPaX6vGg4&sig=Cg0ArKJSzGXqOCRWy_epEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:39 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A4A5 0
0 77ms
76ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstUQU0PGOeVHnoHVEIj9_cnJGQG8zAcB7TXg7mIxUzlnKg4omHXqzqb3mw8oT2zh3B-DtsOYRntR3uKAX0OKDF8auuXrKE_rwOn7jTi6fEohB9cfjjKvN33UfIJHDDqzx5Uj6Bpnl80dgenkDMDspYItxIhC5RWgczWEpkHOxTmQUPiJ2Q1pVpD8j_KDAygccyXX0-5GuUBAQlgwYgufaLDNaguADHw6h2KL90WzX5BiDyU098_jHtqXx4nPaQTxkFnZpnhFAvINNHkjZJ2_EjiUCwE-a7yzwo93xXIW3An-Eud_duayFmSGHcmV8zYrXZrW8434lPmCYT9ciRAVDugRw&sai=AMfl-YTkSt0qMs_nD9UE5XTUlNNYrdvHMLnauQwFV1EAj4pV8gjhexfggEUeFDDYbS7d6xf5THA9TmTiYuYezKUHH_3mCJBGC6Eiut4j7VjBGomhm2RON2KxrQhzLfobu_V3g5d-ygo6S20bNZI90OY&sig=Cg0ArKJSzAQ2pt3K-qFPEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:39 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F765 0
0 78ms
77ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsty0Wnkct_TLx8EDugXJ8rlV0c_9yhkhD8eBiOYsmbbC_puP56ZElGNG1xqweRTniNsvjNYomaswqYMoE0ke1AsCTXc2wttuN9-D7WsaftWc2qo_ofYF-ZUE2RXZUGpPHP1VmzGYSejHGofg354v1Qe-uS4_9uEO06IBgJAfqu8Yq2GwpidEkuElbIwvVRi59E9pq3znuCSnYscgNnBTwb6L7kKyLmwH9qfaWYaIzjMvTGEDyJ0Mi6aVcLQ41JR6TC03KQ2Hs_rX0myA-hlbNnf5Pxfw5c7i8usE2DHnJ3k3_URKB2dfnkBmgHn2uhAwx19oAfCzp-Tg5diFFUYqhEKfU0mUjVB&sai=AMfl-YTAQiGSyztCVdhGFR-XFs4H0uDtzvDmrfDzohbHECu8GVbnKFZ1A7mJDdw4FhC6ErG7U88JGaubXTFsJOp0UqW4SfiXLHr473W4Fi3DsdQ87STpYw8JfgcAK_iUI8_F82W_1k71iP7d6RQModc&sig=Cg0ArKJSzGc24B1vVNwcEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:39 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9A31 0
0 77ms
76ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssqzcoMzWkP6EbG24nv_ezviuJtbtgzVnWUDFQKJv1lhB4ikQ84uPGBGDoCwxw6gzgni5Cdys09v0PHeeLX705kqZT3qhwQ4XSOytJyTIsPU_nYR76PxnrfQZRMvx6kardfENCyCIpCF95tAPoQMJyLW62Iq2GLZwsh-hTAbU0WUUoqws9f6bPkCURKcURwPZJIpkyS9cvyr_nqOsjZvNtv-RTL-Gxn5XBOntaqVwT48VJ0--nNfUtU_S7r4nXNMUXqglgK44fAO8RCbhnsgeElWO9e7J5OgVUAEKBCk5_qtiALpUjXXqPBA_EkhY51IS2bU6G4xsLREo3UJd4ZDFbwHJ4&sai=AMfl-YT6ydN2o5GQdjzVpKvRvV1VeFTMy1VKFu2yJDy6iQgsCct3SbK93xblygPu4qAE5G_IBu6Fwt_Gwkmy8o1XuOJ-GSLiiBi9mibUUSFJbCYAZ3Zjo9875xtJSCYQXDd5j3inFTa6nxrmnpHXyEc&sig=Cg0ArKJSzFisIKUKKmlsEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 00:40:39 GMT

POST
H/1.1 202
Accepted event Show response
analytics.cherryroad.com/api/ 2 B
356 B 420ms
183ms XHR
text/plain 207.228.225.157
HOPONE-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.cherryroad.com/api/event
Requested by: Host: analytics.cherryroad.com
URL: https://analytics.cherryroad.com/js/plausible.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 207.228.225.157 Ashburn, United States, ASN14361 (HOPONE-GLOBAL, US),
Reverse DNS
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 22 Apr 2023 00:40:39 GMT
Server: nginx
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 2
x-request-id: F1ga5tJidsbJnwsACHnx

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/160835/4933/ 210 KB
65 KB 134ms
39ms Script
application/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 223fc8122a307637f83efd6b57fb96e0daf8795aaa98e431e83064efa65b4da3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
last-modified: Mon, 28 Nov 2022 20:34:20 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=21846
accept-ranges: bytes
content-length: 65523
expires: Sat, 22 Apr 2023 06:44:45 GMT

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 221 B
315 B 60ms
60ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 75c16579fd59f14a43241315285e57478b808147a85be712021c97f13fe65df4

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
via: 1.1 google
server: Google Frontend
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: 117afbe4140348a3382a13a8ed306de1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 221

OPTIONS
H2 200 encrypt
esp.rtbhouse.com/ Frame 0
0 147ms
59ms Preflight
text/plain 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heralddemocrat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST, GET
access-control-allow-origin: https://www.heralddemocrat.com
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
content-type: text/plain; charset=utf-8
date: Sat, 22 Apr 2023 00:40:39 GMT
server: Google Frontend
vary: Origin
via: 1.1 google
x-cloud-trace-context: c2cc5f6f196bfec7b733f2a1f365c60b

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
331 B 141ms
45ms XHR
text/plain 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.heralddemocrat.com
date: Sat, 22 Apr 2023 00:40:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
DATA 200
OK truncated
/ Frame 80AB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d97d3bf9fd83935f348bb037fa278239d1ca078e74552836df569896098c16b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
340 B 194ms
56ms XHR
application/json 54.246.170.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.170.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-170-47.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 95a76e1151f7f319451ae1a4e7591644a434072455c8d0c9219653560053e7b7

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:39 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache
x-server: 10.45.11.234
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.heralddemocrat.com%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.heralddemocrat.com%2F&rid=esp&cc=1

85 B
202 B

152ms
151ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.heralddemocrat.com%2F&rid=esp&cc=1
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: a5cb73a960ac02dce94502161217fdb8c0736a3d87383b424cee88541f948a33

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-6x7XLc7apR9gsyf3iChPl9rJvkY"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heralddemocrat.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Sat, 22 Apr 2023 00:40:39 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.heralddemocrat.com
location: /esp?url=https%3A%2F%2Fwww.heralddemocrat.com%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame D826 15 KB
6 KB 482ms
167ms Document
text/html 2620:100:a005::d
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.heralddemocrat.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a005::d , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

6107bf460934843cbde00678d356a436f2dd7c39ec331e8dbb7167e7f3858fc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 00:40:39 GMT
server: Kestrel
server-processing-duration-in-ticks: 671193
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H/1.1 200
OK eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx Show response
publisher.etype.services/ajax/ Frame EFF9 2 KB
1 KB 312ms
312ms XHR
text/html 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/ajax/eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx?_method=GetSpecialEditionList&_session=rw
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/ajax/common.ashx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 848024de6bf0935091bf5a92d31838baaaf4ec8712d784d15665adc4f2debbad

Request headers

Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 22 Apr 2023 00:40:39 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 810
Expires: Sat, 22 Apr 2023 00:40:39 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame E52E 2 KB
1 KB 44ms
43ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEMtBgALGrUIu8h5AAdAk6YDGj_Uo6DdkpU3mw&u=%7CB1qztyg3%2FnaP7W5RWdn%2Bcg8w41BkslWlHEafvrQFaGU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZetDT5vPMn_ZEYZgNxwU-bKOhxqqVnzPEn-gi7Cxt4Ao3-dK85QHHPLVWeT1jWsfkiZSYTGJnSuVxllT2NNzUUHkZsEkvDHvQo9v5Ca-azQCtmAMra-hJk6VL6infGN0BzanldH73zH3osrmdE_rjrnAKfrQVicQUARY3WnQ6tzwdWwrIX1HEMzBKK0huSRgT3dMIGIJ4Mvnnz_s544D4IixsqRFESTZBhmUbLskrLrc5Z98RzNRHwZu5ZRB2BybJ2WrzkKa-BvTiCCny2SFYscPcAkl642j60OboRbe5oosGjNE2EgizlDpJ1Oiu2STLJmOaGuWokY0nVlJwAWSSblecMmu6KGOnRbL2_R9L66ePtMCt1xQssRuRMiM1p4pC0bl5ChyoqmRgMw3rPoXvzFksFla8B-f2-hgfVQTIDxNlUpOYbXVBrsHaoPAXvlHwNONKX_cHmqD1RLVIhgD8fcqGbfmSYM37ujl0khxyTT9rb7FvK9aZShEgivr0oXro0mK8Ij34FiIK2wI06DUFMg7-h8I5LQ-nsJHFFKL4GrLc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC35w5Bi1DZLW1LPmQ7_UPk4Gd6AzJntKxXNWdkfdwwI23ARABIABglYKAgLQHggEXY2EtcHViLTYwNTU4ODIwNjM3OTUzNDnIAQmpAgnD8hxgbLI-4AIAqAMBqgSnAk_QcrpItglybDIbkWZD7klmULVBKcupM-lEPzQnP2OGhiULTQEpV1_Oy3dSlkhtGUOwhVNsPQiK76zsQ8d_vq3WfvAllEmZ5gocb8gtyL8qSFT5nGN5vXeOs8cYqJUXSivNF9nW-Uxell3QdAsMahKoOGU_mrdSGnKPCgfjk8IppScWzW_m9sIthtzU4a2JtblG8NDu6Z4sky7hJl0pEe8GOZGv9bCGijvPKqlKg7PNo_4XrLLTShfuZ3axN5YcxXhdEcsrrUdVrjMg1oSWXmcjplEvAOLmhGTg5GPzgXDoKV_jn2QssxSS67L2mrtvSqiyO-IIUtC_F0BcnSB6-da50NJg2TXJ0BPcpi1hX5uee34lJgLnZpA_VibheAIAT3_shq9bQZXgBAGABtyKgb2Ag8b3tgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3KM5nCEGUcYd3B3H0Zoz1uFNekvw%26client%3Dca-pub-6055882063795349%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame E52E 2 KB
1 KB 45ms
45ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame E52E 308 B
636 B 43ms
42ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame E52E 293 B
621 B 42ms
42ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame E52E 43 B
348 B 168ms
51ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=jAsxgX8WJ7ScdiDVDfcN1PeaoUBDX7HMttY_4tmNvMdHQnW1Fj5Tf_gVmXx4arpmxoqYnL3JMLyyX9N514ru4JCK3VIhVtr0fVmgBE2UtljBjRyOFle5Re3v2SlA5rWnvpCjCPxfqPLPjbCFxTa7GhroB7P66seZ7fKPC63fL9QcxCYgbaW7WPgj5LhO-jNOgIeNcKPFCKyGmEv01Irm_rsWMa9IsM6XfsvZpvKEeoUUCcX_4oPA_IRSiPk2rQD8JM1y5RYdeIpk2K0tVNOhaev25lYX2MGzA60FeqMOHS2bv6tkT-ySSxUn8A2b6voH4y7bcSN_dDYNquRFZN47OCwbWcNulB-q1DqbUAU2Xjk9ivKbvMAwsw3cMJ4-RC209tRwdJoexJK6dgSjwcCqSHA_J-rgPr2gAzaQ3Z7hUbXr19mI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:38 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2153108
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame E52E 12 KB
5 KB 132ms
46ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 250706
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NoxPk0ShKlQ1YchVT1TdOUQbnuW2Rg4%2FEuU6WFYjvwhP6HoWOR0pfpcZPt8a2t924NjBFBKqaDXLBSC3Xl4xtmIa1vNUUw4Y9%2BHal%2FeIrd%2FxwEAc%2BXo9J9L1%2BEOCI5pxVNwStk7AT5BVD6Ac5YsZp6wG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bb9d10e8f5c9ba0-FRA
expires: Thu, 11 Apr 2024 00:40:39 GMT

GET
H2 200 0d5410bc9c3e437daf6999836d04f18f_ubuntu-medium.woff
static.criteo.net/design/dt/ Frame E52E 38 KB
38 KB 171ms
86ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/0d5410bc9c3e437daf6999836d04f18f_ubuntu-medium.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ce8b0ce00b853304b4500a3e0273c2ee8123ec998d9ea4bc1a2b3e97c573b61f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 02 Oct 2018 14:57:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5bb38755-97a8"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 ec51d215a5904df99ebfe8eacf21246e_ubuntu-light.woff
static.criteo.net/design/dt/ Frame E52E 46 KB
46 KB 187ms
102ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/ec51d215a5904df99ebfe8eacf21246e_ubuntu-light.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8d6af87f2e8ab6ba751d5bda81faf18aed637f3c43f3f5c25acfcdb8dc674a92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 02 Oct 2018 14:57:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5bb38755-b778"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame E52E 12 KB
6 KB 45ms
45ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 a8708681f73f44c195d7e451ab1546ef_cpn_300x250_1.jpg
static.criteo.net/design/dt/3018/230419/ Frame E52E 10 KB
11 KB 53ms
50ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/3018/230419/a8708681f73f44c195d7e451ab1546ef_cpn_300x250_1.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

7c240e5136546d2b3d80b0f98ce715fadc47f23b1e82514d37bcf826394d10bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Apr 2023 10:10:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "643fbe05-28f2"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 10482
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame E52E 3 KB
3 KB 229ms
108ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=76&m=0&partner=3018&q=80&r=0&u=http%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F1344%2F230413%2Fc53e5f9a71444a36ae4d74a664fc7269_logo_n_horizontal_4.png&v=3&w=596&s=r7Ebeq-JZqJ_QiNyeHzb5ArV

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

459088e27f5b21c4db740ba708ec600a26fccb6c917361bbfeb82c4d1b66961b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
content-length: 3377
expires: Sun, 07 Apr 2024 12:40:55 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame E52E 93 KB
93 KB 268ms
147ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=3018&q=80&r=0&u=http%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F1344%2F230413%2F995038c0f1e649ee8357259ec332d2be_img_vertical_1.jpg&v=3&w=1200&s=Yb2ZyrAnzrAgto21q5PcGlKL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b835e8ca623c86a08f156d671b513ac680197de8c63aa4b63ff936e20c297a5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 95292
expires: Sun, 07 Apr 2024 12:40:55 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame E52E 11 KB
11 KB 320ms
200ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F16055430-ERcssJGh.jpg&v=3&w=400&s=OmTydPDewHK8C6w7BTbh2jBR&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

70da8ace6902ee458fe64deffd6b9a58a0e93b17049535af415f87440de4884f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
content-length: 10836
expires: Wed, 26 Apr 2023 13:10:04 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame E52E 9 KB
9 KB 241ms
121ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1541573180%2F18316508-Fn21UoMR.jpg&v=3&w=400&s=PgMu1WiaOuh2y0iR0WGsjU0h&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

42de4c706cb11215305adaef950fcc4d1f99bc15b7a40db694279ed9ca2928c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
content-length: 8736
expires: Wed, 26 Apr 2023 13:05:51 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame E52E 27 KB
27 KB 217ms
97ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1673384406%2F22270143-92UyPwmg.jpg&v=3&w=400&s=RiGI-jWvfoWEtN_G1jp9BoD5&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cf0cadd9ad85c8bc7ae0828e8892d5e7bedf0e1199447fe8171f7f5a6aecdb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
content-length: 27650
expires: Wed, 26 Apr 2023 17:31:29 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame E52E 0
128 B 153ms
42ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=qu3yRD8hHs2gVfI5jXtRAjgPNzQItgTlwjeP3IdcIH9UoWMESIv5fnSYxCwkKk6xK1Khg5n_xvCPW1x4EO9cpwhZ0UyctrO4tehA-ORpxF9p4fPbHnITeIxAksHfTY87-5T3Tyw3KKpDWhqkYri7a_cC6Yz8wsk3ZR8TmiucVU_ELEgU2Y6RGCrexr7DyvOoNkCrzQl9fj_TinvrbT0CzKHWE5PvDyXfltHmBRe0pls9aN7tVAcI2kmvx1j0naylR295xA&sds=2&rev=85950&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame E52E 2 KB
1 KB 52ms
52ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame E52E 2 KB
1 KB 51ms
51ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Apr 2024 00:40:39 GMT

GET
H2 200 / Show response
trends.revcontent.com/api/demand/ 52 B
302 B 220ms
93ms Fetch
text/html 18.202.146.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/api/demand/?w=275271

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.202.146.245 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-202-146-245.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-rc-region: eu-west-1c
date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=931536000; includeSubDomains
server: envoy
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 38
content-length: 52

GET sync
trends.revcontent.com/ 0
0

POST
H/1.1 200
OK eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx Show response
publisher.etype.services/ajax/ Frame EFF9 247 B
594 B 181ms
181ms XHR
text/html 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://publisher.etype.services/ajax/eTypeWebsite.SpecialSectionWidget,eTypeWebsite.ashx?_method=GetPubSpecSecWidConfigOnPublicationId&_session=rw
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/ajax/common.ashx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a44b1d47983a8562bab76664d05f8800b11ee06e0a0a3aaae142ec8c89c0edeb

Request headers

Referer: https://publisher.etype.services/special-editons/C6FA55C54659D987
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 22 Apr 2023 00:40:39 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 286
Expires: Sat, 22 Apr 2023 00:40:39 GMT

POST
H2 204 api-errors
yeet.revcontent.com/yeet/events/ 0
0 62ms
61ms Fetch 3.248.64.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/api-errors
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.248.64.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-64-182.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

x-rc-region: eu-west-1c
access-control-allow-origin: *
date: Sat, 22 Apr 2023 00:40:39 GMT
x-envoy-upstream-service-time: 6
server: envoy
vary: Origin

OPTIONS
H2 200 api-errors
yeet.revcontent.com/yeet/events/ Frame 0
0 195ms
68ms Preflight 3.248.64.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/api-errors
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.248.64.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-64-182.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heralddemocrat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
content-length: 0
date: Sat, 22 Apr 2023 00:40:39 GMT
server: envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time: 12
x-rc-region: eu-west-1c

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame AA2D 0
176 B 143ms
49ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Sat, 22 Apr 2023 00:40:39 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 / Show response
trends.revcontent.com/api/delivery/ 12 KB
7 KB 159ms
158ms Fetch
application/json 18.202.146.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/api/delivery/?is_blocked=undefined&w=275271&width=1600&rev_allow_cookies=0&site_url=https%3A%2F%2Fwww.heralddemocrat.com%2F&icr_url=&va=0&user_uuid=undefined&time=1682124039686&up=pc&bn=chrome&bv=112&widget_width=1314&style_id=0&idhub[pubcid]=35c54074-0527-4382-afcc-d13170b5344c&an=false

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.202.146.245 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-202-146-245.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

0e73ccb4872fee79dda7139fea97c40aa28953a3785faf2b779a11205291999d

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-rc-region: eu-west-1c
date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=931536000; includeSubDomains
content-encoding: gzip
server: envoy
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heralddemocrat.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 104

GET
H2

200

sid Show response
mug.criteo.com/ Frame D826
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=heralddemocrat.com&sn=ChromeSyncframe&so=0&topUrl=www.heralddemocrat.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=dToGGXxnKzBlQnN0TzlVdTgxbWszbFdkRVZES2VXT1YyTzgvSE9JRW5BTWJpZWh5anVZNWZHdlVJeW1ZN1pXS0k4OExzNDcrVis0YnhXZDJtRnBvWk40YzdWcGpPUmVGYWgwOTdubUxqeWhOanRGM0FWRTc5UnRFTUFFZj...

476 B
697 B

514ms
160ms

Fetch
application/json

74.119.118.149
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=dToGGXxnKzBlQnN0TzlVdTgxbWszbFdkRVZES2VXT1YyTzgvSE9JRW5BTWJpZWh5anVZNWZHdlVJeW1ZN1pXS0k4OExzNDcrVis0YnhXZDJtRnBvWk40YzdWcGpPUmVGYWgwOTdubUxqeWhOanRGM0FWRTc5UnRFTUFFZjV4QlFoeFVjVi9YMlRsUGdVVVhtTU1GVmpjWlowZlJoVk4vZWVNRGJqa1hXYlpYTGdudzMwaFdNSktKSHVrWUE3ZFBFc2RYa3NhaW04L01iNFFmczdzY3kzUG9tZXIwcFFpNHFYQkNBdzZUcGVrVlNaMkJCQzNFQ3NkdXg5TGN0RmVaNFFYVmtFbTJKdndtRkd6aVA5M2I2Vm5EV09YM2xhYW9TUURIY0tGbjRyK0NETTEvaz18&cppv=2

Protocol

Server

74.119.118.149 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

7679f0c65271f3c290cefa69c239d2a3c4b9e83acc100e4b324d08cdcf0aa804

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:40 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2643387
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=dToGGXxnKzBlQnN0TzlVdTgxbWszbFdkRVZES2VXT1YyTzgvSE9JRW5BTWJpZWh5anVZNWZHdlVJeW1ZN1pXS0k4OExzNDcrVis0YnhXZDJtRnBvWk40YzdWcGpPUmVGYWgwOTdubUxqeWhOanRGM0FWRTc5UnRFTUFFZjV4QlFoeFVjVi9YMlRsUGdVVVhtTU1GVmpjWlowZlJoVk4vZWVNRGJqa1hXYlpYTGdudzMwaFdNSktKSHVrWUE3ZFBFc2RYa3NhaW04L01iNFFmczdzY3kzUG9tZXIwcFFpNHFYQkNBdzZUcGVrVlNaMkJCQzNFQ3NkdXg5TGN0RmVaNFFYVmtFbTJKdndtRkd6aVA5M2I2Vm5EV09YM2xhYW9TUURIY0tGbjRyK0NETTEvaz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 521893
content-length: 0
expires: 0

GET
H/1.1 200
OK bx_loader.gif
publisher.etype.services/assets/global/plugin/bxslider/images/ Frame EFF9 8 KB
9 KB 152ms
152ms Image
image/gif 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://publisher.etype.services/assets/global/plugin/bxslider/images/bx_loader.gif
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:39 GMT
Last-Modified: Fri, 13 Jan 2023 07:43:56 GMT
Server: Microsoft-IIS/10.0
ETag: "c6fe93ca2227d91:0"
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 8581

GET
H/1.1 200
OK thumbnail.jpg
etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-02-28/330584/ Frame EFF9 75 KB
75 KB 650ms
160ms Image
image/jpeg 20.150.38.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-02-28/330584/thumbnail.jpg
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.150.38.36 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b29c0b514b41b8d4516d064df803cc2afa876f3b118b70599f794d38188c0ef9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 22 Apr 2023 00:40:40 GMT
Last-Modified: Tue, 28 Feb 2023 14:57:41 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8DB199C2431A236
Content-Type: .jpg
x-ms-request-id: 4cb6753f-b01e-002f-30b3-7448f9000000
x-ms-version: 2009-09-19
Content-Length: 76483

GET
H/1.1 200
OK thumbnail.jpg
etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-03-29/335749/ Frame EFF9 83 KB
83 KB 648ms
156ms Image
image/jpeg 20.150.38.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-03-29/335749/thumbnail.jpg
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.150.38.36 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 7c4e8b92a244d393b3e5673b98aad9dc00868ba21251c1729c029407faf75fe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 22 Apr 2023 00:40:39 GMT
Last-Modified: Wed, 29 Mar 2023 21:50:21 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8DB309F9857E62D
Content-Type: .jpg
x-ms-request-id: 1ce84421-301e-0021-29b3-746149000000
x-ms-version: 2009-09-19
Content-Length: 84948

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 184ms
95ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

694a59a25435468f569ad2f87c02d04bc53625723a32994a6571b0b471d77d8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11277
x-xss-protection: 0

GET
H2 200 tcx-ping.php Show response
japfg-trending-content.appspot.com/ 206 B
284 B 592ms
489ms Script
text/html 2a00:1450:4001:811::2014
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://japfg-trending-content.appspot.com/tcx-ping.php?s=10254&t=Herald%20Democrat%20%E2%80%93%20Herald%20Democrat&h=www.heralddemocrat.com&p=%2F&w=2&a=ldgr4--ldgr9&_debug=1
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 8f6bf9a7e788b82399d4b9969016affff0930e98855abf0a2daf1758b7fd74bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:40 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

POST
H2 204 impression
trends.revcontent.com/event/ 0
0 82ms
82ms Fetch 3.248.64.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/event/impression

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.248.64.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-64-182.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-rc-region: eu-west-1c
date: Sat, 22 Apr 2023 00:40:39 GMT
strict-transport-security: max-age=931536000; includeSubDomains
server: envoy
vary: Origin
access-control-allow-origin: https://www.heralddemocrat.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 26

GET
H2 200 brandWidget~feedWidget.delivery.js Show response
assets.revcontent.com/master/ 65 KB
17 KB 45ms
44ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/brandWidget~feedWidget.delivery.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: b2b5d3274386876cff4aedd08a1859b29794bca62c235fb7d9ca55e9b6438570

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2023 18:37:18 GMT
server: AmazonS3
x-amz-request-id: 8ZEVTFM6KZW8Y1D4
etag: "c17f1c98185079f58fbc3db3229ca00f"
x-amz-server-side-encryption: AES256
x-hw: 1682124039.cds279.fr8.hn,1682124039.cds327.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 17000
x-amz-id-2: AkwBmoEvRA8piLzzsuZXLg8PntqPh7InnxU1r0u4DhEq8PYbyVG+TooB+BydS9ft/UdfHaXdfKo=

GET
H2 200 defaultWidget~feedWidget.delivery.js Show response
assets.revcontent.com/master/ 23 KB
7 KB 45ms
45ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/defaultWidget~feedWidget.delivery.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 33f4ae201107a9e249e969e5746d06e7aebb6c11a3c8f5d3f27363ddd9ba1159

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2023 18:37:21 GMT
server: AmazonS3
x-amz-request-id: 8ZEKZCTF18EPQH4E
etag: "b3ae1bb827d789cd618c9cfbac5c2a96"
x-amz-server-side-encryption: AES256
x-hw: 1682124039.cds279.fr8.hn,1682124039.cds154.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 7093
x-amz-id-2: /Pg63IlbSSiRr0D4VjxrcRq9Gg1vRANeTeeywGiMnWDowGRsJ2CCHWJvP8eD7HBi6GSpRS7ir5I=

GET
H2 200 feedWidget.delivery.js Show response
assets.revcontent.com/master/ 30 KB
9 KB 57ms
56ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/feedWidget.delivery.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 36fdf412ea69210410b23cb055a96b28baac1072d4beb9b4237561e7a9233812

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2023 18:37:19 GMT
server: AmazonS3
x-amz-request-id: 8ZEKPS3E7271HG0G
etag: "f173e84adcb1fb48205baf9fb56b5f78"
x-amz-server-side-encryption: AES256
x-hw: 1682124039.cds279.fr8.hn,1682124039.cds266.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 9188
x-amz-id-2: Q2XDnjSHRWSBuCgz5hFpVkgqDfYzQ6hmZASy2gK5VXnfC3KpKdyLDeX1ZmTQOvzvQ1ViL/L8ff8=

GET
H2 200 commonModal.delivery.js Show response
assets.revcontent.com/master/ 3 KB
2 KB 60ms
60ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/commonModal.delivery.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: a7204fea2539a607b0bfea15733c36ba7d706756144333aae6c16c2094d3ca03

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2023 18:37:18 GMT
server: AmazonS3
x-amz-request-id: E9Q6MSXJP2C9ZS3M
etag: "d897f0191ef100a658a6a3eebd1f184e"
x-amz-server-side-encryption: AES256
x-hw: 1682124039.cds279.fr8.hn,1682124039.cds002.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 1669
x-amz-id-2: XVvUri9DqYizxNFO+Lq1mKbOQilhGuxgDfNGBELfG6oVYQ1tm4f/X/ioAKakF+lAXyGlbwEJjrxC3nUX/ojg7w==

GET
H/1.1 200
OK score.min.js Show response
js.ad-score.com/ 439 KB
140 KB 171ms
41ms Script
application/javascript 2600:9000:20eb:9400:a:deb0:3380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ad-score.com/score.min.js?pid=1000177&tt=opt
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9400:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3281339820a5692f2b48ccb8cf6e492e74a9e32bff8a45252c67d69e223e77a7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 21:28:39 GMT
Content-Encoding: br
Via: 1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C1
Age: 11521
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Fri, 21 Apr 2023 21:28:39 GMT
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
X-Amz-Cf-Id: q6KKMUX4j7-7fXKyNvwIumlfBgIMDFXwvxR_2zL0-QFr2fDXd6OKLg==
Expires: Sat, 22 Apr 2023 21:28:39 GMT

GET
H2 200 /
img.revcontent.com/ 1 KB
1 KB 141ms
45ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.revcontent.com/?url=https://cdn.revcontent.com/assets/img/full_color.png&static=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: /
Resource Hash: 94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:39 GMT
last-modified: Thu, 02 Jun 2022 15:22:42 GMT
etag: "1654183362"
x-hw: 1682124039.cds234.fr8.hn,1682124039.cds260.fr8.c
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1351

GET
H2 200 63c6a3bfd15776-05990272.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 11 KB
12 KB 150ms
54ms Image
image/jpeg 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/63c6a3bfd15776-05990272.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

Cloudinary /

Resource Hash

1712db2ac9948f052b629d35a83530960b4f24075b69c2a8b3f7323697f20235

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:40 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
server-timing: fastly;dur=3;cpu=1;start=2023-01-17T17:21:17.621Z;desc=hit,rtt;dur=0
content-length: 11699
x-request-id: 35b81a8080cd96feaf3c17b9ea1ea9b9
last-modified: Tue, 17 Jan 2023 13:36:23 GMT
server: Cloudinary
etag: "fba682e55e5aa4ce3c38c5e14920b5b2"
x-hw: 1682124040.cds255.fr8.hn,1682124040.cds246.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 600094911ecc17-90281222.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 12 KB
13 KB 185ms
92ms Image
image/jpeg 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/600094911ecc17-90281222.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

cloudflare /

Resource Hash

1056a70c53f0dfe6f883c954df30d15dad8b8d5506a69575a044e26bb54e06d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:40 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
server-timing: cld-cloudflare;dur=16;start=2023-04-14T15:52:59.368Z;desc=hit,rtt;dur=1
content-length: 12597
last-modified: Fri, 12 Nov 2021 04:19:05 GMT
server: cloudflare
etag: "1a1f30301cf15c6ee54121f749c53526"
x-hw: 1682124040.cds255.fr8.hn,1682124040.cds097.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, no-transform, immutable, max-age=604800
accept-ranges: bytes
cf-ray: 7b7d1e7b0ce36993-FRA
timing-allow-origin: *

GET
H2 200 6a481d08173f52d6f1d2fc21492d7e81.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 13 KB
14 KB 145ms
54ms Image
image/jpeg 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/6a481d08173f52d6f1d2fc21492d7e81.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

Cloudinary /

Resource Hash

6f6264f04d843c514e8b7a830c18a6ac059bf15f500ea1b8d37a619e84e71f85

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:40 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
last-modified: Wed, 07 Dec 2022 17:50:51 GMT
server: Cloudinary
etag: "a36491d720b1a3019f083c4e3889349e"
x-hw: 1682124040.cds255.fr8.hn,1682124040.cds213.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=604800
server-timing: fastly;dur=2;cpu=0;start=2022-12-07T17:52:23.287Z;desc=hit,rtt;dur=0
accept-ranges: bytes
timing-allow-origin: *
content-length: 13679

GET
H2 200 642e949d2ccb44-11238038.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 11 KB
11 KB 188ms
100ms Image
image/jpeg 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/642e949d2ccb44-11238038.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

cloudflare /

Resource Hash

f9d46ca57e0b35c07ed7c77f780f2c4dc9076c6aec6cf4a7a2c3c28ea5ff8fdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:40 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
server-timing: cld-cloudflare;dur=143;start=2023-04-07T21:20:59.411Z;desc=miss,rtt;dur=1;cloudinary;dur=38;start=2023-04-07T21:20:59.468Z
content-length: 10818
last-modified: Fri, 07 Apr 2023 21:17:43 GMT
server: cloudflare
etag: "c6d7256ceac2331c49734419c8c1fd94"
x-hw: 1682124040.cds255.fr8.hn,1682124040.cds280.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, no-transform, immutable, max-age=604800
accept-ranges: bytes
cf-ray: 7b45515349eb9a2d-FRA
timing-allow-origin: *

GET
H2 200 rc-logo.png
cdn.revcontent.com/assets/img/ 2 KB
2 KB 143ms
46ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revcontent.com/assets/img/rc-logo.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: /
Resource Hash: f4241710e57486ad91102e31823e855469608e1aea362f1f0e059609c9eb9a56

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:40 GMT
last-modified: Wed, 12 Apr 2023 19:12:49 GMT
etag: "1681326769"
x-hw: 1682124040.cds276.fr8.hn,1682124040.cds337.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=18
accept-ranges: bytes
content-length: 2091

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 22 Apr 2023 00:40:40 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 31B2 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 11757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 21 Apr 2023 21:24:43 GMT
expires: Sat, 20 Apr 2024 21:24:43 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5D75 783 B
1 KB 136ms
48ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a2010070baee50d515b9b964f925cbc502059271d6f629152af9e3e70f720cff

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-IVSlPhm0E98GOSsxlbNXDQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-IVSlPhm0E98GOSsxlbNXDQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 00:40:40 GMT
expires: Sat, 22 Apr 2023 00:40:40 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK controls.png
publisher.etype.services/assets/global/plugin/bxslider/images/ Frame EFF9 3 KB
3 KB 152ms
152ms Image
image/png 20.40.202.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://publisher.etype.services/assets/global/plugin/bxslider/images/controls.png
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.28 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 257206c4fd6bcee36927eb0ef2ba087b5dfc6c9a18df7f8553878bf847616226

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/assets/global/plugin/bxslider/css/jquery.bxslider.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sat, 22 Apr 2023 00:40:39 GMT
Last-Modified: Fri, 13 Jan 2023 07:43:57 GMT
Server: Microsoft-IIS/10.0
ETag: "49e6ddca2227d91:0"
X-Powered-By: ASP.NET
Content-Type: image/png
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 2806

POST
H/1.1 200
OK cors Show response
data.ad-score.com/data/ 50 B
725 B 611ms
164ms Fetch
text/plain 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.ad-score.com/data/cors?pm_st=UEcANoEpMtXddUtopWZWoKYEygKfAZdw-FE7fPshldVrrKDQa03zIEU7F-E0zJPsxmaVfjPw==&pm_ct=5f9ad03e4aece02b0a425c10&pm_pl=1682124040203&pm_td=9&pid=1000177&en=1.1&callback=__pm_glbl_r2lDmUG1M5W3RdBKdHLGYXbe._gc1&tt=opt&v=5b851bf
Requested by: Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000177&tt=opt
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 4e7f7c480f0363b553d420a831abcff0092184978289c0365641c9f262d8fee6

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 22 Apr 2023 00:40:40 GMT
Age: 0
Access-Control-Allow-Methods: POST
P3p: CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin: https://www.heralddemocrat.com
Content-Type: text/plain; charset=utf-8
Cache-Control: post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 50

GET
H/1.1 200
OK x.html Show response
js.ad-score.com/ Frame E45C 46 KB
16 KB 42ms
42ms Document
text/html 2600:9000:20eb:9400:a:deb0:3380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ad-score.com/x.html?v=5b851bf&pid=1000177
Requested by: Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000177&tt=opt
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9400:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 6198906618e16d690a96c26c2b84c2f3f1914b5378934bbb0e98571bf7d2ef2a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 11522
Cache-Control: public, max-age=86400
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 21 Apr 2023 21:28:38 GMT
Last-Modified: Fri, 21 Apr 2023 01:22:37 GMT
Transfer-Encoding: chunked
Via: 1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Y-otqtJ7AMIVmAbawkTq3HfdeDAJdpOnSCd_XIS-GAT_NQvAi5um3A==
X-Amz-Cf-Pop: FRA2-C1
X-Cache: Hit from cloudfront

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A4A5 42 B
174 B 76ms
76ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssScgyANaoKIrOJdb4VuD0vfQaY4EF2o5YqPN2UPT6T8sVYuSzO4u1sgllLEnJ3n8JvqAOTF93NB8YElKNpvHl4ZusXaKK7jikq09UP07uyxvd_HC3h&sig=Cg0ArKJSzFn_Ax9X9Xu-EAE&id=lidar2&mcvt=1094&p=398,1157,648,1457&mtos=1094,1094,1094,1094,1094&tos=1094,0,0,0,0&v=20230419&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=360704253&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682124038878&rpt=255&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F765 42 B
108 B 77ms
76ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuKZP_-pVE6qIIs_mQ7XT8edQKow5b9SsZi1YltuCs3VTNswJf7l2XofHMs9-BWuDs_CGuE0UHtCwNtCAA9VFhLBjssL3DR9fif54io3uob939to2J3&sig=Cg0ArKJSzBWxW_qqX-c5EAE&id=lidar2&mcvt=1047&p=278,436,368,1164&mtos=1047,1047,1047,1047,1047&tos=1047,0,0,0,0&v=20230419&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3882773831&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682124038845&rpt=345&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 w05zGG9qaosOBIL1Kb6OkKtrB9U8AfHvOijkE_qF5Xk.js Show response
pagead2.googlesyndication.com/bg/ Frame 31B2 36 KB
14 KB 129ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w05zGG9qaosOBIL1Kb6OkKtrB9U8AfHvOijkE_qF5Xk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c34e73186f6a6a8b0e0482f529be8e90ab6b07d53c01f1ef3a28e413fa85e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:24:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11757
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14215
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 20 Apr 2024 21:24:43 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5D75 0
0 162ms
73ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304180101&jk=3060451837005996&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

HEAD
H/1.1 200
OK x.html Show response
js.ad-score.com/ Frame E45C 0
564 B 79ms
42ms XHR
text/html 2600:9000:20eb:9400:a:deb0:3380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ad-score.com/x.html?v=5b851bf&pid=1000177
Requested by: Host: js.ad-score.com
URL: https://js.ad-score.com/x.html?v=5b851bf&pid=1000177
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9400:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.ad-score.com/x.html?v=5b851bf&pid=1000177
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 21 Apr 2023 21:28:38 GMT
Content-Encoding: gzip
Via: 1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
Last-Modified: Fri, 21 Apr 2023 01:22:37 GMT
X-Amz-Cf-Pop: FRA2-C1
Age: 11522
Access-Control-Allow-Methods: GET
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Cache-Control: public, max-age=86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Id: 8Rvu15-HNuz6USvqmg9tDc2r8hOyCIVIewSEdEL1LCiTwHuaIa35JA==

OPTIONS
H2 200 page-view
yeet.revcontent.com/yeet/events/ Frame 0
0 63ms
62ms Preflight 3.248.64.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/page-view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.248.64.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-64-182.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heralddemocrat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
content-length: 0
date: Sat, 22 Apr 2023 00:40:40 GMT
server: envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time: 7
x-rc-region: eu-west-1c

OPTIONS
H2 200 widget-loaded
yeet.revcontent.com/yeet/events/ Frame 0
0 62ms
62ms Preflight 3.248.64.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/widget-loaded
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.248.64.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-64-182.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heralddemocrat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
content-length: 0
date: Sat, 22 Apr 2023 00:40:40 GMT
server: envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time: 6
x-rc-region: eu-west-1c

POST
H2 204 page-view
yeet.revcontent.com/yeet/events/ 0
0 69ms
69ms Fetch 3.248.64.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/page-view
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.248.64.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-64-182.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

x-rc-region: eu-west-1c
access-control-allow-origin: *
date: Sat, 22 Apr 2023 00:40:40 GMT
x-envoy-upstream-service-time: 13
server: envoy
vary: Origin

POST
H2 204 widget-loaded
yeet.revcontent.com/yeet/events/ 0
0 69ms
68ms Fetch 3.248.64.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/widget-loaded
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.248.64.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-64-182.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

x-rc-region: eu-west-1c
access-control-allow-origin: *
date: Sat, 22 Apr 2023 00:40:40 GMT
x-envoy-upstream-service-time: 12
server: envoy
vary: Origin

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 31B2 0
10 B 40ms
40ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?E2bakg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:40 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK thumbnail.jpg
etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-02-28/330584/ Frame EFF9 75 KB
75 KB 155ms
154ms Image
image/jpeg 20.150.38.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-02-28/330584/thumbnail.jpg
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/assets/global/plugin/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.150.38.36 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b29c0b514b41b8d4516d064df803cc2afa876f3b118b70599f794d38188c0ef9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 22 Apr 2023 00:40:40 GMT
Last-Modified: Tue, 28 Feb 2023 14:57:41 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8DB199C2431A236
Content-Type: .jpg
x-ms-request-id: 4cb67621-b01e-002f-76b3-7448f9000000
x-ms-version: 2009-09-19
Content-Length: 76483

GET
H/1.1 200
OK thumbnail.jpg
etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-03-29/335749/ Frame EFF9 83 KB
83 KB 156ms
156ms Image
image/jpeg 20.150.38.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Jobs/687/2023-03-29/335749/thumbnail.jpg
Requested by: Host: publisher.etype.services
URL: https://publisher.etype.services/assets/global/plugin/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.150.38.36 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 7c4e8b92a244d393b3e5673b98aad9dc00868ba21251c1729c029407faf75fe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://publisher.etype.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 22 Apr 2023 00:40:40 GMT
Last-Modified: Wed, 29 Mar 2023 21:50:21 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8DB309F9857E62D
Content-Type: .jpg
x-ms-request-id: 1ce844b2-301e-0021-30b3-746149000000
x-ms-version: 2009-09-19
Content-Length: 84948

POST
H/1.1 200
OK cors Show response
data.ad-score.com/data/ 1 B
278 B 153ms
153ms Fetch
text/plain 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.ad-score.com/data/cors?pm_st=UEcANoEpMtXddUtopWZWoKYEygKfAZdw-FE7fPshldVrrKDQa03zIEU7F-E0zJPsxmaVfjPw==&pm_ct=5f9ad03e4aece02b0a425c10&pm_pl=1682124040203&pm_td=625&pid=1000177&en=1.1&callback=__pm_glbl_r2lDmUG1M5W3RdBKdHLGYXbe._gc2&tt=opt&v=5b851bf
Requested by: Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000177&tt=opt
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.heralddemocrat.com
Date: Sat, 22 Apr 2023 00:40:40 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1
Access-Control-Allow-Methods: POST
Content-Type: text/plain; charset=utf-8

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 77ms
77ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304180101&jk=3060451837005996&bg=!z8ylzJjNAAYfNdXmPzU7ADkAdvg8WlHnzyyEQ8vpt2nNoOgDMJLiuDbQRyTSciP6nuiI5nNPZIjBT1ubET3x0Tj5DjhcLGY4wvQCAAAATlIAAAADaAEHmQL4uPUJ_FmZxAkJvBfJ5gM1YRNkvp6pB8WLIz4DJ8XNQ0R273oNBadMeZxk2WGqQ3W4SwcYiypsenuOFmDREb0A8N2_IfpBz_AGLKWwddA96dTBGuslkpsR3BE5oK_rbVRarfwvm7dnaATOmfIUes2ViJXmLmO6bgom6A5zS_23e8LTomifqQck8MiG0hAUnhfDgonfVhtP0aVugsJBPGRCYVWWVRSujn3VGgRWvbnkzXWpEPjLYSEM2nBNSBB6aU8bRsPlSlocR7FOEh45MyzbcWLfKdVJrenkEi6izdMAa9N5t9GU2F5hz-68o_YQuFwUbK7Ca4b0l7r9T2k1BFoW9d6BmfgOX4anhrLAe3v8WfOFDBBWKkG_e9TGnZ58fQ7wMJL8Ac7J36ahheCcMkvbka81hVflE9MYftwBDzJXgKQbV8mzKglcobs8mC9vfsam-WLfkP0QrYePA6o2BXk-ZuVutSte2pPpbRinn329L7HAQFSW34TdX75otQr4WgxWdRZ86eiq1Ga0XPThyKAu6cDjSW19LtYTY4zLVsyieYwPlnkypJIHOrr3GjTPpXHfPqMcYe39jQh4ViaGuvJMEOtu_r5qFjnyJIuUEgpfhm8iYPRSUBQ8Et23btHO83taLhv0qcCYX1zZj29_Ox3nY9vpH2h7uvK1qqjz8605t-PuPv5TNOYFwFcA8iM_HIfD0_3Njc-k9PtsHD4D4taH-J3FA2v8FzrYuzR3huClBca9JpAs1p8fW7hkZUqvQo4juJLEChBYvM2H0uSvQUIuA3mWHsJPWEd8ZelC-lqVBCIJDN6gvM97lCEcHyuf5EvAJTPo5gXVWD_Na008LQNJo_dhl19uFWtoG1sTp5W8ts4a12bxzi3ROEgykXUFLqzyKRl9BOfZ-74BhPfxx49R56XMpE70usGlkCpYKPYjiQs-9t6FVaHdQQQOlbw17IwawtUaqg3vaE0WH1FAfOtJkYp2q2sTvZDr5n51EdIWyWP6gi9voDU5xw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 466ms
156ms Preflight
application/json 2620:100:a005::d
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&domain=www.heralddemocrat.com&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a005::d , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.heralddemocrat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 22 Apr 2023 00:40:41 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 493375
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 49 B
255 B 695ms
388ms XHR
application/json 2600:1901:0:8344::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0013300001kQgaMAAS&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:8344:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 22 Apr 2023 00:40:41 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&domain=www.heralddemocrat.com&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=g5JfUHxFSWtGTHgvMEZBQm5rN2dOQ004NkRUR2tOZjMyVFdKOVIxTE1QVDljYXlSWllWcDZ3Wmp6R1Q1L2tBZW1PYW9Pc0I1K0tMTnlaMDFuM1lVVVR4N3NMUkhod2hPZ1VORzFhQnN0anpITEYzOFU5U3ZlSFpqYmdFbk...

482 B
737 B

159ms
159ms

XHR
application/json

74.119.118.149
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=g5JfUHxFSWtGTHgvMEZBQm5rN2dOQ004NkRUR2tOZjMyVFdKOVIxTE1QVDljYXlSWllWcDZ3Wmp6R1Q1L2tBZW1PYW9Pc0I1K0tMTnlaMDFuM1lVVVR4N3NMUkhod2hPZ1VORzFhQnN0anpITEYzOFU5U3ZlSFpqYmdFbkN5Wkkwdkx5a0NUcVBHa3oyd3h2RWtSZEVCakNvTkRCaUVZa3BFaTRJY2NWRXVFQ1RRcFFSQ3U0ZDB6L1NXcVJvam9ib1NNdmQ4Q2FRdmFxL3pIeE05cGFJRC9PZUlTNERad1VvM29mNWF1MzFJU1R4QWVEYVN1VzhKeXVSUk85cG5tQjlMLzBaN05jQnE2c25pNGVvMVBpdTJLSWdkbGhzNFpORkhVVlh2bC95UXFGVjYwcz18&cppv=2

Protocol

Server

74.119.118.149 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

fe2a786688a7d8c70df7534b830d796676343d748fbd7bce04015df920728167

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:42 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1860423
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:41 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=g5JfUHxFSWtGTHgvMEZBQm5rN2dOQ004NkRUR2tOZjMyVFdKOVIxTE1QVDljYXlSWllWcDZ3Wmp6R1Q1L2tBZW1PYW9Pc0I1K0tMTnlaMDFuM1lVVVR4N3NMUkhod2hPZ1VORzFhQnN0anpITEYzOFU5U3ZlSFpqYmdFbkN5Wkkwdkx5a0NUcVBHa3oyd3h2RWtSZEVCakNvTkRCaUVZa3BFaTRJY2NWRXVFQ1RRcFFSQ3U0ZDB6L1NXcVJvam9ib1NNdmQ4Q2FRdmFxL3pIeE05cGFJRC9PZUlTNERad1VvM29mNWF1MzFJU1R4QWVEYVN1VzhKeXVSUk85cG5tQjlMLzBaN05jQnE2c25pNGVvMVBpdTJLSWdkbGhzNFpORkhVVlh2bC95UXFGVjYwcz18&cppv=2
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 744410
content-length: 0
expires: 0

POST
H/1.1 200 1285.json Show response
id5-sync.com/g/v2/ 216 B
632 B 121ms
40ms XHR
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/1285.json

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

ea856676b0f04e12819084e4d274a9dd202200a8c6857003228bd41b3c2720b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.heralddemocrat.com
date: Sat, 22 Apr 2023 00:40:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 200 id Show response
id.crwdcntrl.net/ 43 B
322 B 68ms
59ms XHR
application/json 54.246.170.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.170.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-170-47.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:41 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: no-cache
x-server: 10.45.11.234
access-control-allow-credentials: true
content-length: 43
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
395 B 171ms
55ms XHR
application/json 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 16c91488cd242db5da7eaef973814e4ee11a47b1c35b5af286b357029c7d56ff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 22 Apr 2023 00:40:41 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heralddemocrat.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Mon, 22 May 2023 00:40:41 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 453ms
151ms Preflight
application/json 74.119.118.149
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.118.149 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 22 Apr 2023 00:40:42 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 387576
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 liveView.php Show response
live.primis.tech/live/ 46 KB
17 KB 168ms
54ms Script
text/javascript 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 84a43419e3e085255002004b535d84e20aa2d78b59d41cb10cb0bdeb4d986e27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-id: _v9j6j_f4HnL87gBNl2pDRvA5Fr0jn9fVIO5QIz1HT6aZrG0lqWJhA==

GET
H2 200 config.js Show response
cdn.confiant-integrations.net/yjsuMg1kkWeWHf5qo2WHhexYOVs/gpt_and_prebid/ 140 KB
31 KB 145ms
49ms Script
text/javascript 2606:4700:4400::6812:220a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/yjsuMg1kkWeWHf5qo2WHhexYOVs/gpt_and_prebid/config.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KV4F27B
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4af8ac906d289fc87fe9487ad2166b780e116f1df1dee465cb1622a4e267fbd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 21 Apr 2023 22:42:20 GMT
server: cloudflare
x-amz-request-id: 95JEAFZ65TDER0B1
age: 533
etag: W/"aaa8617cea8d040c70a289dd066c6e32"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 7bb9d12ada629bfa-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 3Zto1gwuGCkxWQHVJfwsxj5Ao6Co8vvQlhTE3mjeofDTQKqBXia1VFe+toR+1G/ViolN446fPB4=

GET
H2 200 wrap.js Show response
cdn.confiant-integrations.net/gptprebidnative/202304111045/ 239 KB
74 KB 53ms
52ms Script
application/javascript 2606:4700:4400::6812:220a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/gptprebidnative/202304111045/wrap.js
Requested by: Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/yjsuMg1kkWeWHf5qo2WHhexYOVs/gpt_and_prebid/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90db7c2929c1f8fa3cb7be282e5c88ce131312749bb86d8eed33f6757e57f772

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Apr 2023 14:47:39 GMT
server: cloudflare
x-amz-request-id: 7KA7AB5SEV1SWNRV
age: 891433
etag: W/"7371672e2ad6b3b9469c4dc5cc2f6c08"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 7bb9d12b4ae59bfa-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ENgkodvMDHOTTA0yZRUYHj7QXAdbJ4BqKcGUFdfw89GHCqgJMdztmk3q9TqV8BxOrs73Gb0VbGgPKz8baFvsUw==

GET
H2 200 diberp-tcx-v7.13.0.js Show response
www.americanhometownmedia.com/static/ 328 KB
103 KB 167ms
41ms Script
text/javascript 34.120.58.62

General

Check archive.org

Show headers Download Go to

Full URL: https://www.americanhometownmedia.com/static/diberp-tcx-v7.13.0.js
Requested by: Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.58.62 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: c02ccf4ffd38f6e1602a17e22029a37e1827a19cc5b202d5268c4f9c9336a38d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:02:49 GMT
content-encoding: gzip
age: 70675
x-guploader-uploadid: ADPycdsHLiJFal63sUTcpfqRBcmiEcZS-yaTH3BkMkTUF1_iJJIjJkBnvpDtuMNxyGFbxEJ8ucg_qQwHyiJrd9kFoVqgQA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104504
last-modified: Mon, 29 Aug 2022 14:20:21 GMT
server: UploadServer
etag: "f085c7609fb7c47fb72fd768d721373e"
vary: Accept-Encoding,Origin
x-goog-generation: 1661782821233427
x-goog-hash: crc32c=qwVX7w==, md5=8IXHYJ+3xH+3L9do1yE3Pg==
content-type: text/javascript
cache-control: public, max-age=31536000
x-goog-stored-content-length: 104504
accept-ranges: bytes
expires: Sat, 20 Apr 2024 05:02:49 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ 74 KB
24 KB 75ms
75ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.heralddemocrat.com
URL: https://www.heralddemocrat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed519baf5b4535aa992b2de6d1d53b426d06613bc20f732052ac0ec1fc25d6e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25057
x-xss-protection: 0
server: cafe
etag: 763 / 19469 / 31074053 / config-hash: 6342739278968460252
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 22 Apr 2023 00:40:44 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame DCE3 5 KB
2 KB 53ms
53ms Script
text/javascript 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682124044&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 7dbadefa39c27ac54dc4ade56c07b748a73bfeb60fbf5b8a03a2218e1ddf2788

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-id: QkKQt0yeXzcMgyGKp5yuKSPciPtNe28JYDYKxLN4xvChqEXjhLv1Gw==

GET
H2 200 iab_consent_sdk.v1.0.js Show response
live.primis.tech/content/ClientDetections/ Frame DCE3 19 KB
8 KB 55ms
54ms Script
application/javascript 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682124044&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified: Wed, 12 Feb 2020 15:01:36 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"5e441350-4be0"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: rzBYFI5-MOD1Br712se43jPAyfUkiS6lRL0xdH9ZdBJ5rIl54V6xYA==
expires: Sun, 21 Apr 2024 00:40:43 GMT

GET
H2 200 DetectGDPR2.v1.1.js Show response
live.primis.tech/content/ClientDetections/ Frame DCE3 9 KB
4 KB 55ms
53ms Script
application/javascript 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR2.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682124044&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"6024fccc-228f"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: _amxNmx8DB6MlMyrx5rtOorcy0y2byUw2O4n8VHrt8he6_UOLswvyA==
expires: Sun, 21 Apr 2024 00:40:43 GMT

GET
H2 200 DetectGDPR.v1.1.js Show response
live.primis.tech/content/ClientDetections/ Frame DCE3 8 KB
3 KB 71ms
70ms Script
application/javascript 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682124044&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:44 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"6024fccc-1ef8"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: 74XhoA2t_1IgnzWznV2EHPgGm3b8wXHJVEzIuQbbPe6X9ZjHQDL0YA==
expires: Sun, 21 Apr 2024 00:40:44 GMT

GET
H2 200 hls.0.12.4_3.min.js Show response
live.primis.tech/content/video/hls/ Frame DCE3 258 KB
116 KB 75ms
73ms Script
application/javascript 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682124044&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified: Wed, 23 Mar 2022 12:48:36 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"623b1724-409bc"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: kQPxMcJPRb9x9ovEshKezxqhHZxHFShnwcDOhSmqDXcYIYpAGWqHyg==
expires: Sun, 21 Apr 2024 00:40:43 GMT

GET
H2 200 prebidVid.7.16.0_8.min.js Show response
live.primis.tech/content/prebid/ Frame DCE3 514 KB
259 KB 79ms
78ms Script
application/javascript 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682124044&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 9ac5a7ed180980e32f7784d9aca819bc93d7906f2d17f24070433983b5f4728d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified: Thu, 16 Mar 2023 15:23:59 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"6413348f-809c9"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: HxJx4rvH-tlhEdyZOtYFClyJnjSn8Ve6IkVw62wigWgqtbOOqoZrJg==
expires: Sun, 21 Apr 2024 00:40:43 GMT

GET
H2 200 liveVideo.php Show response
live.primis.tech/live/ Frame DCE3 553 KB
215 KB 119ms
118ms Script
text/html 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32325F30337D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682124044&csuuid=64432d0c13844&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=52.5235&geoLong=13.3556&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=114535&cbuster=1682124043857&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&subId=[SUBID_ENCODED]&vp_content=plembed2ec7uiqgvwtyt&vp_template=7898&schain=1.0,1!americanhometownmedia.com,00084,1&cbuster=1682124044&pubUrlAuto=https%3A%2F%2Fwww.heralddemocrat.com%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 34167397b080c83e1ff7cd80af112ebfdace48b3d105694b4834fd95c15d249e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
x-amz-cf-id: 880Rwik_sB3Rj7NWUYkV-G4rzTxEwyMo0PivOlUQur9OCAjOeqa0zg==

GET
H2 200 primisslate.css
live.primis.tech/content/video/css/ 18 KB
7 KB 49ms
49ms Stylesheet
text/css 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/css/primisslate.css
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32325F30337D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682124044&csuuid=64432d0c13844&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=52.5235&geoLong=13.3556&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4081306e365ebaa5a82ac37991f041a39b5e20cbd5722b4b7e055a330ad33e02

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified: Mon, 17 Apr 2023 10:52:25 GMT
server: nginx
x-amz-cf-pop: FRA60-P3
etag: W/"643d24e9-4688"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: oD8ikWbo_nTbCNO93dB-WxqZc73u1u_20Qwq5qmVpsEsMyKRd6OLkA==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame DCE3 226 KB
56 KB 156ms
46ms Script
application/javascript 13.224.192.181

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32325F30337D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682124044&csuuid=64432d0c13844&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=52.5235&geoLong=13.3556&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 49262cbd305b40a32de0c41a27e4a5aafc65927c0b7f0e6163e0e5b3739eab85

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 23:45:31 GMT
content-encoding: gzip
via: 1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront), 1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
last-modified: Wed, 19 Apr 2023 20:25:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA2-C1
age: 3314
x-amz-server-side-encryption: AES256
etag: W/"d0373f28cbce103f094bc2631a9c8dd5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: acyXkm4wgPv8_eu28B8M8vunO8Q_iiVdoJddxseCSbjUEFbEphHujg==

GET
H3 200 css
fonts.googleapis.com/ 1 KB
448 B 50ms
50ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins&display=swap

Requested by

Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32325F30337D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682124044&csuuid=64432d0c13844&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=52.5235&geoLong=13.3556&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b6c3aca21f79e0759296a72df6cf662e446ecab6780298ca52b349dc5760d911

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 22 Apr 2023 00:40:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 21 Apr 2023 23:52:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 22 Apr 2023 00:40:44 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame DCE3 21 KB
6 KB 98ms
98ms XHR
application/json 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMwEyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNWRzMmI1YTp3YTZwODA2MTA1NTU4OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcJrEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRWn1cdTXyOV0UmTwJFMyy6Z3qOnxV3TyRVMU9En3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq5TVRFq09EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXcNRGMmT0RBS2ZRLaJmWUcDU3BHX1JFpGudT0RsTG5ToWqlMmA0Mz9DpGJlMUj5WwU5M0M2oFEzqzyxX2NioaRyoaRsnWQ9NwAlMmM5JaZcZF9wo250ZW50X2Ryp2M9Tz9hLVN0nWNeK1JcY2UeRXZypaxeVGygZSZ2nWRsY29hqGVhqF90nXRfZT1Oo24gU3RcY2feUzywZSgFqzVlrSgUnW1yJaZcZF9wo250ZW50X2R1pzF0nW9hPTQ0JaBfYWNyoWVhqFN0pzVuoVR5pGU9MlZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9NDAjJax9MwI1JaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMwVGMmAmMmqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUlLwUlMmUzZ2ViTG9hZm0kMl4mNTU2JaVmZXJJpEFxZHI9MzEjMSUmQTRuMCUmQTEmMmtyM0E5MvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDMlZDBwMTM4NDQzY2J1p3Rypw0kNwtlMTI0MDQ0NDUlJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32325F30337D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682124044&csuuid=64432d0c13844&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=52.5235&geoLong=13.3556&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: d225651df623bee46a4329534d4b7c71d743780b59cb9cd8e8e5eba315e7d350

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 5442
x-amz-cf-id: x_Q1zSembKAJORQHUQIVLfvEbVhAPdZZtjjE-QTNp4GnUuo8-Ezn1A==

GET
H2 200 liveView.php
live.primis.tech/live/ 0
421 B 52ms
52ms Image
text/html 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTUjJaNypaZypyRcoWU9MTY4MwElNDA0NCZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTE0NTM1JaN0YT0jJat9NDAjJax9MwI1JaZcZF9jYXNmRG9gYWyhPXq3ql5bZXJuoGRxZW1iY3JuqC5wo20zp3VvSWQ9q3q3LzuypzFfZGRyoW9wpzF0LzNioSZxZWJ1Z0yhZz9loWF0nW9hPSZcp0FjpD0jJaNxn3Y9JaJcPTZDNwx3NwY1NTM3NDYkNmQ3MmqDNmM2QwMkN0I1NDMjN0Q3QwY0MmImMDMlMmMlRDMjMmQlRDMlMmI1RwMjMmM3RDqCNmMmMTM3MmImNTM2MmxmMwM3N0Q3QwQmMmUmNmqEN0I1MmY0MmM2NDMmNEM2RDY4NxM2MmZENDY3MmVBNDp1MwZDNwI1NmM5NxE2MmZENDYmMDRDNxQ0RTp2NwI1MTNEM0Q3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmQmMDMjN0Q3QwU5MmImMwM1N0Q3QwY2MmE3RDqCNEMmNmM4MmxmODqERxVGRSZxnWFcZD0zqXNypxyjQWRxpw0lYTAkJTNBNGEjJTNBMTMmOCUmQTxlJTNBJTNBNCZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxYkMTIhMC41NwE1LwElMSUlMFNuZzFlnSUlRwUmNl4mNvZwp3V1nWQ9NwQ0MmJxMGMkMmt0NCZwo250ZW50RzyfZUyxPTAzoWVxnWFQoGF5TGymqEyxPTAzoWVxnWFMnXN0SWQ9MCZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0jJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwtlMTI0MDQ0MmUjJaVcZD1TZWgcozRiU1BfYXyypwY0NDMlZDBwMwp2ODIzpHVvVXJfPWu0qHBmJTNBJTJGJTJGq3q3LzuypzFfZGRyoW9wpzF0LzNioSUlRvZzoG9uqFN0YXR1pm1zYWkmZSZynWRmpD1jpzVvnWQ=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-id: ZuHAniUWvHWFWtL7GKG5ObmX-WPuWjr0vDytDYqiv_MG-ilAAqhB3w==

GET
H2 200 vid5df325a77a6c8061055589.jpg
video.primis.tech/uploads/cn21/video/users/converted/22235/video_5df2c67d5a683172725343/ 23 KB
23 KB 158ms
47ms Image
image/jpeg 2600:9000:2491:5400:1:6448:6d00:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn21/video/users/converted/22235/video_5df2c67d5a683172725343/vid5df325a77a6c8061055589.jpg?cbuster=1666108075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:5400:1:6448:6d00:93a1 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e368a5ea479482b10942ac45973ff029129ee61a68d5978fbb712dfe9cf20276

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 17:06:36 GMT
via: 1.1 52024f34763d4eab9553defd68a51a20.cloudfront.net (CloudFront), 1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
x-amz-cf-pop: DFW56-P2, FRA56-P7
age: 27248
x-cache: Hit from cloudfront
content-length: 23439
last-modified: Tue, 17 Aug 2021 17:56:43 GMT
server: nginx
etag: "69199aba0eb488603b37e3437318f247"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: FeYBE11vjq_6j2Zg42nK_EfGUrpT649tSsB0tlwAdfBRWVRlxL7FoQ==
expires: Sat, 22 Apr 2023 17:06:36 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame DCE3 76 KB
8 KB 89ms
88ms XHR
application/json 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMwEyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNWRzMmI1YTp3YTZwODA2MTA1NTU4OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcJrEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRWn1cdTXyOV0UmTwJFMyy6Z3qOnxV3TyRVMU9En3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq5TVRFq09EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXcNRGMmT0RBS2ZRLaJmWUcDU3BHX1JFpGudT0RsTG5ToWqlMmA0Mz9DpGJlMUj5WwU5M0M2oFEzqzyxX2NioaRyoaRsnWQ9NwAlMmM5JaZcZF9wo250ZW50X2Ryp2M9Tz9hLVN0nWNeK1JcY2UeRXZypaxeVGygZSZ2nWRsY29hqGVhqF90nXRfZT1Oo24gU3RcY2feUzywZSgFqzVlrSgUnW1yJaZcZF9wo250ZW50X2R1pzF0nW9hPTQ0JaBfYWNyoWVhqFN0pzVuoVR5pGU9MSZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9MmQmJax9MTxmJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMwVGMmAmMmqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUlLwUlMmUzZ2ViTG9hZm0kMl4mNTU2JaVmZXJJpEFxZHI9MzEjMSUmQTRuMCUmQTEmMmtyM0E5MvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDMlZDBwMTM4NDQzY2J1p3Rypw0kNwtlMTI0MDQ0NDYkJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32325F30337D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682124044&csuuid=64432d0c13844&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=52.5235&geoLong=13.3556&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: efcee9d3f82c2b9cbf6c497e12b27c556e2bdc49026616db16bfdce419f90af9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 8002
x-amz-cf-id: qzb-8fFMr1r_hZVSyx_WLEQ4EvPfVi70iO6TreFL6yIFXrgyoIMCeg==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame DCE3 45 KB
7 KB 96ms
96ms XHR
application/json 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMwEyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNWRzMmI1YTp3YTZwODA2MTA1NTU4OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcJrEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRWn1cdTXyOV0UmTwJFMyy6Z3qOnxV3TyRVMU9En3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq5TVRFq09EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXcNRGMmT0RBS2ZRLaJmWUcDU3BHX1JFpGudT0RsTG5ToWqlMmA0Mz9DpGJlMUj5WwU5M0M2oFEzqzyxX2NioaRyoaRsnWQ9NwAlMmM5JaZcZF9wo250ZW50X2Ryp2M9Tz9hLVN0nWNeK1JcY2UeRXZypaxeVGygZSZ2nWRsY29hqGVhqF90nXRfZT1Oo24gU3RcY2feUzywZSgFqzVlrSgUnW1yJaZcZF9wo250ZW50X2R1pzF0nW9hPTQ0JaBfYWNyoWVhqFN0pzVuoVR5pGU9MSZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9MmQmJax9MTxmJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMwVGMmAmMmqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUlLwUlMmUzZ2ViTG9hZm0kMl4mNTU2JaVmZXJJpEFxZHI9MzEjMSUmQTRuMCUmQTEmMmtyM0E5MvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDMlZDBwMTM4NDQzY2J1p3Rypw0kNwtlMTI0MDQ0NDYlJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32325F30337D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682124044&csuuid=64432d0c13844&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=52.5235&geoLong=13.3556&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a3174daf5bb56cb6e90904562be6e3ac33bb80145c7432ef163b75fa7440933c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 6604
x-amz-cf-id: db2rPzcJF2PYE4ZNO-4bOyFGAq0zDdmU5u6cnwvHrphEBjhMeO2s3A==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame DCE3 21 KB
6 KB 92ms
92ms XHR
application/json 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMwEyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNWRzMmI1YTp3YTZwODA2MTA1NTU4OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcJrEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRWn1cdTXyOV0UmTwJFMyy6Z3qOnxV3TyRVMU9En3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq5TVRFq09EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXcNRGMmT0RBS2ZRLaJmWUcDU3BHX1JFpGudT0RsTG5ToWqlMmA0Mz9DpGJlMUj5WwU5M0M2oFEzqzyxX2NioaRyoaRsnWQ9NwAlMmM5JaZcZF9wo250ZW50X2Ryp2M9Tz9hLVN0nWNeK1JcY2UeRXZypaxeVGygZSZ2nWRsY29hqGVhqF90nXRfZT1Oo24gU3RcY2feUzywZSgFqzVlrSgUnW1yJaZcZF9wo250ZW50X2R1pzF0nW9hPTQ0JaBfYWNyoWVhqFN0pzVuoVR5pGU9MlZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9MmQmJax9MTxmJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMwVGMmAmMmqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUlLwUlMmUzZ2ViTG9hZm0kMl4mNTU2JaVmZXJJpEFxZHI9MzEjMSUmQTRuMCUmQTEmMmtyM0E5MvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDMlZDBwMTM4NDQzY2J1p3Rypw0kNwtlMTI0MDQ0NDYlJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32325F30337D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682124044&csuuid=64432d0c13844&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=52.5235&geoLong=13.3556&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: fa451e7067e9c2bbd291584af66e0a13ab66f8d5eacaee3814743cf51c1c3493

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:44 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 5434
x-amz-cf-id: IXdwVJosdd02h1GKrdN8eUyNGi__7nxwpHBecYw0hUr3vIv7rHLJww==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame DCE3 76 KB
9 KB 83ms
83ms XHR
application/json 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMwEyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwIlMmUyMxZ2nWRyo181ZGYlYmY3ZDVuNwtmMTplNmI1MmQmJTJGqzyxNWRzMmI1YTp3YTZwODA2MTA1NTU4OS5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcJrEjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu5TWcJrx5TOTJuV1JfYwE4MVcHWXyZryxmWxRWnE5dZ3cNVGN5TacJMU16UXcMM1cjWxRWn1cdTXyOV0UmTwJFMyy6Z3qOnxV3TyRVMU9En3VvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnzq5TVRFq09EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx9ESXcNRGMmT0RBS2ZRLaJmWUcDU3BHX1JFpGudT0RsTG5ToWqlMmA0Mz9DpGJlMUj5WwU5M0M2oFEzqzyxX2NioaRyoaRsnWQ9NwAlMmM5JaZcZF9wo250ZW50X2Ryp2M9Tz9hLVN0nWNeK1JcY2UeRXZypaxeVGygZSZ2nWRsY29hqGVhqF90nXRfZT1Oo24gU3RcY2feUzywZSgFqzVlrSgUnW1yJaZcZF9wo250ZW50X2R1pzF0nW9hPTQ0JaBfYWNyoWVhqFN0pzVuoVR5pGU9MlZxZWJ1Z0yhZz9loWF0nW9hPSZjoGF5oGymqEyxPTEkOTp1Jat9MmQmJax9MTxmJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMmJEMmAmNDJEMmImMwVGMmAmMmqEN0I3MmMkMmpmMwM1MmYmOTMlMmp3RDqCNDMmNTM3N0Q3QwUmNwQmMmY0MmM0QmZENwt2QmYmNxQ0NwpmNUE0NmUlNxM2MwU3Mmx2QTYmNxQ0NwMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNDMjMmA3RDqCNTxmMwMlMmU3RDqCNwYmMTqEN0I0QmM3MmtmOTM4N0RGRUZFJzFjpE5uoWU9JzymQXBjPTAzYXBjSWQ9JzRcYWyxPSZupHBCqW5xoGVJZD1bqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYzYXBjU3RipzVVpzj9JzFjpFBlnXZuY3yQo2kcY3x9JzFjpEymUGFcZD0zYXBjVzVlp2yiow0zp2Reqw0zYXBjRGV2ZWkipGVlPSZaZW9MYXRcPTUlLwUlMmUzZ2ViTG9hZm0kMl4mNTU2JaVmZXJJpEFxZHI9MzEjMSUmQTRuMCUmQTEmMmtyM0E5MvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEkMv4jLwU2MTUhMTIkK1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMxMjMDA4NCUlQmEzpGkurWVlQXBcSWQ9JzF2YWyfQ2FgpGFcZ25mPSZcp0FjpEcmPTAzY3N1qWyxPTY0NDMlZDBwMTM4NDQzY2J1p3Rypw0kNwtlMTI0MDQ0NDYlJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032332D30342D32325F30337D7B7331373235363932377D7B4335377D7B53643364334C6D686C636D46735A47526C6257396A636D46304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583430307D7B593232357D7B66317D7B4C373839387DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A4&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F112.0.5615.121+Safari%2F537.36&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21americanhometownmedia.com%2C00084%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1682124044&csuuid=64432d0c13844&debugInfo=17256927_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17256927&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2ec7uiqgvwtyt&secondaryContent=&x=400&y=225&pubUrl=https%3A%2F%2Fwww.heralddemocrat.com%2F&contentNum=1&flow_closeBtn=0&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=bl&flow_horizontalOffset=10&flow_bottomOffset=100&impGap=1&flow_width=310&flow_height=260&videoType=normal&gdpr=1&gdprConsent=&contentFeedId=&geoLati=52.5235&geoLong=13.3556&vpTemplate=7898&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=%5BSUBID_ENCODED%5D&appName=&appBundleId=https%3A%2F%2Fwww.heralddemocrat.com%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f7330b40ff0067c6e75d8834e0490be261d6ee337d2834e0eb3113dd7690d6df

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:43 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.heralddemocrat.com
content-type: application/json; charset=utf-8
cache-control: no-store
access-control-allow-credentials: true
content-length: 9053
x-amz-cf-id: PormwvwxOIGnZ65lO84wU9U8l0IkB3O-PN2DRU1mSXnpFmxqp6SVdw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame DCE3 6 KB
3 KB 126ms
44ms XHR
application/javascript 13.224.192.181

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: BeoItWAXLH_Ztd131J1ILFBRpuOxsQkH
content-encoding: gzip
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
date: Sat, 22 Apr 2023 00:40:44 GMT
x-amz-cf-pop: FRA2-C1
age: 70043
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 13 Apr 2023 22:29:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: _y-440cdYFH6hnMogK31Er4PEU86e4V3pA8iBLIjoJEmA0G2piS0Vg==

GET
H2 200 liveInternalSsp.php Show response
live.primis.tech/live/ Frame DCE3 25 B
492 B 389ms
388ms XHR
text/html 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveInternalSsp.php?sspData=%7B%22enc%22%3Atrue%2C%22data%22%3A%22%5C%22JTqCJTIlqzVlJTIlJTNBJTIlqzVlXmEhNSUlMvUlQlUlMz1coxJcZCUlMvUmQTAyMxMyMwJvqXc6ZXIyMwIyM0EyN0IyMwJwo3VhqCUlMvUmQTAyMxMyMwJ0nXRfZUkyovUlMvUmQTEjMCUlQlUlMapyMwIyM0ElMDAyMxMyMwJbJTIlJTNBMTYjJTqEJTJDJTIlq2yxqGtyMwIyM0EmNDMyMxMyMwJbZWyanHQyMwIyM0EkOTMyMxMyMwJmpGFwZUyxJTIlJTNBJTIlNTtjNTpyMwIyMxMyMwJmpGFwZVR5pGUyMwIyM0EyMwJ2YXN0JTIlJTJDJTIlqzyxZW9QoGFwZW1yoaRUrXByJTIlJTNBMlUlQlUlMzyjJTIlJTNBJTIlMzEjMSUmQTRuMCUmQTEmMmtyM0E5MvUmQSUmQTQyMwIyMxMyMwJaZW9JZCUlMvUmQTU3JTJDJTIlYWkjnGElR2ViJTIlJTNBJTIlREUyMwIyMxMyMwJxZXZcY2V0rXByJTIlJTNBMvUlQlUlMaR4qERyqzywZXR5pGUyMwIyM0EyMwJxZXNeqG9jJTIlJTJDJTIlYaJiq3NypvUlMvUmQSUlMzNbpz9gZSUlMvUlQlUlMz9mJTIlJTNBJTIlV2yhZG93plUlMvUlQlUlMaR4qE9mJTIlJTNBJTIlq2yhZG93plUlMvUlQlUlMzRyqzywZU1iZGVfJTIlJTNBJTIlJTIlJTJDJTIlo3NWZXJmnW9hJTIlJTNBJTIlMTAhMCUlMvUlQlUlMzRyqzywZU1uoaVzYWN0qXJypvUlMvUmQSUlMvUlMvUlQlUlMzRyqzywZUNiZGVOYW1yJTIlJTNBJTIlJTIlJTJDJTIlqXNypxFaZW50JTIlJTNBJTIlTW96nWkfYSUlRwUhMCUlMCuXnW5xo3qmJTIjTyQyMwAkMC4jJTNCJTIjV2yhNwQyM0IyMwB4NwQcJTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAbS0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28cJTIjQ2ulo21yJTJGMTElLwAhNTYkNS4kMwEyMwBTYWZupzxyMxY1MmphMmYyMwIyMxMyMwJfYXQyMwIyM0EyMwI1Mv41MwM1JTIlJTJDJTIloG9hJTIlJTNBJTIlMTMhMmU1NvUlMvUlQlUlMzFjpE5uoWUyMwIyM0EyMwIyMwIyMxMyMwJupHBJZCUlMvUmQSUlMvUlMvUlQlUlMzymQXBjJTIlJTNBMCUlQlUlMzFjpEJ1ozRfZUyxJTIlJTNBJTIlnHR0pHMyM0EyMxYyMxZ3q3phnGVlYWkxZGVgo2NlYXQhY29gJTJGJTIlJTJDJTIlYXBjU3RipzVVpzjyMwIyM0EyMwIyMwIyMxMyMwJupHBQpzy2YWN5UG9fnWN5JTIlJTNBJTIlJTIlJTJDJTIlYXBjSXNQYWyxJTIlJTNBJTIlJTIlJTJDJTIlYXBjRGV2ZWkipGVlJTIlJTNBJTIlJTIlJTJDJTIlnWZuJTIlJTNBJTIlJTIlJTJDJTIlnWZ2JTIlJTNBJTIlJTIlJTJDJTIlYXR0plUlMvUmQTAyMxMyMwJupHBWZXJmnW9hJTIlJTNBJTIlJTIlJTJDJTIlpzVzZXJlZXIyMwIyM0EyMwJbqHRjplUmQSUlRvUlRaq3ql5bZXJuoGRxZW1iY3JuqC5wo20yMxYyMwIyMxMyMwJjYWqyJTIlJTNBJTIlnHR0pHMyM0EyMxYyMxZ3q3phnGVlYWkxZGVgo2NlYXQhY29gJTJGJTIlJTJDJTIlZ2RjpvUlMvUmQTEyMxMyMwJaZHBlQ29hp2VhqCUlMvUmQSUlMvUlMvUlQlUlMzymV2VQYXNmR2RjpvUlMvUmQSUlMwAyMwIyMxMyMwJwY3BuJTIlJTNBMCUlQlUlMzNwpGFDo25mZW50JTIlJTNBJTIlJTIlJTJDJTIlZG9gYWyhJTIlJTNBJTIlq3q3LzuypzFfZGRyoW9wpzF0LzNioSUlMvUlQlUlMaqyYaNcqGUyMwIyM0EyMwJ3q3php2VenW5xol5wo20yMwIyMxMyMwJmZWN1pzUyMwIyM0EkJTJDJTIlZ2ViU291pzNyJTIlJTNBJTIlSVAyMwIyMxMyMwJwo3BjYSUlMvUmQTAyMxMyMwJ1qWyxJTIlJTNBJTIlNwQ0MmJxMGMkMmt0NCUlMvUlQlUlMzJfo2NeQaJuozRmJTIlJTNBJTVCJTVEJTJDJTIlZXu0VXNypxyxplUlMvUmQSU1QvU3QvUlMaNiqXJwZSUlMvUmQSUlMzyxNS1mrW5wLzNioSUlMvUlQlUlMaVcZHMyMwIyM0EyNUIyN0IyMwJcZCUlMvUmQSUlMwAyMwIyMxMyMwJuqHyjZSUlMvUmQTEyMxMyMwJyrHQyMwIyM0EyN0IyMwJfnW5eVHyjZSUlMvUmQTAyN0QyN0QyNUQyN0QyMxMyN0IyMwJmo3VlY2UyMwIyM0EyMwJjqWJwnWQho3JaJTIlJTJDJTIlqWyxplUlMvUmQSU1QvU3QvUlMzyxJTIlJTNBJTIlZwEjZWE2Y2YgZWY5NS00ZzFuLWJyOGIgNDQjMDtmZGJvY2E3JTIlJTJDJTIlYXR5pGUyMwIyM0EkJTqEJTVEJTqEJTVEJTJDJTIloXJunWRBoGkiq2VxJTIlJTNBMCUlQlUlMzRyYaVaSW5zo3JgYXRco24yMwIyM0EyMwIyMwIyMxMyMwJmnXRySWQyMwIyM0EkMTQ1MmUyMxMyMwJjqWJfnXNbZXJJZCUlMvUmQTIlMwM1JTJDJTIlp2NbYWyhJTIlJTNBJTqCJTIlqzVlJTIlJTNBJTIlMS4jJTIlJTJDJTIlY29gpGkyqGUyMwIyM0EkJTJDJTIloz9xZXMyMwIyM0EyNUIyN0IyMwJup2xyMwIyM0EyMwJuoWVlnWNuozuioWV0o3qhoWVxnWEhY29gJTIlJTJDJTIlp2yxJTIlJTNBJTIlMDAjODQyMwIyMxMyMwJbpCUlMvUmQTEyN0QyMxMyN0IyMwJup2xyMwIyM0EyMwJjpzygnXMhqGVwnCUlMvUlQlUlMaNcZCUlMvUmQSUlMwIlMwM1JTIlJTJDJTIlnHAyMwIyM0EkJTqEJTVEJTqEJTJDJTIlpzVanW9hJTIlJTNBJTIlRyIyMwIyMxMyMwJwYW1jYWyaoaMyMwIyM0EyN0IyMwI4MmQ1NSUlMvUmQSU3QvUlMaRlYWNeZXIyMwIyM0EyMwJwYW1jYWyaoxZlZXFDYXAyM0QjJTI1MxYjJTI2Y2FgpGFcZ25JZCUmRDtmNDU1JTI2p3BuY2UlQWRJZCUmRDE3MwU3MDM0JTIlJTJDJTIlpHJyYzyxTaNmpEyhZGV4JTIlJTNBMCUlQlUlMaNjYWNyMxFxSWQyMwIyM0EyMwIkNmI1NmAmNCUlMvUlQlUlMzRyYWjyMwIyM0EyN0IyMwJcp1J0YxRyYWjyMwIyM0EjJTJDJTIlpaRvRGVuoEyxJTIlJTNBJTIlJTIlJTJDJTIlpaRvU2VuqEyxJTIlJTNBJTIlJTIlJTqEJTJDJTIlpaRvV1NyYXQyMwIyM0EyMwIyMwIyMxMyMwJwYW1jYWyaoxyxJTIlJTNBODM0NTUyMxMyMwJwYW1jYWyaoyNwo3ByJTIlJTNBJTIlpHVvoGywJTIlJTJDJTIlnW50ZXJhYWkCqXyypyVcZCUlMvUmQSUlMvUlMvUlQlUlMzVcZE5uoWUyMwIyM0EyMwJ5YWuiol5wo20yMwIyMxMyMwJuZFVmZXJJZCUlMvUmQTMkMDMkJTJDJTIlYzNuqCUlMvUmQSUlMvUlMvUlQlUlMzJup2VGoG9ipvUlMvUmQTAhODQyMxMyMwJyrHQyMwIyM0EyN0IyMwJjYXJ0ozVlJTIlJTNBJTIlMTI4JTIlJTJDJTIlpzV2U2uupzUyMwIyM0EyMwIkLwAjJTIlJTJDJTIlpGkuY2VgZW50SWQyMwIyM0EyMwI4YTx2OTU4MwAkN2Y3ZzRvZTZuZGRwMzI2NWNuMDAkMCUlMvUlQlUlMzFjpEyxJTIlJTNBJTIlOGE5NwxjNTMjMTqzN2ZxYzUjZTVxYmJuZzRyZDAjMGQyMwIyMxMyMwJjqWJJZCUlMvUmQSUlMyBlnW1cp1R3o0uCJTIlJTqEJTJDJTIlYaV5ZXJVnWQyMwIyM0EyMwIyMwIyMxMyMwJlZWZypzVhY2VJZCUlMvUmQTEyMxMyMwJvnWRzoG9ipvUlMvUmQSUlMwAhODQyMwIyMxMyMwJmY2uunW4yMwIyM0EyN0IyMwJ2ZXIyMwIyM0EyMwIkLwAyMwIyMxMyMwJwo21joGV0ZSUlMvUmQTEyMxMyMwJho2RyplUlMvUmQSU1QvU3QvUlMzFmnSUlMvUmQSUlMzFgZXJcY2FhnG9gZXRiq25gZWRcYS5wo20yMwIyMxMyMwJmnWQyMwIyM0EyMwIjMDA4NCUlMvUlQlUlMzujJTIlJTNBMSU3RCUlQlU3QvUlMzFmnSUlMvUmQSUlMaBlnW1cpl50ZWNbJTIlJTJDJTIlp2yxJTIlJTNBJTIlMwIlMmUyMwIyMxMyMwJbpCUlMvUmQTEyN0QyNUQyN0QyN0QyN0QyMxMyMwJjoGFwZW1yoaRDYXQyMwIyM0EyNUIyMwJJQUIkMSUlMvU1RCUlQlUlMaBfYXyvYWNeoWV0nG9xJTIlJTNBJTVCNvU1RCUlQlUlMz5uqzyaYXRipxkuozq1YWqyJTIlJTNBJTIlZW4yMwIyMxMyMwJjYWqyY2F0JTIlJTNBJTVCJTIlSUFCMTEyMwIyNUQyMxMyMwJwo250ZW50Y2F0JTIlJTNBJTVCJTIlSUFCOSUlMvUlQlUlMxyBQwtyMwIyMxMyMwJJQUIkNSUlMvU1RCU3RA%3D%3D%5C%22%22%7D
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1d16d42e33c80a00df5f4c6a514edbfaa985a2cdf0d33b4f76f90a6625b773b7

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:44 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.heralddemocrat.com
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-id: Ey4cGagUUj1NOEtN1P1enp_CU6gsg1w3-7n1k3zormchDS1E3888gw==

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame DCE3 0
121 B 187ms
69ms XHR
text/plain 185.64.189.112

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_8.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.heralddemocrat.com
date: Sat, 22 Apr 2023 00:40:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 vid5df325a77a6c8061055589.jpg
video.primis.tech/uploads/cn21/video/users/converted/22235/video_5df2c67d5a683172725343/ 23 KB
23 KB 45ms
45ms Image
image/jpeg 2600:9000:2491:5400:1:6448:6d00:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn21/video/users/converted/22235/video_5df2c67d5a683172725343/vid5df325a77a6c8061055589.jpg?cbuster=1666108075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:5400:1:6448:6d00:93a1 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e368a5ea479482b10942ac45973ff029129ee61a68d5978fbb712dfe9cf20276

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heralddemocrat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 17:06:36 GMT
via: 1.1 52024f34763d4eab9553defd68a51a20.cloudfront.net (CloudFront), 1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
x-amz-cf-pop: DFW56-P2, FRA56-P7
age: 27248
x-cache: Hit from cloudfront
content-length: 23439
last-modified: Tue, 17 Aug 2021 17:56:43 GMT
server: nginx
etag: "69199aba0eb488603b37e3437318f247"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: WJ-ga52rofwnrWhApHCwRRPbYzQgdIg9LPES7tsVI4Ks77vlaxtWWw==
expires: Sat, 22 Apr 2023 17:06:36 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
420 B 52ms
52ms Image
text/html 2600:9000:2251:d600:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTQ5JaNypaZypyRcoWU9MTY4MwElNDA0NCZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTE0NTM1JaN0YT0jJat9NDAjJax9MwI1JaZcZF9jYXNmRG9gYWyhPXq3ql5bZXJuoGRxZW1iY3JuqC5wo20zp3VvSWQ9q3q3LzuypzFfZGRyoW9wpzF0LzNioSZxZWJ1Z0yhZz9loWF0nW9hPSZcp0FjpD0jJaNxn3Y9JaVmZXJJpEFxZHI9MzEjMSUmQTRuMCUmQTEmMmtyM0E5MvUmQSUmQTQzqXNypyVBPU1irzyfoGEyMxY1LwAyMwAyMwuXnW5xo3qmJTIjTyQyMwAkMC4jJTNCJTIjV2yhNwQyM0IyMwB4NwQyMwxyMwBBpHBfZVqyYxgcqCUlRwUmNl4mNvUlMCUlOEgIVE1MJTJDJTIjoGyeZSUlMEqyY2giJTI5JTIjQ2ulo21yJTJGMTElLwAhNTYkNS4kMwEyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTY0NDMlZDBwMTM4NDQzqxygpE9jpG9lqHVhnXR5TXVfqGyjoGyypw01JzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTAzY2NjYT0jJzNwpGFDo25mZW50PSZwYaVmqGVlPTE2ODIkMwQjNDQ5NwtzqWyxPVNyn2yhZG9TUGkurWVlNwQ0MmJxMGMlNmY4MvZjqWJVpzj9nHR0pHMyM0EyMxYyMxZ3q3phnGVlYWkxZGVgo2NlYXQhY29gJTJGJzZfo2F0U3RuqHVmPWZuoHNyJzVcZHNjPXBlZWJcZA==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Apr 2023 00:40:44 GMT
content-encoding: gzip
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-id: EaLxroG82SRx8BNHAuVEszFw-UjtLOpLNnHZtvDd0nrDx0Uk_R1aiQ==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.legacy.com
URL: https://www.legacy.com/api/v1/affiliates/recentobituaries/2344?num=4&photoFirst=False&obittype=1&random=False&callback=legacy.recentObituaries.renderTemplate

Domain: trends.revcontent.com
URL: https://trends.revcontent.com/sync

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=13781

Verdicts & Comments Add Verdict or Comment

300 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.heralddemocrat.com/	1969-12-31 23:59:59	Name: pmpro_visit Value: 1
www.heralddemocrat.com/	1970-01-20 20:51:24	Name: adatb_user Value: {%22options%22:{%22contrast%22:{%22label%22:%22Default%22%2C%22class%22:%22ll-at-contrast-default%22}%2C%22fontSize%22:{%22label%22:%22Default%22%2C%22class%22:%22ll-at-fontsize-default%22}%2C%22fontFamily%22:{%22label%22:%22Default%22%2C%22class%22:%22ll-at-fontfamily-default%22}%2C%22clickTTS%22:{%22enabled%22:false}}%2C%22uid%22:%228t50yhcobhm5b90qw55vbd%22}
.publisher.etype.services/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: fa95d55a2ae1564c6e6a97fe8e069a1d7fba7f15f6c59f1b8ad445637c002055
.heralddemocrat.com/	1970-01-20 11:16:50	Name: _gid Value: GA1.2.311552647.1682124039
.heralddemocrat.com/	1970-01-20 11:15:24	Name: _gat Value: 1
.heralddemocrat.com/	1970-01-20 20:37:00	Name: __gads Value: ID=882a0501bc114bd9:T=1682124038:S=ALNI_MZ9P_4dZ7EPV6XJ_Ww7CrW4bxxCIw
.heralddemocrat.com/	1970-01-20 20:37:00	Name: __gpi Value: UID=00000bee176457bb:T=1682124038:RT=1682124038:S=ALNI_MZ5_E3IVYD9BeD0335VWATKznXLKg
.doubleclick.net/	1970-01-20 20:37:00	Name: IDE Value: AHWqTUlLnpjUzutpVlfiVFS3vVlkrnxtVOBaGpWTENfrV8Uvd8cd0h86qGqdmH7WCzw
.heralddemocrat.com/	1970-01-20 20:51:24	Name: _ga_8Y10R17R20 Value: GS1.1.1682124039.1.0.1682124039.0.0.0
.heralddemocrat.com/	1970-01-20 20:51:24	Name: _ga Value: GA1.1.106191227.1682124039
.heralddemocrat.com/	1970-01-20 11:15:24	Name: lotame_domain_check Value: heralddemocrat.com
www.heralddemocrat.com/	1970-01-20 11:58:36	Name: _pbjs_userid_consent_data Value: 3524755945110770
.heralddemocrat.com/	1970-01-20 15:34:36	Name: _pubcid Value: 35c54074-0527-4382-afcc-d13170b5344c
.openx.net/	1970-01-20 20:01:00	Name: i Value: c9ced1e9-93c1-4ca4-8ccb-f71eb93ee4e7\|1682124039
.criteo.com/	1970-01-20 20:37:00	Name: uid Value: 12d727cf-b02b-4de1-8d89-65cd40972dcf
js.ad-score.com/	1970-01-20 20:51:24	Name: token Value: iLFJmHUxXhpwL-93rv-mDReVcxxIZZyX
www.heralddemocrat.com/	1970-01-20 11:16:50	Name: pmtimesig Value: [[1682124040218,0]]
data.ad-score.com/	1970-01-20 20:51:24	Name: token Value: RAOzaDXMxsSpI-hs5q-fKGiaBPUBIxEh
www.heralddemocrat.com/	1970-01-20 11:15:27	Name: _lr_retry_request Value: true
www.heralddemocrat.com/	1970-01-20 11:58:36	Name: _lr_env_src_ats Value: false
www.heralddemocrat.com/	1970-01-20 12:41:48	Name: pbjs-unifiedid Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222023-04-22T00%3A40%3A41%22%7D
.heralddemocrat.com/	1970-01-20 20:37:00	Name: cto_bundle Value: Ioxlfl82UE83TlptREJCbVhxOTJpcTRyZDJiWTVDaHJuc2FQcXZpeDc0dmNqbVFzNFVHRVR6WGNSQlpSZ29mZGhWZ1czMTUwZUQlMkZkJTJGUFh1aGpEV2kyZyUyQnJkaHVKSEsydFF6N2FIdWwxeXpBajlMdG9oaiUyQlRDazhlcDNVVEdHSzR6MEFVdXVieTQlMkZNNzAwRzByRGM4d3JlRzREZkZZSTNMNWNXZnZ0bmZwZ3g2NFpVJTNE
.heralddemocrat.com/	1970-01-20 20:37:00	Name: cto_bidid Value: Ipx1lF9ZJTJCa1NtbkhEWVNoak5tVXk5ejhzN0RWJTJGNjY4bEV5QjhDY2N6ZHdjZkRaTzlEJTJGWEpPZzRHODFtMGlzMGplUXpjZVBxMVFSSlElMkYzazVOTkM4OFFvMm1OcjZySCUyRlNvY2slMkI1eGwwRlFNRHJ5M2h6UUpTSlJqMmV2bkFNeEJIMG9YbA

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://web1.etypeservices.com/wp-content/uploads/2021/11/ADA-Compliant-Logo.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.legacy.com/api/v1/affiliates/recentobituaries/2344?num=4&photoFirst=False&obittype=1&random=False&callback=legacy.recentObituaries.renderTemplate Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
other	warning	URL: https://0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript	warning	URL: https://js.ad-score.com/score.min.js?pid=1000177&tt=opt(Line 1) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
security	error	URL: https://js.ad-score.com/score.min.js?pid=1000177&tt=opt(Line 1) Message: Refused to create a worker from 'blob:https://www.heralddemocrat.com/fd2fff0b-db0a-42cd-85ad-06c2abb314f8' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' https:". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
javascript	error	URL: https://www.heralddemocrat.com/ Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=13781' from origin 'https://www.heralddemocrat.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=13781 Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=5184000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0862276882be978fafc7b30feedb62ea.safeframe.googlesyndication.com
ads.eu.criteo.com
ads.pubmatic.com
adservice.google.com
analytics.cherryroad.com
api.rlcdn.com
assets.revcontent.com
bcp.crwdcntrl.net
c.amazon-adsystem.com
cat.fr3.eu.criteo.com
cdn.confiant-integrations.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdn.revcontent.com
cdnjs.cloudflare.com
csm.eu.criteo.net
data.ad-score.com
esp.rtbhouse.com
etypeproductionstorage1.blob.core.windows.net
fonts.googleapis.com
fonts.gstatic.com
google-bidout-d.openx.net
gum.criteo.com
hbopenbid.pubmatic.com
heralddemocrat.com
id.crwdcntrl.net
id5-sync.com
imageproxy.eu.criteo.net
images.revcontent.com
img.revcontent.com
invstatic101.creativecdn.com
japfg-trending-content.appspot.com
japfg-trending-content.uc.r.appspot.com
js.ad-score.com
lexicon.33across.com
lh3.googleusercontent.com
live.primis.tech
match.adsrvr.org
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
publisher.etype.services
region1.google-analytics.com
rtb.nl3.eu.criteo.com
securepubads.g.doubleclick.net
static.addtoany.com
static.criteo.net
tags.crwdcntrl.net
tpc.googlesyndication.com
trends.revcontent.com
video.primis.tech
web1.etypeservices.com
www.americanhometownmedia.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.heralddemocrat.com
www.justapinch.com
www.legacy.com
yeet.revcontent.com
api.rlcdn.com
trends.revcontent.com
www.legacy.com
104.17.186.220
13.224.192.181
130.211.10.17
130.211.115.4
15.197.193.217
151.139.128.10
162.19.138.118
178.250.7.9
18.202.146.245
185.64.189.112
20.150.38.36
20.40.202.28
2001:4860:4802:34::36
207.228.225.157
23.35.236.201
2600:1901:0:8344::
2600:9000:20eb:9400:a:deb0:3380:93a1
2600:9000:2250:b200:a:e047:752:b361
2600:9000:2251:d600:1a:5235:f980:93a1
2600:9000:2491:5400:1:6448:6d00:93a1
2606:4700:10::6816:3556
2606:4700:10::ac43:2794
2606:4700:4400::6812:220a
2606:4700::6810:5814
2606:4700::6811:190e
2620:100:a005::d
2a00:1450:4001:803::200a
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2014
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200e
2a00:1450:4001:811::2014
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2008
2a00:1450:4001:828::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:2638:d::13
2a02:2638:d::4
3.248.64.182
34.102.146.192
34.120.107.143
34.120.58.62
34.96.70.87
35.190.39.111
35.244.159.8
54.246.170.47
65.9.66.104
66.148.122.12
74.119.118.149
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02ba6c6f3adf2b8aaa6246cf43e4b79eefcb1aa49038b9ced172c372e2d2d938
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06bfcbc62a8a2e2a624c3d07e3d173518339143afa1d033e6fa49f4e57a7a398
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0e73ccb4872fee79dda7139fea97c40aa28953a3785faf2b779a11205291999d
1056a70c53f0dfe6f883c954df30d15dad8b8d5506a69575a044e26bb54e06d2
154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67
16c91488cd242db5da7eaef973814e4ee11a47b1c35b5af286b357029c7d56ff
1712db2ac9948f052b629d35a83530960b4f24075b69c2a8b3f7323697f20235
1973666a4ddb21add1ff61c23ce96b22fd006aaa4e022928a9022a10a199dcb9
1c468f25c66a9aeaa637ca5244f64ec7f967734b2dc2aa92b667cf5316155e81
1d16d42e33c80a00df5f4c6a514edbfaa985a2cdf0d33b4f76f90a6625b773b7
2087d0750293c6ee9a2bb1b1df55a845f6addb0c6d215092bcd1a4dfcf8abe05
223fc8122a307637f83efd6b57fb96e0daf8795aaa98e431e83064efa65b4da3
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8
257206c4fd6bcee36927eb0ef2ba087b5dfc6c9a18df7f8553878bf847616226
262fcdee1605cfee27fac58bdbc04d8ba97a35337cbea504325e253d0a4400d3
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c5cc47eb8499efe3f4353bc50b38690756e78da21b0e158e14293b39c5ef812
2d10ccf46066bf30af1e2cd7b7f53cf8bc1738c076244616cbf8ec0df3d35cf1
2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3281339820a5692f2b48ccb8cf6e492e74a9e32bff8a45252c67d69e223e77a7
33f4ae201107a9e249e969e5746d06e7aebb6c11a3c8f5d3f27363ddd9ba1159
34167397b080c83e1ff7cd80af112ebfdace48b3d105694b4834fd95c15d249e
36fdf412ea69210410b23cb055a96b28baac1072d4beb9b4237561e7a9233812
37d4dd1da7b54cca0e037199ad20d322f930a64ab589246c5307d36bf917c2b7
37f770cae50011794159525cc18fb5acecb9cc1d1fc4bfe7145c24547ae0ff45
38587d14ecdbee0b173c6773618ab712a02d30f4e8effa50d4ce23dbdafb2cc3
3a3b8f1947675166325e8785c1058e7d8a2a1946f33a67e0fedb5c0b0ec2a16d
3ae5d8b5a2806b811378107313b19f0b05baae4b2bbe85e19e9cd223391a0fe3
3f84897d884f47f9c98b1656962479b41fde99934e6a3abae8128995b7d81f7b
4081306e365ebaa5a82ac37991f041a39b5e20cbd5722b4b7e055a330ad33e02
42de4c706cb11215305adaef950fcc4d1f99bc15b7a40db694279ed9ca2928c1
45439318544880a448bb71da9bf7d24ddb5809e3695d4e497caae0a9d11a3546
459088e27f5b21c4db740ba708ec600a26fccb6c917361bbfeb82c4d1b66961b
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48b2d240737cceb970b7b3ef8b86aef31f321c9d51f0af1fa1f4c68544e5d498
48ea5787f01c0678de86c7861e830f03a3163a2d3a25ddb8fe3b343725dfeabd
49262cbd305b40a32de0c41a27e4a5aafc65927c0b7f0e6163e0e5b3739eab85
4d4094f9b3927a97d1f9f14bad56c02d92b436b6aa1e59bb6cefdf6a17e0ba38
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e255bf15c20710f222ca1d08563a34917faee659bebac5511ccce57a8285b44
4e7f7c480f0363b553d420a831abcff0092184978289c0365641c9f262d8fee6
4eaf8e39bc362427b1ae1a37b25eabad34b53bc421ab2ee053d379c03900beb5
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
50c9201fab5a8a851d4a225b1fdb97338c461b2aaee7357c235f26dfa7126168
5316717f872a3b46022c0c6b37009e1a18df8809a0cd70a58d8c47fd97f9919c
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970
5c3bceacb23c3345b1c2131cb8ebc3ceda1d45d87cbf069f2d93b12ff9d7d9ff
5eb922e5a926ca6554d08b48be54d8c48200c31cf48a6af3f283b2fe87116943
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
6107bf460934843cbde00678d356a436f2dd7c39ec331e8dbb7167e7f3858fc9
6198906618e16d690a96c26c2b84c2f3f1914b5378934bbb0e98571bf7d2ef2a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62c929161d0af43697d1f251fc65b5cea61d58a66b9398d8d49a8ab32b8e6e72
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429
694a59a25435468f569ad2f87c02d04bc53625723a32994a6571b0b471d77d8e
6a2d500d4ac0bba5317698b68c383179098a0ad47879f56de7318ceb37fba68e
6c958b3ea583cf0a2e50ee6ad6e8ef42ddd4b8269d760492fbd6d6dcc956d51d
6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a
6f6264f04d843c514e8b7a830c18a6ac059bf15f500ea1b8d37a619e84e71f85
70da8ace6902ee458fe64deffd6b9a58a0e93b17049535af415f87440de4884f
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
73cfb0ed71e314a835831530e27ba1fde5609b224781f7dbc2dd3eb9a08603cd
75c16579fd59f14a43241315285e57478b808147a85be712021c97f13fe65df4
761ce3cb409f2a9e87e09ed474ef8415f905a1361068e6ac754bb564bcf2258b
7679f0c65271f3c290cefa69c239d2a3c4b9e83acc100e4b324d08cdcf0aa804
7c240e5136546d2b3d80b0f98ce715fadc47f23b1e82514d37bcf826394d10bc
7c4e8b92a244d393b3e5673b98aad9dc00868ba21251c1729c029407faf75fe4
7c5b6397ca47829cc420415b26c0fbf518592591ee01e9c11c7267b96a32f579
7d0bb20c632bb59e81a0885f573bd2173f71f73204de9058feb68ce032227072
7d46496177f660fe1c4d3b3be0361fefa1a4fc87665736441f5234ea8ee9c762
7dbadefa39c27ac54dc4ade56c07b748a73bfeb60fbf5b8a03a2218e1ddf2788
7eec3429c76cb48e5fd457c5afb71b7cf34bc4298d53023bae8aea715443b4a9
81ecd4f7facf042dacdb4deb6c8c0a59c754020f06ca6c4213f9c33643b0d5e7
848024de6bf0935091bf5a92d31838baaaf4ec8712d784d15665adc4f2debbad
84a43419e3e085255002004b535d84e20aa2d78b59d41cb10cb0bdeb4d986e27
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
887bb62bab2d179bce1b0ef1e8c12265f2463e09cce7545b050c8a41e0dd683c
894011cff758a43f1db57b26424ea2befcdc85b25e09c91e139040a22cb10e7f
8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7
8d6af87f2e8ab6ba751d5bda81faf18aed637f3c43f3f5c25acfcdb8dc674a92
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f6bf9a7e788b82399d4b9969016affff0930e98855abf0a2daf1758b7fd74bb
90db7c2929c1f8fa3cb7be282e5c88ce131312749bb86d8eed33f6757e57f772
914cb6fe13efdf97379c1a2910d677144821201ff3f41b67a5a6ddb367e1a27b
92fb9569dc9bbfdd1c4cc92443f58ad7f167ea26698b6cfd2afc27f23557d08f
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5
95a76e1151f7f319451ae1a4e7591644a434072455c8d0c9219653560053e7b7
973c2aee9822dcd6504deaaf2e24275f342ffc6d3c96c355131ca9522781ef38
9ab2aae1e13e9678b5ff7477eb2376325e1793cd3dceeed0b980d6c59522828c
9ac5a7ed180980e32f7784d9aca819bc93d7906f2d17f24070433983b5f4728d
9d97d3bf9fd83935f348bb037fa278239d1ca078e74552836df569896098c16b
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a111847773603814929227bb267257735082f898c9a07c5744abbc3aa73c7702
a19a356741e542145b8c793af8228b24fe2a829d0c23c77c3c104b192c1c45bc
a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a
a2010070baee50d515b9b964f925cbc502059271d6f629152af9e3e70f720cff
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3024b9f4a8863af77a271745a863f6241c1724ba82c88ee694792de008b556a
a3174daf5bb56cb6e90904562be6e3ac33bb80145c7432ef163b75fa7440933c
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a37f6c35c3eb52f46cbad934c7a64d94b9ed1786d8fc9671fe5ca56e114d5554
a44b1d47983a8562bab76664d05f8800b11ee06e0a0a3aaae142ec8c89c0edeb
a4935d49528d0a5a6b2444b81c23246aac70cb7a9a7d64e2da2af33aac28611f
a496b3850a900261527dc99f349035244c8c2c492eccc4a7f7e60114de039692
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a5cb73a960ac02dce94502161217fdb8c0736a3d87383b424cee88541f948a33
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7204fea2539a607b0bfea15733c36ba7d706756144333aae6c16c2094d3ca03
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
adc178fc2c26de13d7fc1c436e99b9ba26303bde50e2f5bb40c238122bb41491
ae5e8b709455fcc6d0c794c6dcdadef5d38438725e865856d35d6a117ce8b525
b29c0b514b41b8d4516d064df803cc2afa876f3b118b70599f794d38188c0ef9
b2b5d3274386876cff4aedd08a1859b29794bca62c235fb7d9ca55e9b6438570
b637638d704015822114b8c9c1f726b106517e106b5fca956dcf4ea3148126ad
b6c3aca21f79e0759296a72df6cf662e446ecab6780298ca52b349dc5760d911
b6dcca3034056688691afb759a5900f22c16648c2f09bbc17b02afbf859d2de6
b808d20a01170f042d1d5dca1f9fced55f903f08d82a7bdc6ab4aefc3c5bb5e5
b835e8ca623c86a08f156d671b513ac680197de8c63aa4b63ff936e20c297a5a
bad8eb282257b8c03cd4d06ee89dbfcb7f49e7e81019c4bc52c20c461f51a1e1
bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776
bf817ee4b2d4e9d98e05e1382d295f8f10fef43770cd4e291d924a5d0afc8cc2
c02ccf4ffd38f6e1602a17e22029a37e1827a19cc5b202d5268c4f9c9336a38d
c30edd1e3fde9c8a555315e8cce5e33027106a88e68a55e43c56c07cc960dced
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c34e73186f6a6a8b0e0482f529be8e90ab6b07d53c01f1ef3a28e413fa85e579
c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b
ca7a013acd7bc1d7d1af8726274c7c9248318846ac1eed864faf22656ba4d6f3
cb9e7539afdf5b96eccf097a28a406f593159775c07d4f0b028c09db443c1ce7
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cc96316279ecefc83cf5e0bb54101accebdffbc3c22bedfe2f0a73f1ed5e1c75
ce8b0ce00b853304b4500a3e0273c2ee8123ec998d9ea4bc1a2b3e97c573b61f
ce963f2d47c360c2932938a9a9b6292c4dd9f093921138500d0e23e5276eb9ea
cf0cadd9ad85c8bc7ae0828e8892d5e7bedf0e1199447fe8171f7f5a6aecdb5c
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d225651df623bee46a4329534d4b7c71d743780b59cb9cd8e8e5eba315e7d350
d8056ed4e882c666568970242dabfeed4f2a11aa04be86649a35bcebf03a9604
d961a31d3d2fdb93a35a4024f9878b2ed896cd86a084ceb8df6af3bc53e29125
d9788f957a0264a11cf4beeac5436e49aa2b908d80c60bcf6681a4e4e8113318
dd9ff4bfbcdd3096c997eb5ae460fe3552bb9d996abbebb5a2593b8ea4f47bea
de092bee981aade8e5bedc65b9f6e38c9a0b7db53e554f12a036f067b86fff41
df3f86e8cb9abbc7c08d77f3d0b9a74eb950a97edd59710f2020e8b1b2e7a241
e0bd9a0af247ad557033faa1be6b8215f90f28b5df15739fe0b83fae77c06a38
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e13491499f5b076127246b7d73d8a4e086307134f138d0bf66655bd26eacc7a0
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e2d3127da85763e024971c6192f78becbdf85db231b3d088c9f8b3777d444ede
e368a5ea479482b10942ac45973ff029129ee61a68d5978fbb712dfe9cf20276
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4af8ac906d289fc87fe9487ad2166b780e116f1df1dee465cb1622a4e267fbd
e6347309453f94375e038094fca0441218e992441dfb54ed0fbc4a047d45db22
e9d3165c73a7f6243cdf07498cf37514d3128c1de540fa02d8a6d6c5fdf09db1
ea856676b0f04e12819084e4d274a9dd202200a8c6857003228bd41b3c2720b4
eb71fa34962dd68703df6691338fa645cf32299171e17c74be69c55812efbe3c
ed0791d2019df55609fed92dbd4d8ecef07c3e556aca283d7a8e1aabdfbdfef4
ed519baf5b4535aa992b2de6d1d53b426d06613bc20f732052ac0ec1fc25d6e7
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efcee9d3f82c2b9cbf6c497e12b27c556e2bdc49026616db16bfdce419f90af9
f21d87c10fd5940b334a21b0ca3367f6edd187a6ecc9ad948b4f6f98b48a8517
f4241710e57486ad91102e31823e855469608e1aea362f1f0e059609c9eb9a56
f479e238230ab4cbe95bfa44e8efa6d8e7a23bcf28689f64b72052bf2f007094
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f7330b40ff0067c6e75d8834e0490be261d6ee337d2834e0eb3113dd7690d6df
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
f8f2b389514a4b3a7890080628385477f284769b09be4a00b756dda6edebbbc5
f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47
f9d46ca57e0b35c07ed7c77f780f2c4dc9076c6aec6cf4a7a2c3c28ea5ff8fdd
fa451e7067e9c2bbd291584af66e0a13ab66f8d5eacaee3814743cf51c1c3493
fe2a786688a7d8c70df7534b830d796676343d748fbd7bce04015df920728167
fe65e8f74381d5afc5a63c298f62b26c4b68531e9e2792e6fa63f4af24842596
feb53de7103cfe17c2e2a4468dfd1c7c54250b52f433f033b16f1dc89e4d5de5
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

www.heralddemocrat.com Open in urlscan Pro 66.148.122.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

233 Requests

97 %HTTPS

55 %IPv6

39 Domains

63 Subdomains

57 IPs

5 Countries

4795 kBTransfer

11121 kBSize

23 Cookies

20 Outgoing links

Page URL History

Redirected requests

233 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.heralddemocrat.com Open in urlscan Pro
66.148.122.12 Public Scan

Screenshot
Live screenshot

Full Image

233
Requests

97 %
HTTPS

55 %
IPv6

39
Domains

63
Subdomains

57
IPs

5
Countries

4795 kB
Transfer

11121 kB
Size

23
Cookies

233 HTTP transactions
6 data transactions